Subdomain Users Unable to Log into OWA after parent domain Administrator Password Change.

I have a single Exchange 2003 server.

company.local (NETBIOS--DOMAIN) subdomain.company.local (NETBIOS--SUBDOMAIN).

My network admin was recently laid off so I changed Administrator password for DOMAIN and SUBDOMAIN. Since the change users that log into SUBDOMAIN are unable to log into OWA.

The user are using the form SUBDOMAIN\username and entering their domain password which worked prior to the password change. Error Message: You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again.

Users who log into the parent domain are able to logon using DOMAIN\username.
wfwalshiiiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NpatangCommented:
try running the domain prep in the child doamin, that shokd fix the issue
0
XCHExpertCommented:
Run the command from your subdomain
From Exchange Setup CD drive, from command prompt or from Start-Run

setup.exe /domainprep
0
wfwalshiiiAuthor Commented:
OK - I ran Domain prep on the server that controls the child domain. No change.

Do I need to restart Exchange services and/or IIS?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

NpatangCommented:
try restarting the system Attndant service
0
wfwalshiiiAuthor Commented:
OK I have restarted System Attendant Service and IIS. Still no change.
0
NpatangCommented:
try the replication between teh Parent DC and chid DC
0
wfwalshiiiAuthor Commented:
Thank you.

I forced replication. Restarted IIS & System Attendant. Still no change.

0
SubsunCommented:
Is the Child domain users able to access OWA http://exchangeserver/exchange
Also try with http://frontendserver/exchange
Check the front end server event logs and paste relevant error logs.
Check if the name resolution for child domain is ok from front end servers using nslookup.
0
wfwalshiiiAuthor Commented:
Accessiblity is not an issue. It's when they attempt to log in...from anywhere. They receive this Error Message: You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again.
0
wfwalshiiiAuthor Commented:
NSLookup finds child domain and resolves the address correctly.

This is a single server setup - no frontend/backend server.
0
NpatangCommented:
Try createing the test user and then try with that also if possible send us the IIS logs from exchange server
0
SubsunCommented:
Any error logs in application logs?
0
wfwalshiiiAuthor Commented:
npatang: Created test user. Can login, set up Outlook (03), and send & receive. Cannot log into OWA.

I don't see any IIS Events in the application log. I am I looking in the right spot?
0
NpatangCommented:
on the exchange server go to RUN > IIS logs > W2SVC1> Click on the logs with the latest dates and you will get it..

But did you try reoccurring the issue today or else that will not show up in the log files
0
wfwalshiiiAuthor Commented:
I just tried toggling Forms Based Authentication. With FBA off, subdomain users can log on. With FBA enabled, they cannot. Maybe that will narrow the problem down?
0
NpatangCommented:
are you putting the same crdential which you were putting the FBA?
0
wfwalshiiiAuthor Commented:
Exactly the same: subdomain\testuser and the password
0
NpatangCommented:
Only thiing I can think of is If I can see anything in IIS logs.. If you upload that.. Try doing IIS reset and enable the FBA and check again
0
wfwalshiiiAuthor Commented:
OK. Here's the last 5 minutes of log.
ex090711.log
0
NpatangCommented:
These are not showing anything, not much data.. get me the yesterday's log.. or you can try reoccurring the issue and then stop and start the default website and then try sending the latest logs again
0
wfwalshiiiAuthor Commented:
OK. This log is every detailing the following steps.

I stopped IIS. Renamed log file so it would create a new one.
Started IIS.
FBA is off.
I logged on succesfully using subdomain\testuser.
Logged back off

On exchange, I enabled FBA. Did iisreset.

Tried to logging onto OWA as subdomain\testuser. Failed.

On exchange, I disabled FBA. Did iisreset.
Tried to log onto OWA as subdomain\testuser. Succeeded.

Took a copy of the log to post here.
ex090711.log
0
wfwalshiiiAuthor Commented:
Npatang, thank you for taking all this time to work with me on a Saturday. I appreciate it!
0
NpatangCommented:
Most welcom sir . I am checking on your file itself
0
NpatangCommented:
on your exchange server go to 'c:\program Files\exchsrvr\exchweb\bin\suth"  You will find 2 files OWaauth.dll  and owalogon.asp .
try checking the permission of both thefiles and make sure that we have Authenticated useres added to it.
If not add them and make sure we give all the read permission to them .....
Do Isreset enable the fba and try logging in
0
wfwalshiiiAuthor Commented:
Authenticated Users was already there with the following permissions enabled: Read & Execute, Read
0
NpatangCommented:
See is Iuser account is located Local user group? If no move to Local user group do IIS reset and login.
If yes try moving the iuser account to local administrator group .. do the iisreset and try login .. let me know both the results ..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wfwalshiiiAuthor Commented:
I put IUSR_EXCHANGE into local Users group. Did iisreset. No change.
Then I put IUSR_EXCHANGE into local Administrators group. Did iisreset. No change.
0
NpatangCommented:
What certficate you are using on the server ?
0
wfwalshiiiAuthor Commented:
Certificate purchased from Godaddy.com
0
NpatangCommented:
try scheduling the reboot of server .. see if that fixs it ... Coming to the exact solution is hard ...
0
wfwalshiiiAuthor Commented:
Thank you Npatang! I think the solution was putting iusr_exchange in the Local Users & Administrators groups. It didn't take effect until after the reboot, however.
0
wfwalshiiiAuthor Commented:
I removed IUSR_EXCHANGE from the local Administrators group, rebooted and it still works.
0
NpatangCommented:
well thats seems intresting .. anyways so far irt sworking you so well and good ..
Actually some permisisons issues has reset I think
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.