Link to home
Create AccountLog in
Avatar of Philsh
Philsh

asked on

OWA Audit Failure on Exchange Server 2007

We have a number of users who can use their credentials to logon to a local client PC and access email via Outlook 2007 with no problem. However, when they try to login to our OWA server (which is hosted on our main Exchange server), they get an error. They are using the same credentials. On the Exchange Server in the event viewer, it logs an Audit failure "unknown user name or bad password."  Not all users experience this problem, but quite a few are.  These users have accessed OWA previously with no problem.
Avatar of Philsh
Philsh

ASKER

Note that they are trying to access OWA from within our internal network.
Sometimes IIS security gets changed  (by an update) and stops OWA from working correctly.   I would check that: under directory security for the OWA folder look at the authenication methods should be Basic (restart IIS as well), also try using full e-mail addresses as the username.
did they try perhaps using their credentials in this manner: domain\username.
Avatar of Philsh

ASKER

What security issues would I be looking for?  IIS was restarted. I tried full e-mail addresses and they fail as well.
Avatar of Philsh

ASKER

Yes, they used domain\username.
Check the directory secuirty tab on the OWA properties (in IIS).   Then go to authentication and access contol -> edit
What is checked?
Might be good to check that Forms-Based Authentication is checked in EMC

In the console tree, select Server Configuration, select Client Access, select the server that hosts the Outlook Web App virtual directory, and then click the Outlook Web App tab.
In the work pane, select the virtual directory that you want to configure to use forms-based authentication, and then click Properties.
Click the Authentication tab.
Select Use forms-based authentication.
Select the sign-in format that you want to use.
Avatar of Philsh

ASKER

I tried changing to form-based authentication. It pops up a login window (have not used that before), but I still cannot login using the problem credentials. I am able to login using other credentials that were working.

With regard to directory security, I see Everyone has Read & Execute, List folder contents, Read. Authenticated users have same security.
So you are using what type of Authentication are you using?
ie In the EMC -> OWA Properties "use one or more standard authentication methods"
What is checked?

Then also look in IIS - right click on the OWA folder and select properties (not permissions) then go the the directory security tab and select "edit" for the Authentication and access control section.  What is checked there?


Also have you checked the users that can't log on have OWA enabled on their accounts and the accounts are not locked.  For a test reset one of the users accounts password (that couldn't log on) and see if it works.
Avatar of Philsh

ASKER

Currently  Use forms-based authentication  Logon Format: Domain\user name

As to the second question, I am sorry but I am not quite following. I go to the IIS Manager. Under "Default Web Site" I see "owa".  If I right-click, I see "Explore, Edit Permissions, Add Application, .." but no properties.  If I "Explore", I can see the actual file-system folder "owa". I can get properties->Security from that. But it is the same as I listed above "Everyone has Read & Execute, List folder contents, Read. Authenticated users have same security".
Avatar of Philsh

ASKER

Note: I just create a new account as a test. I can login and get email via a client PC with Outlook, but again it will not let me login via OWA. :-(
Sorry you are using IIS 7 -  just select the OWA folder then in the main window click authentication - should just be Basic enabled.
Avatar of Philsh

ASKER

Yes, just Basic Authentication is enabled.
Do you have more than one DC?
Avatar of Philsh

ASKER

We have three.
Have you checked to see if replication is working between them?
You might want to try and restart some exchange services just in case.
Information store and file dirtribution
Avatar of Philsh

ASKER

I have forced replication without any errors.  I ran dcdiag with no obvious problem. Is there a better way to test?  
I have restarted all the exchange services. I also rebooted the Exchange server last night.
Hmmm,  I'm not sure what else to look for  - especially since it's only happening with select users.  The new user account you created,  are you able to log on to the domain and connect to exchange with outlook?
Avatar of Philsh

ASKER

Yes, I can connect on domain PC and use Outlook.

I am wondering though if I have a AD issue as we have had a terminal server where some users could not login there although they could login elsewhere - maybe not related but ...
Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Jarred Power
Jarred Power
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Philsh

ASKER

Well, I forced EMC to use one specific DC. I then forced replication on the DCs. Rebooted Exchange server. Now all is working. Go figure...  Thank you for your assistance.
Cool, Glad it's working now.