Exchange 2010 OWA works for some not others

Ok.  I have installed exchange 2010 on a new server running server 2008 R2 SP1, fully patched.
The users that were in the domain before I installed exchange cannot login to OWA, I get the error message incorrect username or password.  Users I have created since then work just fine.

I have un-installed OWA and reinstalled it, I have checked event logs and error logs, nothing pops out about the error.

My question is, is there something that needs to be set on the users that may not have been updated during the AD upgrade and ADPREP's?

I have looked at both using ADSIEDIT and cannot see anything overtly different between the users.
EnfostradAsked:
Who is Participating?
 
EnfostradConnect With a Mentor Author Commented:
I figured it out.  Previous Admin set everyone's  logon restrictions to their PC only.  I added the exchange server to their list of computers they can logon to and it works!!!

Thanks all
0
 
EnfostradAuthor Commented:
The old domain was running on 2003 and adprep /forest and /domain were performed and the new 2008 server promoted to DC.  

I cannot think of any other items to report, so please let me know.
0
 
Exchange_GeekCommented:
Run the following cmdlet against the old user and verify if they can access OWA

Set-Mailbox -Identity AffectedUser -applymandatoryproperties

Regards,
Exchange_Geek
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
EnfostradAuthor Commented:
Thanks for the reply.  I ran that on two of the effected employees and it came back successful but no settings changed.  I tried logging in as them anyhow, no difference in how OWA operates.  I have set the authentication on OWA to forms and added the default domain name, even tho I have tried with and without domain name for the username.
0
 
Exchange_GeekCommented:
OWA should only have basic authentication, please change it to basic and reset IIS.

Regards,
Exchange_Geek
0
 
EnfostradAuthor Commented:
Ok I changed that, don't like how the login looks.  and the same users still cannot login.  I have reset their password and ensured they are unlocked in AD.
0
 
Exchange_GeekCommented:
When you run the cmdlet against the mailboxes you ran "applymandatoryproperties" do you find mailbox type as legacy / linked or user mailbox?

Get-mailbox Affecteduser

Regards,
Exchange_Geek
0
 
EnfostradAuthor Commented:
That command never showed me the type.  However, according to EMC they are all user mailboxes.
0
 
Exchange_GeekCommented:
OK Can you login to their webmail using your webmail credentials, considering giving yourself full mailbox rights?

Regards,
Exchange_Geek
0
 
Jamie McKillopIT ManagerCommented:
"OWA should only have basic authentication" What? You can use whatever authentication method you want. Why can't he use forms based authentication?

Are these users able to access their mailbox with Outlook? Is OWA enabled on thier mailboxes? Was this an upgrade from a previous version of Exchange or is this the first time Exchange has been installed in this forest?

JJ
0
 
Exchange_GeekCommented:
I'm talking about what the default settings are. We can toy around with Windows Integration / Basic / anonymous - what ever we want - that's our wish.

Regards,
Exchange_Geek
0
 
EnfostradAuthor Commented:
This is a new exchange install.  no previous install of exchange.  I have tried all types of authentication.  I logged in as admin to OWA and tried opening one affected persons mail and got "your mailbox appears to be unavailable. Try again in ten minutes."
0
 
EnfostradAuthor Commented:
I fixed the above error,  the system attendant failed.  I have that straightened out.  I can now open their mailboxes when logged in as admin.  When they try to login, they get the error incorrect username or password.
0
 
Exchange_GeekCommented:
How many mailboxes are we dealing with that are affected?

Regards,
Exchange_Geek
0
 
EnfostradAuthor Commented:
6 or 7 (almost the entire users group... I know, small group.
0
 
Exchange_GeekCommented:
How about, you disconnect one of them - and reconnect them immediately, considering if you reconnect you're basically providing them Exchange attributes of you're new box.

So, try this and provide feedback.

Regards,
Exchange_Geek
0
 
EnfostradAuthor Commented:
disconnect the mailbox? or remove the account and recreate?
0
 
Exchange_GeekCommented:
Hang on - only disable the mailbox DO NOT CLICK on Remove.

Once you're mailbox is disconnected, run the following command and then use the disconnected mailbox tab in EMC to find the mailbox and reconnect it.

Get-MailboxDatabase | Clean-MailboxDatabase.

Regards,
Exchange_Geek
0
 
EnfostradAuthor Commented:
That gives me the same issue.  I did however, delete one account and re-created it adn the mailbox.  That person worked.
0
 
Exchange_GeekCommented:
Disabling and reconnecting should do the same stuff, however if recreating does the trick - here is what you need to do

Get-Mailbox | FL >>Mbx.csv

The above cmdlet would capture all the mailbox level settings of each user

Next, export the PST of the users whom you are recreating using the cmdlet

New-MailboxExportRequest -Mailbox user -FilePath D:\PST\UserName.pst

Once the mailbox is exported - go ahead and recreate the mailbox and use the following command to import PST

New-MailboxImportRequest -Mailbox user -FilePath D:\PST\UserName.pst

Simple.

Regards,
Exchange_Geek
0
 
EnfostradAuthor Commented:
Since no one has any mail on the server yet... Thank god.... I can avoid most of the above work.  I do not believe I will have any issues with their local profiles on their computers as long as the username is the same.

Thanks
0
 
Exchange_GeekCommented:
Perfect, you're good to go. Had an interesting weekend - didnt you?

LOL

Regards,
Exchange_Geek
0
 
Simon Butler (Sembee)ConsultantCommented:
One other thing to check is that Permission Inheritance is configured correctly.
In ADUC, check that inheritance is enabled on the Security tab under Advanced Permissions.

Simon.
0
 
EnfostradAuthor Commented:
I figured it out on my own.  I was reviewing everything the admin told me and it struck me that he had mentioned the logon restrictions.  I tested it and I was right, they needed the exchange server added to their list as well.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.