OWA issue on single machine, 401.2 errors in IIS

We have Exchange 2003 w\ SP2 running on Server 2003 SP2, single server environment.
We have 70+ users that can use OWA, all of them work (afaik).
On one laptop running XP SP2 & IE8 we cannot get logged into OWA no matter what user account we try, also it doesn't matter whether we try to access explicitly or implicitly (specifying user @ end of URL). Both Firefox AND IE fail to login, additionally IE7 did the same before upgrading to IE8. This happens both inside the corporate network local to the exchange server and externally.

In the IIS6 logs on the server i get the following line:
2009-05-19 15:34:51 W3SVC1 <SERVERNAMEHERE> 10.1.1.1 GET /exchange/ - 80 - 10.1.1.26 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) - - <VIRTUALSERVERURLHERE> 401 2 2148074254 345 226 187

I've looked up IIS 401.2 and it comes back as an authentication error, however this user has all the rights they need. And as i elluded to above they CAN login to OWA from other machines.

This laptop is a nondomain personal pc, and has had spyware/malware (vundo.h) issues before. However i believe it to be clean at this time, a full mbam comes back clean. One issue we had at that time was that it kept configuring proxy server settings which would kill internet access. I've read that proxy server settings can cause IIS to return a 401.2, however at this time they do not appear to be set and HiJackThis doesnt list any Proxy Server settings.

I found a guide on how to return OWAs IIS directory authentication back to default state by deleting and recreating and i've done so, with no luck.

On other machines, that arent using automatic domain login of course, the login box pops up immediately. On this laptop the login box takes upto 2 minutes to come up, then once credentials are submitted it takes another two minutes to timeout.

So i guess i've got something corrupt in the OS, possibly relating to Integrated Windows Auth or maybe Proxy Server crap left over? I really dont want to have to format this laptop.

Any ideas here?



itknightAsked:
Who is Participating?
 
grandebobCommented:
You can try reinstalling IE. My suspicion is that part of IE got messed up while being infected or being cleaned. Hopefully it's not something the spyware has destroyed at the OS level.

I feel your pain on the "It's the owner's machine." You've found yourself firmly wedged into a Layer 8 problem (the Political layer) I would try to explain to him (or her) that once a machine is compromised, the only way to make sure it's safe again is a reformat.
0
 
grandebobCommented:
If the user can log on other pc's using OWA, don't mess with the server.

Check the PC's host file, see if spyware has messed it up. Personally, I would wipe the computer, or since it's a personal computer, have the owner wipe it, or take it some where to get wiped. I would under no circumstances hook a users personal PC up to my corprate network.
0
 
itknightAuthor Commented:
Ya the PC's host file is blank except localhost.
And ya the server & user account is obviously fine, its just the laptop having the issue.

I get what you are saying about personal PCs on the corporate network. Typically it is used outside the network, but it doesnt matter cause the problem exists either way. I really really dont want to have to format this PC. Its one of the Owner's, you know how that can go. Plus everything else seems to be working good again now, just cant figure out this last problem.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
itknightAuthor Commented:
Ya i've tried reinstalling IE7 (along with updates and the malicious software removal tool), but that didnt help at all. After reinstalling IE7 with no luck, i tried IE8 AND FireFox 3 also with no luck.

I fear as you mentioned that corruption has set in at the OS level. But i think its isloated to this one issue.

Is there a good way to make sure all proxy server settings are gone? I;ve looked in IE of course and HiJackThis doesnt list any proxies.

Is there any way to verify that NTLM/Integrated Windows Auth is working correctly as it pertains to OWA? I know that this laptop CAN login to sharepoint that is hosted on the same server, if that helps any...

Any other ideas?
0
 
DiabloPubsCommented:
This may be a dumb question but have you tried using IE's "Reset Internet Explorer settings" tool?  You can find it in Tools, Internet Options, Advanced tab.
0
 
grandebobCommented:
NTLM/Integrated Auth should not matter, since you are providing credentials to the site via the OWA page (assuming you are using forms based authentication). I would trust Hijack this in saying you have no proxies set. You are getting to your server, since you see the 402.1 errors in the logs.

If you are not using forms based authentication, I would recomend doing so. It makes sure the credentials are transfered via SSL. if you don't use Forms Based Authentication, you could be transmitting windows passwords across the internet in plain text.
0
 
itknightAuthor Commented:
I've tried the Reset Internet Explorer Settings, with no luck.

No we aren't using forms based authentication, i can try using that to see if it works on this one machine. But if that does work it still doesn't really tell me why this one particular PC cant login with the current server configuration when it seems all others work fine. I know all the domain PCs plus alot of other employee's personal home computers are able to login to OWA just fine, its just this one.

I've also run sfc /scannow, but it didnt return anything.

Is a repair install the next step?


0
 
itknightAuthor Commented:
Ok, so i fixed this by doing a repair install. Not sure what the problem was exactly obviously, but all works fine now. Thanks for all the help.
0
 
grandebobCommented:
Please award points.
0
 
itknightAuthor Commented:
Thanks again for all the help, the solution i took ended up being a standard repair install (as i posted). While grandebob offered lots of suggestions, he didnt mention that one (i feel like i'm splitting hairs here tho, i mean the guy did offer good accurate troubleshooting). But nevertheless as requested i have awarded points.
0
 
grandebobCommented:
Thanks for the points/update. EE gives the ability to split points among multiple answers, and award a grade based on the quality of the answer.

Glad things worked out for you, cheers.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.