Solved

Exchange 2007 OWA issues

Posted on 2012-04-05
9
341 Views
Last Modified: 2012-04-08
I recently fixed a crashed Exchange 2007 server installed on an Enterprise 2003 Windows server and was able to re-install everything, however I'm having a couple of issues with OWA. First issue is that when I go to make OWA "Forms based" authentication...It flat out doesnt work. The OWA page sends a "Page Not Displayed" error. The second issue is that when a user authenticates and OWA loads the page doesnt load any graphics and none of the links work. I absolutely positive that this is a permissions issue of some sort but I'm not sure where to go to fix it. Recently I un-installed IIS, and Un-installed the CAS server role which fixed other issues. The process I followed were found in these articles:

http://exchangeshare.wordpress.com/2008/07/16/how-to-recreate-owa-virtual-directory-exchange-2007/

http://my.opera.com/RavenOverride/blog/2009/06/17/how-to-recreate-all-virtual-directories-for-exchange-2007

http://support.microsoft.com/kb/320202

The two issues I need to fix are, how do we fix Forms Based Authentication and How do we fix the permissions issue so that users can login and see the normal OWA page and use it correctly.

Any help would be greatly appreciated.
0
Comment
Question by:Sec-Man
  • 5
  • 3
9 Comments
 
LVL 4

Expert Comment

by:Repil
ID: 37811732
Recreate OWA Virtual Directory ; Below article will help you on this process.

http://exchangeshare.wordpress.com/2008/07/16/how-to-recreate-owa-virtual-directory-exchange-2007/
0
 
LVL 3

Author Comment

by:Sec-Man
ID: 37811796
Repil - When you uninstall/re-install IIS and then uninstall/re-install CAS server role, OWA and all Exchange related directories are recreated in IIS. I've done this a couple of times now in the hopes of permissions being re-initialized...but they are not. Any other ideas?
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
ID: 37812196
Can you find the iis log entries for the request for logon.aspx (which is the FBA logon page)?  It will help to see how the server responded.

The graphics problem may be because you no longer have Anonymous Access enabled on the exchweb directory in IIS.  Come to think of it, this might cause the FBA problem, too.
0
 
LVL 3

Author Comment

by:Sec-Man
ID: 37812486
Looking at EV...I dont see anything obvious that would be considered IIS Log Entries. Is there somewhere specific you'd like me to look?

The exchweb virtual directory was indeed not set for anonymous access, which I have corrected but whenever I do an "iisreset /noforce" I get the following error:

C:\Documents and Settings\Administrator>iisreset/noforce

Attempting stop...
Restart attempt failed.
The service cannot accept control messages at this time. (2147943461, 80070425)

C:\Documents and Settings\Administrator>

Open in new window


So I do a simple iisreset and when I do that exchweb reverts back to anonymous access not being checked...

Anyway...I just now thought...well if iisreset is resetting the settings on exchweb then they are probably changed on owa as well. I checked and sure enough they were... So I change anonymous for both owa and exchweb resync the IUSR_SERVERNAME PW and unbelievably OWA is working!

So...how do I make the settings take so that if the server bounces or I do an iisreset they stay in place? I havent tried FBA yet...I dont want to jinx anything (...yet)
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37812624
The iisreset shouldn't be changing anything by itself.  The settings may be coming from the settings in Exchange itself.  I can't remember how you check them in E2007, but try Get-OWAVirtualDirectory | fl , and see what auth settings are listed.  Maybe the iisreset just forces a change to the Exchange settings (the Exchange VDirs get 'special treatment' in this respect), thus replacing something that may have been mistakenly changed in IIS Manager more recently.

IIS log entries are usually text files (.log files) in C:\Windows\System32\Logfiles\W3SVC1
0
 
LVL 3

Author Comment

by:Sec-Man
ID: 37812704
Well I execute "Get-OWAVirtualDirectory | fl" and I got so much returned that it scrolled past the top of the screen. Is there a way to dump it to a file?

Are the log entries for IIS still necessary? If not thanks for that, its still useful.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37813265
You should be able to scroll the CMD window.  Or direct it to a text file:

Get-OWAVirtualDirectory | fl > c:\temp.txt

Might not need to iis logs yet.
0
 
LVL 3

Author Comment

by:Sec-Man
ID: 37816188
I looked at the output and I didnt see anything obvious. I attached the file if you wanted to take a look.
0
 
LVL 3

Author Closing Comment

by:Sec-Man
ID: 37821334
FBA and everything works. Nice call!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Synchronize a new Active Directory domain with an existing Office 365 tenant
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now