Solved

OWA issue on single machine, 401.2 errors in IIS

Posted on 2009-05-19
12
998 Views
Last Modified: 2013-12-08
We have Exchange 2003 w\ SP2 running on Server 2003 SP2, single server environment.
We have 70+ users that can use OWA, all of them work (afaik).
On one laptop running XP SP2 & IE8 we cannot get logged into OWA no matter what user account we try, also it doesn't matter whether we try to access explicitly or implicitly (specifying user @ end of URL). Both Firefox AND IE fail to login, additionally IE7 did the same before upgrading to IE8. This happens both inside the corporate network local to the exchange server and externally.

In the IIS6 logs on the server i get the following line:
2009-05-19 15:34:51 W3SVC1 <SERVERNAMEHERE> 10.1.1.1 GET /exchange/ - 80 - 10.1.1.26 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) - - <VIRTUALSERVERURLHERE> 401 2 2148074254 345 226 187

I've looked up IIS 401.2 and it comes back as an authentication error, however this user has all the rights they need. And as i elluded to above they CAN login to OWA from other machines.

This laptop is a nondomain personal pc, and has had spyware/malware (vundo.h) issues before. However i believe it to be clean at this time, a full mbam comes back clean. One issue we had at that time was that it kept configuring proxy server settings which would kill internet access. I've read that proxy server settings can cause IIS to return a 401.2, however at this time they do not appear to be set and HiJackThis doesnt list any Proxy Server settings.

I found a guide on how to return OWAs IIS directory authentication back to default state by deleting and recreating and i've done so, with no luck.

On other machines, that arent using automatic domain login of course, the login box pops up immediately. On this laptop the login box takes upto 2 minutes to come up, then once credentials are submitted it takes another two minutes to timeout.

So i guess i've got something corrupt in the OS, possibly relating to Integrated Windows Auth or maybe Proxy Server crap left over? I really dont want to have to format this laptop.

Any ideas here?



0
Comment
Question by:itknight
  • 5
  • 5
12 Comments
 
LVL 6

Expert Comment

by:grandebob
ID: 24424733
If the user can log on other pc's using OWA, don't mess with the server.

Check the PC's host file, see if spyware has messed it up. Personally, I would wipe the computer, or since it's a personal computer, have the owner wipe it, or take it some where to get wiped. I would under no circumstances hook a users personal PC up to my corprate network.
0
 

Author Comment

by:itknight
ID: 24424790
Ya the PC's host file is blank except localhost.
And ya the server & user account is obviously fine, its just the laptop having the issue.

I get what you are saying about personal PCs on the corporate network. Typically it is used outside the network, but it doesnt matter cause the problem exists either way. I really really dont want to have to format this PC. Its one of the Owner's, you know how that can go. Plus everything else seems to be working good again now, just cant figure out this last problem.
0
 
LVL 6

Accepted Solution

by:
grandebob earned 500 total points
ID: 24425060
You can try reinstalling IE. My suspicion is that part of IE got messed up while being infected or being cleaned. Hopefully it's not something the spyware has destroyed at the OS level.

I feel your pain on the "It's the owner's machine." You've found yourself firmly wedged into a Layer 8 problem (the Political layer) I would try to explain to him (or her) that once a machine is compromised, the only way to make sure it's safe again is a reformat.
0
 

Author Comment

by:itknight
ID: 24425189
Ya i've tried reinstalling IE7 (along with updates and the malicious software removal tool), but that didnt help at all. After reinstalling IE7 with no luck, i tried IE8 AND FireFox 3 also with no luck.

I fear as you mentioned that corruption has set in at the OS level. But i think its isloated to this one issue.

Is there a good way to make sure all proxy server settings are gone? I;ve looked in IE of course and HiJackThis doesnt list any proxies.

Is there any way to verify that NTLM/Integrated Windows Auth is working correctly as it pertains to OWA? I know that this laptop CAN login to sharepoint that is hosted on the same server, if that helps any...

Any other ideas?
0
 
LVL 1

Expert Comment

by:DiabloPubs
ID: 24425267
This may be a dumb question but have you tried using IE's "Reset Internet Explorer settings" tool?  You can find it in Tools, Internet Options, Advanced tab.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 6

Assisted Solution

by:grandebob
grandebob earned 500 total points
ID: 24425277
NTLM/Integrated Auth should not matter, since you are providing credentials to the site via the OWA page (assuming you are using forms based authentication). I would trust Hijack this in saying you have no proxies set. You are getting to your server, since you see the 402.1 errors in the logs.

If you are not using forms based authentication, I would recomend doing so. It makes sure the credentials are transfered via SSL. if you don't use Forms Based Authentication, you could be transmitting windows passwords across the internet in plain text.
0
 

Author Comment

by:itknight
ID: 24428263
I've tried the Reset Internet Explorer Settings, with no luck.

No we aren't using forms based authentication, i can try using that to see if it works on this one machine. But if that does work it still doesn't really tell me why this one particular PC cant login with the current server configuration when it seems all others work fine. I know all the domain PCs plus alot of other employee's personal home computers are able to login to OWA just fine, its just this one.

I've also run sfc /scannow, but it didnt return anything.

Is a repair install the next step?


0
 

Author Comment

by:itknight
ID: 24479385
Ok, so i fixed this by doing a repair install. Not sure what the problem was exactly obviously, but all works fine now. Thanks for all the help.
0
 
LVL 6

Expert Comment

by:grandebob
ID: 24483667
Please award points.
0
 

Author Closing Comment

by:itknight
ID: 31583141
Thanks again for all the help, the solution i took ended up being a standard repair install (as i posted). While grandebob offered lots of suggestions, he didnt mention that one (i feel like i'm splitting hairs here tho, i mean the guy did offer good accurate troubleshooting). But nevertheless as requested i have awarded points.
0
 
LVL 6

Expert Comment

by:grandebob
ID: 24486656
Thanks for the points/update. EE gives the ability to split points among multiple answers, and award a grade based on the quality of the answer.

Glad things worked out for you, cheers.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now