OWA not authenticating users
Hi,
We have a client's server (SBS2003) that wont accept via the internal address of server or external address of the server the OWA account.
The administrator account works perfectly fine, gets to the logon screen and goes through to the mailbox, but any user in AD will successfully get to the logon screen but not be allowed any further.
Users as a test have been given admin rights but still no joy.
Please help.
Thanks
We have a client's server (SBS2003) that wont accept via the internal address of server or external address of the server the OWA account.
The administrator account works perfectly fine, gets to the logon screen and goes through to the mailbox, but any user in AD will successfully get to the logon screen but not be allowed any further.
Users as a test have been given admin rights but still no joy.
Please help.
Thanks
see if this article does the trick
ASKER
Thanks tried both but no joy.
it does seem permissions related but the permissions are in place for authenticated users, initially authenticated users did not have the right permissions on the exchweb virtual site.
it does seem permissions related but the permissions are in place for authenticated users, initially authenticated users did not have the right permissions on the exchweb virtual site.
if you look in the security event log - do you see errors that match up with each login? That might tell us where to look. Also check the application log.
ASKER
nothing appears in eaqther the sys or app log.
Thanks
Thanks
when you say - "they get to the login screen but no further" - what error are they getting?
Are you getting the standard bad password or username message:
You could not be logged on to Outlook Web Access. Ensure that your user name and password are correct, and then try again.
If so - there has to be something in the security log.
Are you getting the standard bad password or username message:
You could not be logged on to Outlook Web Access. Ensure that your user name and password are correct, and then try again.
If so - there has to be something in the security log.
ASKER
Hi guys
I have some new information. I created a copy of administrator and I wasn't able to connect. However, it started to work after an hour or so. So I copied the group membership and made the user I wanted to test a member of all of those groups which administrator account was a member of. It didn't work first but started to work after an hour or two.
My question is: why does it take some time to propagate and mainly where do I need to assign the permissions for normal domain users to allow them to log in.
Thanks
I have some new information. I created a copy of administrator and I wasn't able to connect. However, it started to work after an hour or so. So I copied the group membership and made the user I wanted to test a member of all of those groups which administrator account was a member of. It didn't work first but started to work after an hour or two.
My question is: why does it take some time to propagate and mainly where do I need to assign the permissions for normal domain users to allow them to log in.
Thanks
first, have you made sure that you don't have permissions blocked on the users, click on the user's properties and securyt and then enable enheritance.
also make sure that Exchange is memeber of the corregct groups and has the correct permissions, i will suggest running dominprep
also make sure that Exchange is memeber of the corregct groups and has the correct permissions, i will suggest running dominprep
I still would like to know what error normal users get. Can you screenshot it?
Are you using Forms based authentication or just normal prompt for authentication? Or does it try and open up right away to the users mailbox?
Are you using Forms based authentication or just normal prompt for authentication? Or does it try and open up right away to the users mailbox?
Are you trying to open http://yourSbsserver/exchange or https://yourSBSServer/exchange
OR are you trying to open a completely different URL?
OR are you trying to open a completely different URL?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you markdmac!
That was it, I went through you FAQ and set it according to and it started to work!
Thanks again.
That was it, I went through you FAQ and set it according to and it started to work!
Thanks again.
ASKER
Excellent!
Happy to help. Have a great day.
refer to the below article and verify your settings and repair them as needed.
http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html
If the above does not work then use the below article to recreate the Directories which will reset the permissions:
http://support.microsoft.com/kb/883380
Hilal