Solved

Unable to login to Outlook Web App - Exchange 2010

Posted on 2015-02-06
25
236 Views
Last Modified: 2015-02-09
hi guys,

I have a big problem which I've been unable to solve. We're on Exchange 2010 installed on Windows 2012.

When a user tries to log onto Outlook Web App internally, and they enter username/password, however it just keeps on going round and round in circles and never logs them in. It's very strange.

In the EMC, I have gone to 'Server Configuration'- and OUtlook Web App properties. The internal URL is set to our email server: https://emailserver.domain/owa


I don't know where to look and it seems like it has something to do with redirects?

I've attached screenshots.

Any would be great guys.

Thanks
Yashy
Outlook-web1.jpg
Outlook-web2.jpg
0
Comment
Question by:Yashy
  • 10
  • 5
  • 4
  • +4
25 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 40593781
Is this true for all users or only for one?

If it's just for one user, make sure they're accepting cookies from the OWA site.

If it's for all users, try rebuilding the OWA site.
0
 
LVL 4

Expert Comment

by:veera
ID: 40593820
Dear,

Try to add the exchange server ip address to trusted sites in the internet explorer and check
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40593872
Has this ever worked? Is it a new install? Just broken?
If just stopped working, what was done before hand in the day previous?
0
 
LVL 1

Author Comment

by:Yashy
ID: 40593878
It had worked, but I used to get a 403 forbidden. I've evidently broken the entire thing.

I've even tried removing the OWA virtual directory via the EMC and then recreatd it using this command:

New-OwaVirtualDirectory -InternalUrl 'https://<Server01><DomainName>/owa' -WebSiteName 'Default Web Site'

And even when I do that, without touching any settings in the actual IIS virtual directory settings, I can't login still.

Must settings be made in virtual directories from a fresh install for you to be able to login locally?
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 40593888
"Must settings be made in virtual directories from a fresh install for you to be able to login locally?"
No, but you should remove the old virtual directories before you re-create them.  My initial links show you how.

Once that's done, do you have an SSL certificate - public or self-signed - that you're using for secure access?  Is it possible you're getting an SSL or certificate error?  It's difficult to tell from your screen shots.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40593892
And have you done a full IISRESET since recreating ?
0
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 40593903
Have you tried entering the name in the form of domain\username
0
 
LVL 1

Author Comment

by:Yashy
ID: 40593961
Okay, guys here is what I have just done:

1. Remove-OwaVirtualDirectory -Identity 'Server01\owa (Default Web Site)'

Then I did a 'IISRESET /restart'. I can't do IISRESET /Noforce as it fails. I even restarted the World Wide Web Publishing Service for the sake of it.

2. New-OwaVirtualDirectory -InternalUrl 'https://<Server01><DomainName>/owa' -WebSiteName 'Default Web Site'

Again, after creating I did an IISRESET /restart.

I then went to the EMC, went to the Server COnfiguration and selected 'Client Access'. Right clicked onto Outlook web app to get the properties. In the internal URL section, there is 'https://servername.domain/owa
The external URL is blank for now.

For Authentication, I have selected 'User forms-based authentication' and clicked on 'username only' and selected our domain. Click OK.

Once again, I have done 'IISRESET /restart'.

I've opened up mozilla firefox browser, go to the web link for web app. I've entered the credentials for a user and all it says is 'this webpage isn't redirecting properly'.

I've attached screenshot.
Outlook-web-app-4.jpg
0
 
LVL 33

Expert Comment

by:paulmacd
ID: 40593976
"This problem can sometimes be caused by disabling or refusing to accept cookies."
0
 
LVL 1

Author Comment

by:Yashy
ID: 40594003
I enabled cookies! if i disable them I can't even get to the website.

This isn't cookies related, as I can't get into emails whether Chrome, IE or Mozilla.
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40594025
Please post the results of the following run in an exchange management shell.

Get-OwaVirtualDirectory | Select Name,Server, Internal*, External*, *Authentication
0
 
LVL 1

Author Comment

by:Yashy
ID: 40594049
When I try to put this precise command this is what I get at the moment.

The task wasn't able to connect to IIS on the server 'FCMKEXCH01.uk.fc.local'. Make sure that the server exists and can
 be reached from this computer: The RPC server is unavailable.
    + CategoryInfo          : ReadError: (FCMKEXCH01\owa (Default Web Site):ADObjectId) [Get-OwaVirtualDirectory], IIS
   NotReachableException
    + FullyQualifiedErrorId : 7C7E10C7,Microsoft.Exchange.Management.SystemConfigurationTasks.GetOwaVirtualDirectory
    + PSComputerName        : fcussrmail.us.fc.local



FCUSSRMAIL  :
ExternalUrl : https://mail.ourmaindomain.com/owa
InternalUrl : https://fccamexch02.uk.fc.local/owa





We do have multiple Exchanges in our environment and the 'FCMKEXCH01.uk.fc.local' is not the server I am trying to get to webmail. I am trying to get the server  FCUSSRMAIL working.

The server I am logged onto and trying to get webmail working is FCUSSRMAIL.us.fc.local. However, the error message says it is trying to connect to another server completely that is in our environment.

Could this be an auto discover issue? Or did the command that I ran need me to specify the server I am trying to obtain information from?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 150 total points
ID: 40594203
The ouput from....

Test-OutlookWebServices | fl

Please
0
 
LVL 1

Author Comment

by:Yashy
ID: 40594206
I just reposted above guys, as I realised I had to wait a while before it posted the results. I've edited my comment and posted again above NeilSr.

Neilsr - i will now do that you've asked and post that also.
0
 
LVL 1

Author Comment

by:Yashy
ID: 40594232
Here is what it posted back with:

WARNING: An unexpected error has occurred and a Watson dump is being generated: Failed to find the mailbox. Mailbox =
'extest_638aa79eeff04@us.fc.local'.
Failed to find the mailbox. Mailbox = 'extest_638aa79eeff04@us.fc.local'.
    + CategoryInfo          : NotSpecified: (:) [Test-OutlookWebServices], MailboxNotFoundException
    + FullyQualifiedErrorId : Microsoft.Exchange.Monitoring.MailboxNotFoundException,Microsoft.Exchange.Management.Sys
   temConfigurationTasks.TestOutlookWebServicesTask
    + PSComputerName        : fcussrmail.us.fc.local
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40594253
Sorry, I just noted that you said "We do have multiple Exchanges in our environment".

I assume that you mean that you have multiple exchange servers in the environment and not multiple exchanges.

Exchange only supports a singly Exchange Organisation in each AD Forest it is installed in.

Can I ask EXACTLY what changes had been made PRIOR to things breaking/stopping working?
0
 
LVL 1

Author Comment

by:Yashy
ID: 40594940
Okay, this is the situation. We have a forest, which is 'fc.local'.

We then have subdomains such as uk.fc.local, us.fc.local and hk.fc.local.

So within each of these domains there is an exchange server (s). That's all I meant.

The only changes I made was to the virtual directories as I was constantly getting a 403 forbidden error. But what I don't understand is why on earth it still doesn't work, even though I have tried numerous times to remove the owa virtual directory and reinstated again?
0
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 300 total points
ID: 40596288
Hey Yashy,

The reason you received this error.

The task wasn't able to connect to IIS on the server 'FCMKEXCH01.uk.fc.local'. Make sure that the server exists and can
  be reached from this computer: The RPC server is unavailable.

Is because the command you were given will poll every Exchange Server in your environment. To tweak Neilsr's command, to just pull information for one server, you would need to run.

Get-OwaVirtualDirectory -Server FCUSSRMAIL | Select Name,Server, Internal*, External*, *Authentication

However, I am curious. You mentioned this worked and then suddenly stopped. Although this was still a relatively new install right? I am trying to catch up on all the activity in the thread -- sorry! Is this a single server in this site? Or are you doing any kind of load balancing of Exchange or any kind of reverse proxy? Normally when I see these errors it is an incorrectly configured load balancer/proxy. Just want to rule that out.

The other thing I wanted to check on is this. What version of Exchange 2010? I am assuming SP3? And what version of the OS? Because Exchange will not work correctly on 2012 R2. So, I just want to make sure this is 2012 RTM.

Lastly, what version is your domain/forest functional level?
0
 
LVL 1

Author Comment

by:Yashy
ID: 40596926
Hey Gareth,

I just ran that command and this is what it gives out:

Name                          : owa (Default Web Site)
Server                        : FCUSSRMAIL
InternalAuthenticationMethods : {Basic, Fba}
InternalUrl                   : https://fcussrmail.us.fc.local/owa
ExternalUrl                   :
ExternalAuthenticationMethods : {Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False


I have the following build: Version 14.3 (Build 123.4)

So it's Exchange 2010 on Windows 2012, nor R2.


The functional level is 2008 I believe.

And yes, basically the thing I must have messed up was the virtual directory settings. And now even though I rebuilt it, still doesn't work.

Any ideas? Thanks again for your help on this

Yashy
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40596943
Just to confirm. No load balancing or reverse proxy right?

Hmm. Out of the box Integrated Windows Authentication is turned on. Let's get you back to the out of the box setting.

Set-OWAVirtualDirectory -Identity "owa (Default Web Site)" -WindowsAuthentication $true

Open in new window


Then rerun Get-OwaVirtualDirectory -Server FCUSSRMAIL | Select Name,Server, Internal*, External*, *Authentication

Then do an IISRESET. And retest OWA.
0
 
LVL 1

Author Comment

by:Yashy
ID: 40597387
Hey Gareth,

There's no load balancing or reverse proxy.

And I did everything above in the hope that it would be a miracle and still the IE, Mozilla and Chrome come back with the same messages as before. In IE, the wheel at the top keeps spinning as if it is trying to load a page but just sits there forever. Chrome and mozilla are the only two that come back with responses and both seem to be related to some sort of redirect issue?

Now, if I type the wrong password for that account then it works as it should (i.e. by needing you to re-enter the credentials).
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40597431
Ok. I'm not sure if this was asked before. But are all your Exchange Services started? Can you connect okay with an Outlook client?

Any errors in the Event Logs in Application Logs?
0
 
LVL 19

Assisted Solution

by:Adam Farage
Adam Farage earned 50 total points
ID: 40597618
This is getting confusing fast, so I have a few questions to piggy back good old Gareth up there..

1) How many Exchange servers are here, how are the setup and what AD site are they located within ?
2) Your changes are within Exchange right, not IIS?

What it sounds like from all of this is that the CAS is trying to redirect the OWA connection to another CAS, which is what I am a bit confused about. CAS Authentication should be set to the same, and if its Exchange 2010 > Exchange 2010 or Exchange 2010 > Exchange 2007 it should be FBA (forms based authentication). You can use IWA (Integrated Windows Auth) but that may cause issues when redirecting (as you cannot do silent redirection, or if you have FBA on the source and IWA on the target it may puke on itself).
0
 
LVL 1

Author Comment

by:Yashy
ID: 40598837
I want to kill myself....it was because the 'default website' section (regardless of my removal and addition) decided to keep the redirect as https://fcussrmail.uk.fc.local/owa. It is supposed to be 'us.fc.local'!! Unbelievable. And thank you guys again for your input, means a lot.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40598962
Glad to help!
0

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now