We help IT Professionals succeed at work.

Subdomain Users Unable to Log into OWA after parent domain Administrator Password Change.

wfwalshiii
wfwalshiii asked
on
Medium Priority
1,334 Views
Last Modified: 2012-05-07
I have a single Exchange 2003 server.

company.local (NETBIOS--DOMAIN) subdomain.company.local (NETBIOS--SUBDOMAIN).

My network admin was recently laid off so I changed Administrator password for DOMAIN and SUBDOMAIN. Since the change users that log into SUBDOMAIN are unable to log into OWA.

The user are using the form SUBDOMAIN\username and entering their domain password which worked prior to the password change. Error Message: You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again.

Users who log into the parent domain are able to logon using DOMAIN\username.
Comment
Watch Question

Commented:
try running the domain prep in the child doamin, that shokd fix the issue
Run the command from your subdomain
From Exchange Setup CD drive, from command prompt or from Start-Run

setup.exe /domainprep

Author

Commented:
OK - I ran Domain prep on the server that controls the child domain. No change.

Do I need to restart Exchange services and/or IIS?

Commented:
try restarting the system Attndant service

Author

Commented:
OK I have restarted System Attendant Service and IIS. Still no change.

Commented:
try the replication between teh Parent DC and chid DC

Author

Commented:
Thank you.

I forced replication. Restarted IIS & System Attendant. Still no change.

Subash SundharanIT Infrastructure Architect
CERTIFIED EXPERT

Commented:
Is the Child domain users able to access OWA http://exchangeserver/exchange
Also try with http://frontendserver/exchange
Check the front end server event logs and paste relevant error logs.
Check if the name resolution for child domain is ok from front end servers using nslookup.

Author

Commented:
Accessiblity is not an issue. It's when they attempt to log in...from anywhere. They receive this Error Message: You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again.

Author

Commented:
NSLookup finds child domain and resolves the address correctly.

This is a single server setup - no frontend/backend server.

Commented:
Try createing the test user and then try with that also if possible send us the IIS logs from exchange server
Subash SundharanIT Infrastructure Architect
CERTIFIED EXPERT

Commented:
Any error logs in application logs?

Author

Commented:
npatang: Created test user. Can login, set up Outlook (03), and send & receive. Cannot log into OWA.

I don't see any IIS Events in the application log. I am I looking in the right spot?

Commented:
on the exchange server go to RUN > IIS logs > W2SVC1> Click on the logs with the latest dates and you will get it..

But did you try reoccurring the issue today or else that will not show up in the log files

Author

Commented:
I just tried toggling Forms Based Authentication. With FBA off, subdomain users can log on. With FBA enabled, they cannot. Maybe that will narrow the problem down?

Commented:
are you putting the same crdential which you were putting the FBA?

Author

Commented:
Exactly the same: subdomain\testuser and the password

Commented:
Only thiing I can think of is If I can see anything in IIS logs.. If you upload that.. Try doing IIS reset and enable the FBA and check again

Author

Commented:
OK. Here's the last 5 minutes of log.
ex090711.log

Commented:
These are not showing anything, not much data.. get me the yesterday's log.. or you can try reoccurring the issue and then stop and start the default website and then try sending the latest logs again

Author

Commented:
OK. This log is every detailing the following steps.

I stopped IIS. Renamed log file so it would create a new one.
Started IIS.
FBA is off.
I logged on succesfully using subdomain\testuser.
Logged back off

On exchange, I enabled FBA. Did iisreset.

Tried to logging onto OWA as subdomain\testuser. Failed.

On exchange, I disabled FBA. Did iisreset.
Tried to log onto OWA as subdomain\testuser. Succeeded.

Took a copy of the log to post here.
ex090711.log

Author

Commented:
Npatang, thank you for taking all this time to work with me on a Saturday. I appreciate it!

Commented:
Most welcom sir . I am checking on your file itself

Commented:
on your exchange server go to 'c:\program Files\exchsrvr\exchweb\bin\suth"  You will find 2 files OWaauth.dll  and owalogon.asp .
try checking the permission of both thefiles and make sure that we have Authenticated useres added to it.
If not add them and make sure we give all the read permission to them .....
Do Isreset enable the fba and try logging in

Author

Commented:
Authenticated Users was already there with the following permissions enabled: Read & Execute, Read
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I put IUSR_EXCHANGE into local Users group. Did iisreset. No change.
Then I put IUSR_EXCHANGE into local Administrators group. Did iisreset. No change.

Commented:
What certficate you are using on the server ?

Author

Commented:
Certificate purchased from Godaddy.com
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you Npatang! I think the solution was putting iusr_exchange in the Local Users & Administrators groups. It didn't take effect until after the reboot, however.

Author

Commented:
I removed IUSR_EXCHANGE from the local Administrators group, rebooted and it still works.

Commented:
well thats seems intresting .. anyways so far irt sworking you so well and good ..
Actually some permisisons issues has reset I think
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.