Link to home
Create AccountLog in
Avatar of em3179
em3179Flag for United States of America

asked on

Only members of Domain Admins group can log into Exchange 2010 mailboxes and OWA

Hello all Exchange experts. This is my 3 blog attempt at posting regarding this issue. I've posted @ the following forums as well but without any success on finding a solution. Please take the time to read through so that you get the background info on the issue at hand.

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/e004daf7-bf7c-4044-abba-23857a707f19

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/230bbf6f-3417-4946-b507-9158bff13faa

http://www.networksteve.com/exchange/topic.php/getting_access_to_OUTLOOK/OWA_mailboxes/?TopicId=23502&Posts=12

So in a few words so that we can get this thread going...Users are unable to log into Exchange 2010 mailboxes without being members of Domain Admins group. They also lose access to OWA if they're removed membership. Looking forward to your answers / suggestions.
Avatar of Jarred Power
Jarred Power
Flag of United States of America image

Sorry if you have tried some of this already - tried to read through all the other blogs, but there is a lot of info.  I'll start with some of the most obvious things.

From from the on set it sounds like a permission problem-
step one:
IIS OWA folder. (default website)
Edit permission
Security
What groups or users are listed?
Should be:  
Authenticated Users  - Read
System - Full Control
Administrators  -  Full Control
Avatar of em3179

ASKER

Hi jpower500.

I just confirmed it and the acl's described by you check out.

tks.
Ok
Step Two
Authentication
Should only be Basic Enabled
 
Step Three
Authorization Rules
Allow All Users

EMC
Server Configuration
Client access
Outlook web app tab
Properties
Authentication
Use Forms-based authentication
Domain\username  (you can use Username only  if you like but you have to put pick domain name just removes one less variable).
Avatar of em3179

ASKER

Hi JP

Step 2, 3 and 4 check out well. Configured exactly as you describe.

tks
ASKER CERTIFIED SOLUTION
Avatar of em3179
em3179
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of em3179

ASKER

I confirmed that this is not an Exchange issue but rather an AD permissions issue. The dfault domain policy GPO.. under 'User Rights Assignment' "Access this computer from network" setting was restricted to only 'Domain Admins' this prohibited everyone and authenticated users from accessing network resources.