Direct OWA url to mailbox Exchange 2010 vs Exchange 2003

Try to give mailbox permission to these non-mailbox users from EMC.
Under recipient configuration----go to the mailboxes which you want to be accesed by these non-mailbox users.

All of the non-mailbox accounts already have Full Permissions and Send As permissions to the mailboxes.  This is how it was able to work before. I also verified by looking in the EMC again.

Figured out a little bit more...

If I go to https://ServerIP/owa/sharedmb@domain.com   it gives a cert error, but logs in fine with no credentials prompt
If I go to https://NETBIOSName/owa/sharedmb@domain.com  it gives a cert error, but logs in fine with no credentials prompt

What I want to work, and what our cert is set for (mail.domain.com), is:
https://mail.domain.com/owa/user@domain.com   when I use that, I get no cert error, but it asks for credentials and keeps refusing them until it gives a 401 error.

My internal and external OWA urls are set to be https://mail.domain.com/owa

Have you tried to access like this:

https://mail.domain.com/owa/user

If it is only mail.domain.com that doesn't work, then it may be a DNS issue.  For example, internally, your DNS name mail.domain.com may be resolving to your public IP address.  This will probably mean that you are actually trying to access the admin web pages on your router.

shreedhar - yes, I've tried that.  Seems like I have to use IP or NETBIOS name for it to work and not mail.domain.com

LeeDerbyshire - I have tried usinga hosts file telling it that mail.domain.com is the IP of the new exchange server, so it should be pointing correctly.  Also when I get the 401 error that comes from the new Exchange owa site.

Another strange thing, thia all works fine on my windows 7 computer with IE 8, it logs right in for the shared mailbox.  But not a windows xp machine with IE 6 or IE 7.  There is just keeps prompting for username and password.  I'm guessing there is some form of authentication issue.

Hi,

In Internet Explorer on Windows 7 check the User Authentication Settings.

Go to Tools> Internet Options> Security> Internet > Custom Level > Scroll Down to Last there you will find User Authentication > Check what Logon type being user.

Check this setting for the Internet and Local intranet.

Then verify the same settings are there on the Windows XP System.

I hope this helps,
Shree

Both setups are set to Auto Logon only in Intranet zone for the two Internet and Local Intranet.  So from that standpoint they are the same.

Just to give a recap..

Our certificate is "mail.domain.com"  This resolves internally and externally to our Exchange 2010 server.

Externally, going to https://mail.domain.com works.
Internally, going to https://netbiosname/owa and https://ipaddress/owa works, althought there is a cert error that we have to click OK on.  Internally, https://mail.domain.com prompts for credentials and then does not accept them and eventually gives a 401 error that is from IIS on the Exchange 2010 server.

As for the logging in directly to another user's mailbox, we also had to first log in as the actual user of the mailbox, then another user could connect directly to it after that, but not before.  

Hi,

https://mail.domain.com/owa/username

Make sure logged on the any of the workstation or server with the user who has been granted the permissions for the other user mailbox.

I hope this helps,
Shree

At this point, internally we can't even log in as ourselves using:

https://mail.domain.com
https://mail.domain.com/owa
or
https://mail.domain.com/owa/username

We can only log in using the netbios and IP with /owa.

Hi,

Does any of the posted comments assisted you to reach the conclusion? If yes, then award partial point.

--------
Shree

What made us able to login to a direct url to another user's mailbox was to first have the other user login as themselves and open the mailbox on the new server, then after that another user could connect to it through a direct URL.  I do appreciate all the troubleshooting and help, but none of the suggestions mentioned this or pointed me in that direction.  I don't want to mark something as an accepted solution and have someone looking at this down the road think that's what fixed the issue.  With that said, I hope that doesn't make this sound rude or unappreciated by any means, because I do appreciate everyone's help and contributions on here.