CWA 401.2 Error

Posted on 2009-07-09
Medium Priority
Last Modified: 2013-11-29
When I attempt to access the CWA URL I'm presented with the following
HTTP Error 401.2 - Unauthorized: Access is denied due to server
Internet Information Services (IIS)

I have gone through the removal and re-installation of the
Communicator Web Access role multiple times and the issue persists.
The system is a 64-bit Windows 2003 server dedicated to the CWA role;
no other OCS roles are running on this system.  Doing some
troubleshooting I've discovered that if I add the default DOMAIN
\CWAService account to the local Administrators group CWA renders
without an issue and I'm able to log into it without issue.  It is
only when DOMAIN\CWAService is a standard user, which I believe is the
default, is when the issue happens.  This points me in the direction
of a security / permissions issue, but where?

I'm not seeing any events in the event log that would indicate any
type of issue loading the cwaauth.dll ISAPI filter nor am I seeing
anything regarding permission failure.  Running filemon and regmon I
don't see any type of access denied errors.  I'm at a loss as to what
is causing this.  This is a fresh intall of OCS within an Exchange
2007 environment.  Any assistance would be much appreciated.  I don't
really want to run CWA as a local administrator to get this to work.

It should be noted that this is OCS R2.

Question by:TMCgroup
LVL 10

Expert Comment

ID: 24903049
IIS 401.2 is pure authentication issue only. Check the authentication mode in IIS 6.0

Reason may be 1 : The service that is used for the IIS application pools on the CWA server was not a member of the RTCUniversalServerAdmins group, which in turn is a member of the local CWA server Administrators group.


Accepted Solution

TMCgroup earned 0 total points
ID: 26054354
We ended up having to move this to IIS 7 with no resolution on IIS 6.0 after multiple efforts working with MS.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

After having deployed hundreds of thousands of Terminal Services seats worldwide, I still see all the time people asking me that same old question: "If TS/RDS is that reliable why are you telling me I should reboot it that often? My DC/SQL/Exchange/…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
If you are looking for an automated tool which can generate reports for Outlook emails and other items from PST file, then you can go for Kernel PST Reporter tool. The reports which are created by this tool are helpful to analyze and understand PST …
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…
Suggested Courses

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question