Enfostrad
asked on
Exchange 2010 OWA works for some not others
Ok. I have installed exchange 2010 on a new server running server 2008 R2 SP1, fully patched.
The users that were in the domain before I installed exchange cannot login to OWA, I get the error message incorrect username or password. Users I have created since then work just fine.
I have un-installed OWA and reinstalled it, I have checked event logs and error logs, nothing pops out about the error.
My question is, is there something that needs to be set on the users that may not have been updated during the AD upgrade and ADPREP's?
I have looked at both using ADSIEDIT and cannot see anything overtly different between the users.
The users that were in the domain before I installed exchange cannot login to OWA, I get the error message incorrect username or password. Users I have created since then work just fine.
I have un-installed OWA and reinstalled it, I have checked event logs and error logs, nothing pops out about the error.
My question is, is there something that needs to be set on the users that may not have been updated during the AD upgrade and ADPREP's?
I have looked at both using ADSIEDIT and cannot see anything overtly different between the users.
Run the following cmdlet against the old user and verify if they can access OWA
Set-Mailbox -Identity AffectedUser -applymandatoryproperties
Regards,
Exchange_Geek
Set-Mailbox -Identity AffectedUser -applymandatoryproperties
Regards,
Exchange_Geek
ASKER
Thanks for the reply. I ran that on two of the effected employees and it came back successful but no settings changed. I tried logging in as them anyhow, no difference in how OWA operates. I have set the authentication on OWA to forms and added the default domain name, even tho I have tried with and without domain name for the username.
OWA should only have basic authentication, please change it to basic and reset IIS.
Regards,
Exchange_Geek
Regards,
Exchange_Geek
ASKER
Ok I changed that, don't like how the login looks. and the same users still cannot login. I have reset their password and ensured they are unlocked in AD.
When you run the cmdlet against the mailboxes you ran "applymandatoryproperties" do you find mailbox type as legacy / linked or user mailbox?
Get-mailbox Affecteduser
Regards,
Exchange_Geek
Get-mailbox Affecteduser
Regards,
Exchange_Geek
ASKER
That command never showed me the type. However, according to EMC they are all user mailboxes.
OK Can you login to their webmail using your webmail credentials, considering giving yourself full mailbox rights?
Regards,
Exchange_Geek
Regards,
Exchange_Geek
"OWA should only have basic authentication" What? You can use whatever authentication method you want. Why can't he use forms based authentication?
Are these users able to access their mailbox with Outlook? Is OWA enabled on thier mailboxes? Was this an upgrade from a previous version of Exchange or is this the first time Exchange has been installed in this forest?
JJ
Are these users able to access their mailbox with Outlook? Is OWA enabled on thier mailboxes? Was this an upgrade from a previous version of Exchange or is this the first time Exchange has been installed in this forest?
JJ
I'm talking about what the default settings are. We can toy around with Windows Integration / Basic / anonymous - what ever we want - that's our wish.
Regards,
Exchange_Geek
Regards,
Exchange_Geek
ASKER
This is a new exchange install. no previous install of exchange. I have tried all types of authentication. I logged in as admin to OWA and tried opening one affected persons mail and got "your mailbox appears to be unavailable. Try again in ten minutes."
ASKER
I fixed the above error, the system attendant failed. I have that straightened out. I can now open their mailboxes when logged in as admin. When they try to login, they get the error incorrect username or password.
How many mailboxes are we dealing with that are affected?
Regards,
Exchange_Geek
Regards,
Exchange_Geek
ASKER
6 or 7 (almost the entire users group... I know, small group.
How about, you disconnect one of them - and reconnect them immediately, considering if you reconnect you're basically providing them Exchange attributes of you're new box.
So, try this and provide feedback.
Regards,
Exchange_Geek
So, try this and provide feedback.
Regards,
Exchange_Geek
ASKER
disconnect the mailbox? or remove the account and recreate?
Hang on - only disable the mailbox DO NOT CLICK on Remove.
Once you're mailbox is disconnected, run the following command and then use the disconnected mailbox tab in EMC to find the mailbox and reconnect it.
Get-MailboxDatabase | Clean-MailboxDatabase.
Regards,
Exchange_Geek
Once you're mailbox is disconnected, run the following command and then use the disconnected mailbox tab in EMC to find the mailbox and reconnect it.
Get-MailboxDatabase | Clean-MailboxDatabase.
Regards,
Exchange_Geek
ASKER
That gives me the same issue. I did however, delete one account and re-created it adn the mailbox. That person worked.
Disabling and reconnecting should do the same stuff, however if recreating does the trick - here is what you need to do
Get-Mailbox | FL >>Mbx.csv
The above cmdlet would capture all the mailbox level settings of each user
Next, export the PST of the users whom you are recreating using the cmdlet
New-MailboxExportRequest -Mailbox user -FilePath D:\PST\UserName.pst
Once the mailbox is exported - go ahead and recreate the mailbox and use the following command to import PST
New-MailboxImportRequest -Mailbox user -FilePath D:\PST\UserName.pst
Simple.
Regards,
Exchange_Geek
Get-Mailbox | FL >>Mbx.csv
The above cmdlet would capture all the mailbox level settings of each user
Next, export the PST of the users whom you are recreating using the cmdlet
New-MailboxExportRequest -Mailbox user -FilePath D:\PST\UserName.pst
Once the mailbox is exported - go ahead and recreate the mailbox and use the following command to import PST
New-MailboxImportRequest -Mailbox user -FilePath D:\PST\UserName.pst
Simple.
Regards,
Exchange_Geek
ASKER
Since no one has any mail on the server yet... Thank god.... I can avoid most of the above work. I do not believe I will have any issues with their local profiles on their computers as long as the username is the same.
Thanks
Thanks
Perfect, you're good to go. Had an interesting weekend - didnt you?
LOL
Regards,
Exchange_Geek
LOL
Regards,
Exchange_Geek
One other thing to check is that Permission Inheritance is configured correctly.
In ADUC, check that inheritance is enabled on the Security tab under Advanced Permissions.
Simon.
In ADUC, check that inheritance is enabled on the Security tab under Advanced Permissions.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured it out on my own. I was reviewing everything the admin told me and it struck me that he had mentioned the logon restrictions. I tested it and I was right, they needed the exchange server added to their list as well.
ASKER
I cannot think of any other items to report, so please let me know.