em3179
asked on
Only members of Domain Admins group can log into Exchange 2010 mailboxes and OWA
Hello all Exchange experts. This is my 3 blog attempt at posting regarding this issue. I've posted @ the following forums as well but without any success on finding a solution. Please take the time to read through so that you get the background info on the issue at hand.
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/e004daf7-bf7c-4044-abba-23857a707f19
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/230bbf6f-3417-4946-b507-9158bff13faa
http://www.networksteve.com/exchange/topic.php/getting_access_to_OUTLOOK/OWA_mailboxes/?TopicId=23502&Posts=12
So in a few words so that we can get this thread going...Users are unable to log into Exchange 2010 mailboxes without being members of Domain Admins group. They also lose access to OWA if they're removed membership. Looking forward to your answers / suggestions.
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/e004daf7-bf7c-4044-abba-23857a707f19
http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/230bbf6f-3417-4946-b507-9158bff13faa
http://www.networksteve.com/exchange/topic.php/getting_access_to_OUTLOOK/OWA_mailboxes/?TopicId=23502&Posts=12
So in a few words so that we can get this thread going...Users are unable to log into Exchange 2010 mailboxes without being members of Domain Admins group. They also lose access to OWA if they're removed membership. Looking forward to your answers / suggestions.
ASKER
Hi jpower500.
I just confirmed it and the acl's described by you check out.
tks.
I just confirmed it and the acl's described by you check out.
tks.
Ok
Step Two
Authentication
Should only be Basic Enabled
Step Three
Authorization Rules
Allow All Users
EMC
Server Configuration
Client access
Outlook web app tab
Properties
Authentication
Use Forms-based authentication
Domain\username (you can use Username only if you like but you have to put pick domain name just removes one less variable).
Step Two
Authentication
Should only be Basic Enabled
Step Three
Authorization Rules
Allow All Users
EMC
Server Configuration
Client access
Outlook web app tab
Properties
Authentication
Use Forms-based authentication
Domain\username (you can use Username only if you like but you have to put pick domain name just removes one less variable).
ASKER
Hi JP
Step 2, 3 and 4 check out well. Configured exactly as you describe.
tks
Step 2, 3 and 4 check out well. Configured exactly as you describe.
tks
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I confirmed that this is not an Exchange issue but rather an AD permissions issue. The dfault domain policy GPO.. under 'User Rights Assignment' "Access this computer from network" setting was restricted to only 'Domain Admins' this prohibited everyone and authenticated users from accessing network resources.
From from the on set it sounds like a permission problem-
step one:
IIS OWA folder. (default website)
Edit permission
Security
What groups or users are listed?
Should be:
Authenticated Users - Read
System - Full Control
Administrators - Full Control