Windows 7 Enterprise - Outlook Web Access 2007

Stumped with this one, perhaps someone can help.  Here is the environment:

Client - Windows 7 Enterprise , current patches, Office 2007 - current service packs/patches

System - Exchange 2007 sp1 with patches

Problem:

When a domain user logs in, who has "Power user" membership to the local Windows 7 client, opens IE for OWA access - when they read an email, instead of pulling up the message, they are prompted for their username and password again.  When they put that in, they can read their email.

-when we put the user in the Local Administrators or User/Standard user groups for Windows 7, the problem goes away.  We did this part to try to determine if there was a GPO issue, but it appears it is a Windows 7 problem - isolated to Power users.

**************************

This appears to be a Windows 7 bug - any ideas?

We have no idea how to resolve this.  I apologize in advance if this should be somewhere else.
jenmilksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

murgroupCommented:
The only thing I can think of is when they sign in do they choose private computer or public? I have see problems with attachments when signing in as public computer in OWA 2007.
0
jenmilksAuthor Commented:
Doesn't make a difference, public or private - changing their membership from Power User to Standard User or Administrator does though, fixes it right away.
0
Iain MacMillanIT Regional Manager - UKCommented:
very odd behaviour, have you had a look at this MS article, not quite OWA but it may help - http://support.microsoft.com/kb/927612 (SPN needs to point to the GC's)

do you have a security certificate for your Exchange server?  I have Win 7 Pro 64bit and Outlook 2007, but we still have Exchange 2003 SP2, haven't got round to upgrading it yet, so i can't tell you what settings i have.  Also have you added the OWA address to the local trusted sites on IE (can be done via GP i think)??

Using Firefox should render the same result - does it? (Though you won't get to use Premium mode).

There is an outside chance that its an IIS issue, check your OWA site's directory security tab and click edit under Authentication and access control.  Click to select the Integrated Windows authentication check box and then click OK twice.  Open command prompt and type IISRESET to apply changes, and then test.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

pcfreakerCommented:
Hi,
Are these computers under the same domain as the owa site?
Rgds.
0
jenmilksAuthor Commented:
lainNIX -
Don't think the MS article applies - it references Outlook 2007 and we only see this on a Windows 7 machine when accessing OWA - when the user logged on to the Win7 machine is a member of the local Power users group.

Yes we have a security certificate.  Yes, the root site (e.g. *.domain.com) is in the trusted sites, this is controlled via GPO.  Remember - this problem goes away when we change the local group membership of the logged on user.

Firefox - yes, Firefox does not behave this way, regardless of local group membership.  This is an IE problem when the user is on a Windows 7 domain-joined computer with group membership to the local Power users group.

I'm hesitant to do anything with IIS, as this is my Exchange OWA server you are talking about and it only happens in the above-mentioned case.  The Windows XP machines running IE8, for example - do not have this problem.

pcfreaker:
Yes, all computers are in a unified domain (e.g. site.domain.com) where the Exchange Server and OWA server also live.

************************

Thanks for any additional ideas you might have.


0
pcfreakerCommented:
Thanks, another thing, is this happening only on the Windows 7 computers, or all others as well?
0
jenmilksAuthor Commented:
Windows 7 only. :)  Because it is so specific, and can be re-created, we think it is a bug - honestly.  However I am checking to see if we have done anything wrong - from the Experts perspective.
0
murgroupCommented:
Jen,
I agree with you and tend to think it's an IE 8 bug related to domain membership. I think this because you're not seeing the same behavior in Firefox. My machine is running Windows 7 64 bit and we have Exchange 2007. However, my server is in a collo so I am remote and not part of the domain. When I connect to OWA I don't see this problem.
Are these laptops and if so why not use Outlook anywhere?
0
jenmilksAuthor Commented:
murgroup:

I think this is probably IE8/Win7 bug actually.  We have IE8 deployed on WinXP machines - with users in the local Power users group for the XP machines and do not get the same behavior.

What's interesting - as I said - is that on the Win7 machine, when we move the group membership of the domain user, from Power User to local Administrator *or* Standard user the problem goes away.

It is very buggy.

No - these are not laptops, they are internal desktop machines.  Some users have to roam around the building and just use OWA to access their email when doing that.  Problem did not exist under Windows XP.
0
murgroupCommented:
It would seem IE 8 needs the elevated Privileges, on the domain, for some reason. Would it be worth purchasing a technet subscription so you can put in a support call to Microsoft? I think it runs about $400 for a basic subscription.
0
jenmilksAuthor Commented:
Worth it - probably, as it will manifest over several hundred machines in the next few months.  Don't think I should have to spend it though, which is a different issue.
0
jenmilksAuthor Commented:
Awarding multiple answers as this is not solved.  This is a bug in Windows 7 or IE8 with Win7 or something.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.