401 Unauthorized error 2010 Exchange OWA

Newer 2010 Exchanger server with an OWA redirect.  When trying to access OWA with http://mail.xxxx.com or https://mail.xxxx.com I instantly get an: 401 - Unauthorized: Access is denied due to invalid credentials.  Using https://mail.xxxx.com/owa still works.
 
I've done 2010 Exchange installs before with OWA redirection successfully in the past.  I've researched this error to no avail.  Please assist, thanks in advance.
ACSTLHAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LeeDerbyshireCommented:
See if you can find for us the 401 response in your IIS log file.  It will help a lot.
0
ACSTLHAuthor Commented:
Thank you for your resonse, are you looking for this?
2012-06-07 16:02:39 10.38.32.77 GET / - 443 - xx.xxx.xx.xxx Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) 401 3 5 62
0
LeeDerbyshireCommented:
Yes.  The 3 after the 401 is the subcode, so the complete response status is 401.3 .  That means that access is denied due to the ACL (i.e. NTFS permissions) on a file on the server somewhere.  It's hard to be sure which it will be, but I guess the first thing would be to look at the NTFS permissions for the
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa
folder on the server.  What do you have listed?  Is there any group that has any of the Deny checkboxes checked?
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

ACSTLHAuthor Commented:
Authenticated users: Read (not inherited)
System:  Full control
Administrators:  Full control

Also, I don't even get to a point to enter my username\password when trying to access the site when using the http://mail.xxxx.com or https://mail.xxxx.com  Forgot to mention that in the beginning.
owa-perms.PNG
0
LeeDerbyshireCommented:
Then it could be something like the folder containing the logon form:
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\auth
or the logon form itself within that folder: logon.aspx  .  Check the NTFS permissions on the file and the folder.  They should be similar to what you found before.
0
ACSTLHAuthor Commented:
Same permissions as above.

Do you think it is a file permission issue eventhough I no issues accessing and logging into OWA using the full https://mail.xxxx.com/owa address?
0
LeeDerbyshireCommented:
Ah, I forgot that.  If you created a script file to do the redirection I would check the NTFS permissions on that.
0
ACSTLHAuthor Commented:
The redirection is done in IIS under the HTTP Redirect.

I did however find the solution to my problem, it was NTFS permissions on the C:\inetpub\wwwroot folder.  One of our engineers was apparently making changes on that folder.  The users group was removed.  When I added them back with Read permissions, everything works fine.

Looks like IIS puts the redirection in the web.config file under that directory.

Thank you for pointing me in the right direction!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LeeDerbyshireCommented:
Ah, right.  It had to be NTFS permissions somewhere, but I didn't imagine the wwwroot ones would have been changed.
0
ACSTLHAuthor Commented:
Awarded points to LeeDerbyshire for suggesting NTFS permissions were the problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.