Solved

OWA access issue after installing Exchange 2007 SP3

Posted on 2011-02-28
15
1,945 Views
Last Modified: 2012-05-11
Hey everyone,

I recently installed Exchange 2007 SP3 along with rollup 2. Everything seems to be working fine expect for OWA and only when logged in with view-only admins with full permissions to all mailboxes - for example, the besadmin account. When trying to access any mailbox within any of the stores in the origination, I get the following error (entire error below). The key seems to be:

Inner Exception
Exception type: Microsoft.Mapi.MapiExceptionLogonFailed
Exception message: MapiExceptionLogonFailed: Unable to make connection to the server.

Not sure why login is failing or why the server would state it’s unable to make connection to the server (all servers are on the same box and MAPI clients are connecting fine as far as I can tell). As long as I login as domainuser\self, I don’t have any problems. I need to be able to login frequently to accounts with the besadmin but am more concerned this problem will advance into some strange permission issue. Entire error here and thanks in advanced:


Request
Url: https://xxx.xxx.com:443/owa/default.aspx
User host address: xxx.xxx.xxx.xxx

Exception
Exception type: Microsoft.Exchange.Data.Storage.ConnectionFailedTransientException
Exception message: Cannot open mailbox /o=xxx/ou=xxx/cn=Recipients/cn=besadmin.

Call stack

Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Data.Storage.MailboxSession.Initialize(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags)
Microsoft.Exchange.Data.Storage.MailboxSession.CreateMailboxSession(LogonType logonType, ExchangePrincipal owner, DelegateLogonUser delegateUser, Object identity, OpenMailboxSessionFlags flags, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Data.Storage.MailboxSession.Open(ExchangePrincipal mailboxOwner, WindowsPrincipal authenticatedUser, CultureInfo cultureInfo, String clientInfoString)
Microsoft.Exchange.Clients.Owa.Core.OwaWindowsIdentity.CreateMailboxSession(ExchangePrincipal exchangePrincipal, CultureInfo cultureInfo)
Microsoft.Exchange.Clients.Owa.Core.UserOptions.LoadSharedCalendarTimezoneSetting(TimezoneSetting& setting)
Microsoft.Exchange.Clients.Owa.Core.UserOptions.Load(IList`1 properties)
Microsoft.Exchange.Clients.Owa.Core.UserOptions.LoadAll()
Microsoft.Exchange.Clients.Owa.Core.UserContext.Load(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.CreateUserContext(OwaContext owaContext, UserContextKey userContextKey, UserContext& userContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Inner Exception
Exception type: Microsoft.Mapi.MapiExceptionLogonFailed
Exception message: MapiExceptionLogonFailed: Unable to make connection to the server. (hr=0x80040111, ec=-2147221231) Diagnostic context: ...... Lid: 16280 dwParam: 0x6BA Msg: EEInfo: ComputerName: n/a Lid: 8600 dwParam: 0x6BA Msg: EEInfo: ProcessID: 956 Lid: 12696 dwParam: 0x6BA Msg: EEInfo: Generation Time: 2011-03-01 01:08:40:372 Lid: 10648 dwParam: 0x6BA Msg: EEInfo: Generating component: 2 Lid: 14744 dwParam: 0x6BA Msg: EEInfo: Status: 1722 Lid: 9624 dwParam: 0x6BA Msg: EEInfo: Detection location: 390 Lid: 13720 dwParam: 0x6BA Msg: EEInfo: Flags: 0 Lid: 11672 dwParam: 0x6BA Msg: EEInfo: NumberOfParameters: 2 Lid: 8856 dwParam: 0x6BA Msg: EEInfo: prm[0]: Unicode string: xxx.xxx.INC Lid: 8856 dwParam: 0x6BA Msg: EEInfo: prm[1]: Unicode string:xxx Lid: 23065 EcDoConnectEx called [length=67] Lid: 17913 EcDoConnectEx returned [ec=0x80040111][length=56][latency=0] Lid: 19778 Lid: 27970 StoreEc: 0x80040111 Lid: 17730 Lid: 25922 StoreEc: 0x80040111

Call stack

Microsoft.Mapi.MapiExceptionHelper.ThrowIfError(String message, Int32 hresult, Int32 ec, DiagnosticContext diagCtx)
Microsoft.Mapi.ExRpcConnection.Create(ConnectionCache connectionCache, ExRpcConnectionCreateFlag createFlags, ConnectFlag connectFlags, String serverDn, String userDn, String user, String domain, String password, String httpProxyServerName, Int32 ulConMod, Int32 lcidString, Int32 lcidSort, Int32 cpid, Int32 cReconnectIntervalInMins, Int32 cbRpcBufferSize, Int32 cbAuxBufferSize)
Microsoft.Mapi.ConnectionCache.OpenMapiStore(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, ClientIdentityInfo clientIdentity, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
Microsoft.Mapi.ConnectionCache.OpenMailbox(String mailboxDn, Guid mailboxGuid, Guid mdbGuid, WindowsIdentity windowsIdentityAs, String userDnAs, OpenStoreFlag openStoreFlags, CultureInfo cultureInfo, String applicationId)
Microsoft.Exchange.Data.Storage.ConnectionCachePool.OpenMailbox(String serverDn, String userDn, String mailboxDn, Guid mailboxGuid, Guid mdbGuid, Object identity, ConnectFlag connectFlag, OpenStoreFlag openStoreFlag, CultureInfo cultureInfo, String clientInfoString, Boolean secondTry)
0
Comment
Question by:Smoothie247
  • 7
  • 6
  • 2
15 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35004363
Can you try re-assigning the permissions to that user? Looks like the permissions may have become corrupt during SP3 install.
0
 

Author Comment

by:Smoothie247
ID: 35004365
I've already tried that to no avail.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35004404
and this is happening for more than one user? Or is it just BES?
0
 
LVL 11

Expert Comment

by:MichaelVH
ID: 35004417
it somehow seems that the besadmin mailbox might have become corrupt.

Can you confirm that you can either log in into the besadmins mailbox with outlook or not?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35004436
What version of BES is in use? SP3 requires 5.0.2
0
 

Author Comment

by:Smoothie247
ID: 35004446
besadmin mailbox is on an Exchange 2003 SP3 server, so I seriously doubt the mailbox would be corrupted. This feels like permissions issues and was working just fine until SP3 install. I already upgrade to BES version 5.0.2 MR3 before the Exchange 2007 SP3 install. Thanks guys.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35004448
OK, if it's on a 2003 server do you have a seperate CAS server?
Are all the mailboxes you are having problems with on the 2003 server?

When do you plan to move them?
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 11

Accepted Solution

by:
MichaelVH earned 250 total points
ID: 35004458
Smoothie,

what you can do is the following:

1. Run ExBPA to reveal possible issues
2. You can try moving the users from DB and if necessary move it back.
3. Please make sure that all the rights for the user-object are correct (checking security through ADUC)

Are you seeing events in the eventlog for this issue?

Michael
0
 

Author Comment

by:Smoothie247
ID: 35014571
So I dont think the besadmin or the Exchange 2003 server is the problem - I just realized that any user (besides the owner) that had permissions before the SP3 install now gets the same error when trying to access via OWA. Very strange. I dont see anything out of the ordinary via ExBPA. I will try the mailbox move but I'm not sure the problem is truly permissions, as I can open any of these mailbox w/o any issues via MAPI and the besadmin...
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35014834
Can you check the inherited permissions, it shouldn't make a difference but you never know.  See here:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2861-Activesync-Working-But-Only-For-Some-Users-On-Exchange-2007-2010.html
0
 

Author Comment

by:Smoothie247
ID: 35018748
Inherited permissions are already enabled and working ifne. Any other thoughts? :) Banging my head on this one...
0
 
LVL 74

Assisted Solution

by:Glen Knight
Glen Knight earned 250 total points
ID: 35018769
Did you try the mailbox move?
0
 

Author Comment

by:Smoothie247
ID: 35047207
I figured out what was up. Strangely, I had to move the besamdin mailbox from the Exchange 2003 server to Exchange 2007 server. For whatever reason, the service pack install didn’t like trying to authenticate via OWA. Good ol' MSFT strikes again... ;) Thanks for help.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35047217
Isn't that what I suggested?
0
 

Author Comment

by:Smoothie247
ID: 35047234
I suppose you did but we were talking about moving mailbox besides the besadmin.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now