OWA HTTP/1.1 403 Forbidden in Exchange 2003

We are using Exchange 2003.  OWA was working fine last week and for the previous 6 months.  Today OWA doesn't work.  When we try to login as any user except for Administrator we get HTTP/1.1 403 Forbidden.

I tried the following already.
- http://support.microsoft.com/kb/883380
- Checked form based authentication
- Allow ASP to run.
- Checked all the security in IIS
- Installed latest Windows Updates
- Tried with Firefox and Internet Explorer.
RosspopeAsked:
Who is Participating?
 
Glen KnightCommented:
How did the reconnect go?
0
 
Glen KnightCommented:
Have you restarted IIS when you have made all the changes?
0
 
RosspopeAuthor Commented:
yes
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Glen KnightCommented:
0
 
RosspopeAuthor Commented:
Demazter -->  We are not getting the OWA 2003 Error Message when trying to access FreeDocs.  We are getting it when we try to login to webmail (OWA)
0
 
Glen KnightCommented:
sorry my mistake!
I thought that was an OWA document.

Check the IIS Permissions and the filesystem folder permissions, this is what normally causes what you are seeing (document I meant to link to earlier): http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html
0
 
RosspopeAuthor Commented:
I reset the metabase.xml file already in my link above.  I used method 3.
I also checked the security in IIS.


0
 
Glen KnightCommented:
It's definately a permission issue, download the Exchange Best Practice analyzer and see what that brings back, post the results.
0
 
RosspopeAuthor Commented:
Server: MAIL  
 
  'SystemPages' set too high Server: MAIL
 The 'SystemPages' value is set too high on server mail.moosecree.com and may cause instability. Current value: 798720.
  Tell me more about this issue and how to resolve it.  
 
  'HeapDeCommitFreeBlockThreshold' not set Server: MAIL
 Server mail.moosecree.com has 1 GB or more of memory, accommodates 111 mailboxes, and the 'HeapDeCommitFreeBlockThreshold' parameter has not been set to 262144. Virtual memory may become quickly fragmented and system instability may occur.
  Tell me more about this issue and how to resolve it.  
 
  Paging file larger than Physical Memory Server: MAIL
 The space for the paging file (4092) is larger than the physical memory (3582). This may affect the system performance. It is recommended to have paging file size equal to the physical memory.
  Tell me more about this issue and how to resolve it.  
 
0
 
Glen KnightCommented:
If you have confirmed the IIS permissions then it must ne file system permissions, can you try this solution?

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_23246543.html
0
 
RosspopeAuthor Commented:
I created a new test user and I can login fine with that user.  

For the users that can no longer login.  In their user properties --> Exchange Features are set to "Enabled" for Outlook Web Access.
0
 
Glen KnightCommented:
Can you try disabling web access for one user then re-enabling it?
0
 
RosspopeAuthor Commented:
Demazter --> I looked at the article that you sent.  Basically they want me to set the permissions on davex.dll to allow authenticated users to modify and write.

All of my other Exchange server do not need this in order to work correctly.
0
 
Glen KnightCommented:
Also try in active directory users and computer under view select advanced features.

Then fund a user that's not working, right click select properties, security tab, click advanced and check the box to allow inheritance click apply.

Test that user again
0
 
RosspopeAuthor Commented:
Just tried to disable it and re-enable.  No luck
0
 
RosspopeAuthor Commented:
Allow inheritance already enabled.
0
 
RosspopeAuthor Commented:
Ok I am able to login as other users.  There is only the one account that I can't login with.
0
 
Glen KnightCommented:
Can you compare the permissions in the security tab with the new user you have just created?
0
 
Glen KnightCommented:
What's special about that user?
Is it a member of the same groups as the other users?

0
 
Glen KnightCommented:
Have you restricted the computers that user can logon to?
If so have you included the exchange server?
0
 
RosspopeAuthor Commented:
Security tab in AD user properties are the same
0
 
Glen KnightCommented:
Also if you move the mailbox to a different server can you access it?
0
 
RosspopeAuthor Commented:
Single server environment.
0
 
RosspopeAuthor Commented:
Not sure if this helps you...  Found in my logs.

2009-12-01 13:31:55 W3SVC1 192.168.1.7 POST /exchweb/bin/auth/owaauth.dll - 443 - 209.226.52.149 Mozilla/5.0+(Windows;+U;+Windows+NT+6.0;+en-US;+rv:1.9.1.5)+Gecko/20091102+Firefox/3.5.5+(.NET+CLR+3.5.30729) 302 0 0

2009-12-01 13:31:55 W3SVC1 192.168.1.7 GET /exchange - 443 JKapashesit 209.226.52.149 Mozilla/5.0+(Windows;+U;+Windows+NT+6.0;+en-US;+rv:1.9.1.5)+Gecko/20091102+Firefox/3.5.5+(.NET+CLR+3.5.30729) 302 0 0

2009-12-01 13:31:55 W3SVC1 192.168.1.7 GET /exchange/ - 443 JKapashesit 209.226.52.149 Mozilla/5.0+(Windows;+U;+Windows+NT+6.0;+en-US;+rv:1.9.1.5)+Gecko/20091102+Firefox/3.5.5+(.NET+CLR+3.5.30729) 403 0 0
0
 
Glen KnightCommented:
Sorry I thought you said you had additional server.

If it just the one mailbox I would suggest deleting the user and creating a new one then re-attatching the mailbox.

0
 
Glen KnightCommented:
See section "To Reconnect a Deleted Mailbox to a New User Object" in this document: http://support.microsoft.com/kb/274343

if you right click on the user and select exchange tasks and delete mailbox.

You can then re-atatch it to see if that fixes it
0
 
RosspopeAuthor Commented:
Will try that tonight.  

Based on this post they needed to delete the entire user to get it working again.  Oh and you also need to kick the server.
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23282171.html
0
 
Glen KnightCommented:
As I suggested, I just added trying to reconnect without deleting the user as a possibility

I think the "kick" was Tongue in cheek!
0
 
RosspopeAuthor Commented:
that was very obvious...  Although it would be nice if a simple kick could fix things.
0
 
Glen KnightCommented:
Indeed! I often wish that! But luckily for us that make a living out of I.T it's not that simple! :-)
0
 
LeeDerbyshireCommented:
The only time I ever hear of a 403.0 status returned (that is what the last log entry shows) is where there is a BE server involved, and the BE server with the mailbox on has SSL required on its Exchange Virtual Directory in IIS Manager.
0
 
RosspopeAuthor Commented:
No BE server in this environment.
0
 
RosspopeAuthor Commented:
Well the user is configured to access it through Outlook right now.  So I wanted to run it by her before I start trashing stuff to make sure it was worth it for her.  She might not even use OWA anymore.  I didn't hear back from the her yet so I didn't do it.
0
 
RosspopeAuthor Commented:
I did not delete the user and recreate it again.  Wasn't worth it for me.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.