Solved

401 Unauthorized error 2010 Exchange OWA

Posted on 2012-06-07
10
4,715 Views
Last Modified: 2012-06-12
Newer 2010 Exchanger server with an OWA redirect.  When trying to access OWA with http://mail.xxxx.com or https://mail.xxxx.com I instantly get an: 401 - Unauthorized: Access is denied due to invalid credentials.  Using https://mail.xxxx.com/owa still works.
 
I've done 2010 Exchange installs before with OWA redirection successfully in the past.  I've researched this error to no avail.  Please assist, thanks in advance.
0
Comment
Question by:ACSTLH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38058297
See if you can find for us the 401 response in your IIS log file.  It will help a lot.
0
 

Author Comment

by:ACSTLH
ID: 38058503
Thank you for your resonse, are you looking for this?
2012-06-07 16:02:39 10.38.32.77 GET / - 443 - xx.xxx.xx.xxx Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) 401 3 5 62
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38058672
Yes.  The 3 after the 401 is the subcode, so the complete response status is 401.3 .  That means that access is denied due to the ACL (i.e. NTFS permissions) on a file on the server somewhere.  It's hard to be sure which it will be, but I guess the first thing would be to look at the NTFS permissions for the
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa
folder on the server.  What do you have listed?  Is there any group that has any of the Deny checkboxes checked?
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 

Author Comment

by:ACSTLH
ID: 38058729
Authenticated users: Read (not inherited)
System:  Full control
Administrators:  Full control

Also, I don't even get to a point to enter my username\password when trying to access the site when using the http://mail.xxxx.com or https://mail.xxxx.com  Forgot to mention that in the beginning.
owa-perms.PNG
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38059111
Then it could be something like the folder containing the logon form:
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth
or the logon form itself within that folder: logon.aspx  .  Check the NTFS permissions on the file and the folder.  They should be similar to what you found before.
0
 

Author Comment

by:ACSTLH
ID: 38059133
Same permissions as above.

Do you think it is a file permission issue eventhough I no issues accessing and logging into OWA using the full https://mail.xxxx.com/owa address?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 38059196
Ah, I forgot that.  If you created a script file to do the redirection I would check the NTFS permissions on that.
0
 

Accepted Solution

by:
ACSTLH earned 0 total points
ID: 38059382
The redirection is done in IIS under the HTTP Redirect.

I did however find the solution to my problem, it was NTFS permissions on the C:\inetpub\wwwroot folder.  One of our engineers was apparently making changes on that folder.  The users group was removed.  When I added them back with Read permissions, everything works fine.

Looks like IIS puts the redirection in the web.config file under that directory.

Thank you for pointing me in the right direction!
0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 500 total points
ID: 38059397
Ah, right.  It had to be NTFS permissions somewhere, but I didn't imagine the wwwroot ones would have been changed.
0
 

Author Closing Comment

by:ACSTLH
ID: 38073274
Awarded points to LeeDerbyshire for suggesting NTFS permissions were the problem.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question