Solved

Subdomain Users Unable to Log into OWA after parent domain Administrator Password Change.

Posted on 2009-07-10
33
1,052 Views
Last Modified: 2012-05-07
I have a single Exchange 2003 server.

company.local (NETBIOS--DOMAIN) subdomain.company.local (NETBIOS--SUBDOMAIN).

My network admin was recently laid off so I changed Administrator password for DOMAIN and SUBDOMAIN. Since the change users that log into SUBDOMAIN are unable to log into OWA.

The user are using the form SUBDOMAIN\username and entering their domain password which worked prior to the password change. Error Message: You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again.

Users who log into the parent domain are able to logon using DOMAIN\username.
0
Comment
Question by:wfwalshiii
  • 16
  • 14
  • 2
  • +1
33 Comments
 
LVL 8

Expert Comment

by:Npatang
ID: 24825916
try running the domain prep in the child doamin, that shokd fix the issue
0
 
LVL 8

Expert Comment

by:XCHExpert
ID: 24826066
Run the command from your subdomain
From Exchange Setup CD drive, from command prompt or from Start-Run

setup.exe /domainprep
0
 

Author Comment

by:wfwalshiii
ID: 24826172
OK - I ran Domain prep on the server that controls the child domain. No change.

Do I need to restart Exchange services and/or IIS?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 8

Expert Comment

by:Npatang
ID: 24826180
try restarting the system Attndant service
0
 

Author Comment

by:wfwalshiii
ID: 24826255
OK I have restarted System Attendant Service and IIS. Still no change.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24826352
try the replication between teh Parent DC and chid DC
0
 

Author Comment

by:wfwalshiii
ID: 24826566
Thank you.

I forced replication. Restarted IIS & System Attendant. Still no change.

0
 
LVL 40

Expert Comment

by:Subsun
ID: 24826696
Is the Child domain users able to access OWA http://exchangeserver/exchange
Also try with http://frontendserver/exchange
Check the front end server event logs and paste relevant error logs.
Check if the name resolution for child domain is ok from front end servers using nslookup.
0
 

Author Comment

by:wfwalshiii
ID: 24826711
Accessiblity is not an issue. It's when they attempt to log in...from anywhere. They receive this Error Message: You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again.
0
 

Author Comment

by:wfwalshiii
ID: 24826727
NSLookup finds child domain and resolves the address correctly.

This is a single server setup - no frontend/backend server.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24826743
Try createing the test user and then try with that also if possible send us the IIS logs from exchange server
0
 
LVL 40

Expert Comment

by:Subsun
ID: 24826744
Any error logs in application logs?
0
 

Author Comment

by:wfwalshiii
ID: 24830532
npatang: Created test user. Can login, set up Outlook (03), and send & receive. Cannot log into OWA.

I don't see any IIS Events in the application log. I am I looking in the right spot?
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24830548
on the exchange server go to RUN > IIS logs > W2SVC1> Click on the logs with the latest dates and you will get it..

But did you try reoccurring the issue today or else that will not show up in the log files
0
 

Author Comment

by:wfwalshiii
ID: 24830723
I just tried toggling Forms Based Authentication. With FBA off, subdomain users can log on. With FBA enabled, they cannot. Maybe that will narrow the problem down?
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24830740
are you putting the same crdential which you were putting the FBA?
0
 

Author Comment

by:wfwalshiii
ID: 24830758
Exactly the same: subdomain\testuser and the password
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24830772
Only thiing I can think of is If I can see anything in IIS logs.. If you upload that.. Try doing IIS reset and enable the FBA and check again
0
 

Author Comment

by:wfwalshiii
ID: 24830828
OK. Here's the last 5 minutes of log.
ex090711.log
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24830870
These are not showing anything, not much data.. get me the yesterday's log.. or you can try reoccurring the issue and then stop and start the default website and then try sending the latest logs again
0
 

Author Comment

by:wfwalshiii
ID: 24830972
OK. This log is every detailing the following steps.

I stopped IIS. Renamed log file so it would create a new one.
Started IIS.
FBA is off.
I logged on succesfully using subdomain\testuser.
Logged back off

On exchange, I enabled FBA. Did iisreset.

Tried to logging onto OWA as subdomain\testuser. Failed.

On exchange, I disabled FBA. Did iisreset.
Tried to log onto OWA as subdomain\testuser. Succeeded.

Took a copy of the log to post here.
ex090711.log
0
 

Author Comment

by:wfwalshiii
ID: 24830996
Npatang, thank you for taking all this time to work with me on a Saturday. I appreciate it!
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24831000
Most welcom sir . I am checking on your file itself
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24831043
on your exchange server go to 'c:\program Files\exchsrvr\exchweb\bin\suth"  You will find 2 files OWaauth.dll  and owalogon.asp .
try checking the permission of both thefiles and make sure that we have Authenticated useres added to it.
If not add them and make sure we give all the read permission to them .....
Do Isreset enable the fba and try logging in
0
 

Author Comment

by:wfwalshiii
ID: 24831123
Authenticated Users was already there with the following permissions enabled: Read & Execute, Read
0
 
LVL 8

Accepted Solution

by:
Npatang earned 500 total points
ID: 24831134
See is Iuser account is located Local user group? If no move to Local user group do IIS reset and login.
If yes try moving the iuser account to local administrator group .. do the iisreset and try login .. let me know both the results ..
0
 

Author Comment

by:wfwalshiii
ID: 24831155
I put IUSR_EXCHANGE into local Users group. Did iisreset. No change.
Then I put IUSR_EXCHANGE into local Administrators group. Did iisreset. No change.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24831204
What certficate you are using on the server ?
0
 

Author Comment

by:wfwalshiii
ID: 24831234
Certificate purchased from Godaddy.com
0
 
LVL 8

Assisted Solution

by:Npatang
Npatang earned 500 total points
ID: 24831246
try scheduling the reboot of server .. see if that fixs it ... Coming to the exact solution is hard ...
0
 

Author Comment

by:wfwalshiii
ID: 24831488
Thank you Npatang! I think the solution was putting iusr_exchange in the Local Users & Administrators groups. It didn't take effect until after the reboot, however.
0
 

Author Comment

by:wfwalshiii
ID: 24831570
I removed IUSR_EXCHANGE from the local Administrators group, rebooted and it still works.
0
 
LVL 8

Expert Comment

by:Npatang
ID: 24831585
well thats seems intresting .. anyways so far irt sworking you so well and good ..
Actually some permisisons issues has reset I think
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question