testing OWA / Outlook Anywhere 401 - Unauthorized: Access is denied due to invalid credentials

I am trying to test my internal OWA / Outlook Anywhere on my New Exchange 2010 but I
keep getting this error message.  What am I missing in my setup?
Any help, please...

401 - Unauthorized: Access is denied due to invalid credentials

Is this AD or Exchange?
Scott JohnstonIT Manager Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

albert_miquelit managerCommented:
Usually when you install. Own works
You must put domain\username
The message is like you don't have a mailbox created on these user or validation is unsuccessful
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott JohnstonIT Manager Author Commented:
Entered the domain\user and just user got the same error.  I have a 2003 server that is replicating on the 2010 exchange.  I thought I test my 2010 conection...
0
albert_miquelit managerCommented:
You must try exchange2010/own to access
Can you explain more about these replica?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Malli BoppeCommented:
Does this happen for both the users in exchange 2003 and exchange 2010
0
Adam FarageSr. Enterprise ArchitectCommented:
Try this out...

Go to the Exchange 2010 server (RDP) and then open up IE. Type in the following:

https://127.0.0.1/owa

From there, type in the credentials (domain/username and password) for an Exchange 2010 user. What do you get?

If that works, do the same thing for the Exchange 2003 box. Does it work for an Exchange 2003 user? If so, then we are in good shape and we know OWA works fine.

Now the next part is the fun part, as OWA proxy / redirection between Exchange 2010 and 2003 is a pain in the butt to configure / ensure it is working properly. As a reference, I did write up a blog article on this (http://exchangelaboratory.com/2013/04/04/exchange-proxy-and-redirection-exchange-2007-and-2010-explained/).

So to go in order on how this should work...

1) You need to configure the namespace. Typically, what happens is that you move the A records for your CAS (Client Access Server) services from 2003 to 2010. You would apply the new namespace (mail.company.com and autodiscover.company.com) to the appropriate Client Access services, and then configure Exchange 2003 to use a legacy namespace.

2) Configuring Authentication is a big deal. You need to make sure that the source server (Exchange 2010) and the target server (Exchange 2003) are set up for Form Based Auth. Otherwise, your proxy / redirection request (for more information read the blog article above) will fail for OWA.

3) Test. If DNS is pointed properly (step one) and your authentication is setup (step 2) the appropriate users should be accessing there data.

To sum up what is actually happening (we will use the example of same site):

- User A, who is a 2003 user attempts to access OWA through the URL mail.company.com. This URL has an A record in DNS to point to an Exchange 2010 CAS.

- User A authenticates to the Exchange 2010 CAS.

- The CAS that handles the authentication will go out to a domain controller for authentication, and then also to the global catalog for the following..

* homeMBD
* msExchangeVersion

- When the Exchange 2010 CAS realizes that the user is actually an Exchange 2003 user, the CAS will then send an HTTP 451 request to the users client (web browser) and the user will then either proxy (this occurs when the target sites ExternalURL = $NULL) or redirects (occurs if the Exchange 2003 FE server is within the same site, or is within a separate site that is internet facing).

- The Exchange 2003 user now connects directly to the Exchange 2003 FE for there OWA connection.

Does this make sense? Basically, something you have configured is not correct. It could be the namespace / DNS change, or it could be the IIS authentication settings for OWA in Exchange 2003. Let us know what you have done and what you see within your environment.
0
Mohd_ShaikhCommented:
Hello,

This problem is related Exchange only.

Make sure that "Basic Authentication" option should be enabled in IIS.


Thank You!
0
Scott JohnstonIT Manager Author Commented:
OWA for 2003 works, but when I try OWA on the new Exchange it does not work.  I tried the 127.0.0.1 and got a error message "Your request could not be completed because no server with correct server settings was found to handle the request. If the problem continues contact your helpdesk."
0
Scott JohnstonIT Manager Author Commented:
Just ran a test for my exchange 2003 server OWA will only work if I use http it will not work using https, do I need to have a ssl on the old exchange?
0
Scott JohnstonIT Manager Author Commented:
It seems I am all screwed up, when I run the Remote connectivity analyzer, the server does not pass.
See inserted test results:  (Can I get some guidance please)

Exchange Web Services synchronization, notification, availability, and Automatic Replies.
  Not all tests of Exchange Web Services tasks completed.
 
 Test Steps
 
 The Microsoft Connectivity Analyzer is attempting to test Autodiscover for sjohnston@biotone.com.
  Testing Autodiscover failed.
 
 Test Steps
 
 Attempting each method of contacting the Autodiscover service.
  The Autodiscover service couldn't be contacted successfully by any method.
 
 Test Steps
 
 Attempting to test potential Autodiscover URL https://biotone.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
 
 Test Steps
 
 Attempting to resolve the host name biotone.com in DNS.
  The host name resolved successfully.
 
 Additional Details
 
 

 Testing TCP port 443 on host biotone.com to ensure it's listening and open.
  The port was opened successfully.

 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
 
 Test Steps
 
 The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server biotone.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
 Additional Details
  Remote Certificate Subject: CN=www.biotone.com, OU=Secure Link SSL, O=Biotone, STREET=4757 Old Cliffs Rd, L=San Diego, S=CA, PostalCode=92120, C=US, Issuer: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US.
 

 Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
 
 Additional Details
  Host name biotone.com doesn't match any name found on the server certificate CN=www.biotone.com, OU=Secure Link SSL, O=Biotone, STREET=4757 Old Cliffs Rd, L=San Diego, S=CA, PostalCode=92120, C=US.
 
 
 
 
 

 Attempting to test potential Autodiscover URL https://autodiscover.biotone.com/AutoDiscover/AutoDiscover.xml 
  Testing of this potential Autodiscover URL failed.
 
 Test Steps
 
 Attempting to resolve the host name autodiscover.biotone.com in DNS.
  The host name resolved successfully.
 
 Additional Details
  IP addresses returned: 68.168.111.44
 

 Testing TCP port 443 on host autodiscover.biotone.com to ensure it's listening and open.
  The port was opened successfully.

 Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
 
 Test Steps
 
 The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.biotone.com on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
 
 Additional Details
  Remote Certificate Subject: CN=www.biotone.com, OU=Secure Link SSL, O=Biotone, STREET=4757 Old Cliffs Rd, L=San Diego, S=CA, PostalCode=92120, C=US, Issuer: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US.
 

 Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
 
 Additional Details
  Host name autodiscover.biotone.com doesn't match any name found on the server certificate CN=www.biotone.com, OU=Secure Link SSL, O=Biotone, STREET=4757 Old Cliffs Rd, L=San Diego, S=CA, PostalCode=92120, C=US.
0
Scott JohnstonIT Manager Author Commented:
All of these answers helped, but I found that the SSL cert had a invalid entry!
oooooooppppps.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.