[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 720
  • Last Modified:

Unable to login to Outlook Web App - Exchange 2010

hi guys,

I have a big problem which I've been unable to solve. We're on Exchange 2010 installed on Windows 2012.

When a user tries to log onto Outlook Web App internally, and they enter username/password, however it just keeps on going round and round in circles and never logs them in. It's very strange.

In the EMC, I have gone to 'Server Configuration'- and OUtlook Web App properties. The internal URL is set to our email server: https://emailserver.domain/owa


I don't know where to look and it seems like it has something to do with redirects?

I've attached screenshots.

Any would be great guys.

Thanks
Yashy
Outlook-web1.jpg
Outlook-web2.jpg
0
Yashy
Asked:
Yashy
  • 10
  • 5
  • 4
  • +4
3 Solutions
 
Paul MacDonaldDirector, Information SystemsCommented:
Is this true for all users or only for one?

If it's just for one user, make sure they're accepting cookies from the OWA site.

If it's for all users, try rebuilding the OWA site.
0
 
veeraCommented:
Dear,

Try to add the exchange server ip address to trusted sites in the internet explorer and check
0
 
Neil RussellTechnical Development LeadCommented:
Has this ever worked? Is it a new install? Just broken?
If just stopped working, what was done before hand in the day previous?
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
YashyAuthor Commented:
It had worked, but I used to get a 403 forbidden. I've evidently broken the entire thing.

I've even tried removing the OWA virtual directory via the EMC and then recreatd it using this command:

New-OwaVirtualDirectory -InternalUrl 'https://<Server01><DomainName>/owa' -WebSiteName 'Default Web Site'

And even when I do that, without touching any settings in the actual IIS virtual directory settings, I can't login still.

Must settings be made in virtual directories from a fresh install for you to be able to login locally?
0
 
Paul MacDonaldDirector, Information SystemsCommented:
"Must settings be made in virtual directories from a fresh install for you to be able to login locally?"
No, but you should remove the old virtual directories before you re-create them.  My initial links show you how.

Once that's done, do you have an SSL certificate - public or self-signed - that you're using for secure access?  Is it possible you're getting an SSL or certificate error?  It's difficult to tell from your screen shots.
0
 
Neil RussellTechnical Development LeadCommented:
And have you done a full IISRESET since recreating ?
0
 
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Have you tried entering the name in the form of domain\username
0
 
YashyAuthor Commented:
Okay, guys here is what I have just done:

1. Remove-OwaVirtualDirectory -Identity 'Server01\owa (Default Web Site)'

Then I did a 'IISRESET /restart'. I can't do IISRESET /Noforce as it fails. I even restarted the World Wide Web Publishing Service for the sake of it.

2. New-OwaVirtualDirectory -InternalUrl 'https://<Server01><DomainName>/owa' -WebSiteName 'Default Web Site'

Again, after creating I did an IISRESET /restart.

I then went to the EMC, went to the Server COnfiguration and selected 'Client Access'. Right clicked onto Outlook web app to get the properties. In the internal URL section, there is 'https://servername.domain/owa
The external URL is blank for now.

For Authentication, I have selected 'User forms-based authentication' and clicked on 'username only' and selected our domain. Click OK.

Once again, I have done 'IISRESET /restart'.

I've opened up mozilla firefox browser, go to the web link for web app. I've entered the credentials for a user and all it says is 'this webpage isn't redirecting properly'.

I've attached screenshot.
Outlook-web-app-4.jpg
0
 
Paul MacDonaldDirector, Information SystemsCommented:
"This problem can sometimes be caused by disabling or refusing to accept cookies."
0
 
YashyAuthor Commented:
I enabled cookies! if i disable them I can't even get to the website.

This isn't cookies related, as I can't get into emails whether Chrome, IE or Mozilla.
0
 
Neil RussellTechnical Development LeadCommented:
Please post the results of the following run in an exchange management shell.

Get-OwaVirtualDirectory | Select Name,Server, Internal*, External*, *Authentication
0
 
YashyAuthor Commented:
When I try to put this precise command this is what I get at the moment.

The task wasn't able to connect to IIS on the server 'FCMKEXCH01.uk.fc.local'. Make sure that the server exists and can
 be reached from this computer: The RPC server is unavailable.
    + CategoryInfo          : ReadError: (FCMKEXCH01\owa (Default Web Site):ADObjectId) [Get-OwaVirtualDirectory], IIS
   NotReachableException
    + FullyQualifiedErrorId : 7C7E10C7,Microsoft.Exchange.Management.SystemConfigurationTasks.GetOwaVirtualDirectory
    + PSComputerName        : fcussrmail.us.fc.local



FCUSSRMAIL  :
ExternalUrl : https://mail.ourmaindomain.com/owa
InternalUrl : https://fccamexch02.uk.fc.local/owa





We do have multiple Exchanges in our environment and the 'FCMKEXCH01.uk.fc.local' is not the server I am trying to get to webmail. I am trying to get the server  FCUSSRMAIL working.

The server I am logged onto and trying to get webmail working is FCUSSRMAIL.us.fc.local. However, the error message says it is trying to connect to another server completely that is in our environment.

Could this be an auto discover issue? Or did the command that I ran need me to specify the server I am trying to obtain information from?
0
 
Neil RussellTechnical Development LeadCommented:
The ouput from....

Test-OutlookWebServices | fl

Please
0
 
YashyAuthor Commented:
I just reposted above guys, as I realised I had to wait a while before it posted the results. I've edited my comment and posted again above NeilSr.

Neilsr - i will now do that you've asked and post that also.
0
 
YashyAuthor Commented:
Here is what it posted back with:

WARNING: An unexpected error has occurred and a Watson dump is being generated: Failed to find the mailbox. Mailbox =
'extest_638aa79eeff04@us.fc.local'.
Failed to find the mailbox. Mailbox = 'extest_638aa79eeff04@us.fc.local'.
    + CategoryInfo          : NotSpecified: (:) [Test-OutlookWebServices], MailboxNotFoundException
    + FullyQualifiedErrorId : Microsoft.Exchange.Monitoring.MailboxNotFoundException,Microsoft.Exchange.Management.Sys
   temConfigurationTasks.TestOutlookWebServicesTask
    + PSComputerName        : fcussrmail.us.fc.local
0
 
Neil RussellTechnical Development LeadCommented:
Sorry, I just noted that you said "We do have multiple Exchanges in our environment".

I assume that you mean that you have multiple exchange servers in the environment and not multiple exchanges.

Exchange only supports a singly Exchange Organisation in each AD Forest it is installed in.

Can I ask EXACTLY what changes had been made PRIOR to things breaking/stopping working?
0
 
YashyAuthor Commented:
Okay, this is the situation. We have a forest, which is 'fc.local'.

We then have subdomains such as uk.fc.local, us.fc.local and hk.fc.local.

So within each of these domains there is an exchange server (s). That's all I meant.

The only changes I made was to the virtual directories as I was constantly getting a 403 forbidden error. But what I don't understand is why on earth it still doesn't work, even though I have tried numerous times to remove the owa virtual directory and reinstated again?
0
 
Gareth GudgerCommented:
Hey Yashy,

The reason you received this error.

The task wasn't able to connect to IIS on the server 'FCMKEXCH01.uk.fc.local'. Make sure that the server exists and can
  be reached from this computer: The RPC server is unavailable.

Is because the command you were given will poll every Exchange Server in your environment. To tweak Neilsr's command, to just pull information for one server, you would need to run.

Get-OwaVirtualDirectory -Server FCUSSRMAIL | Select Name,Server, Internal*, External*, *Authentication

However, I am curious. You mentioned this worked and then suddenly stopped. Although this was still a relatively new install right? I am trying to catch up on all the activity in the thread -- sorry! Is this a single server in this site? Or are you doing any kind of load balancing of Exchange or any kind of reverse proxy? Normally when I see these errors it is an incorrectly configured load balancer/proxy. Just want to rule that out.

The other thing I wanted to check on is this. What version of Exchange 2010? I am assuming SP3? And what version of the OS? Because Exchange will not work correctly on 2012 R2. So, I just want to make sure this is 2012 RTM.

Lastly, what version is your domain/forest functional level?
0
 
YashyAuthor Commented:
Hey Gareth,

I just ran that command and this is what it gives out:

Name                          : owa (Default Web Site)
Server                        : FCUSSRMAIL
InternalAuthenticationMethods : {Basic, Fba}
InternalUrl                   : https://fcussrmail.us.fc.local/owa
ExternalUrl                   :
ExternalAuthenticationMethods : {Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False


I have the following build: Version 14.3 (Build 123.4)

So it's Exchange 2010 on Windows 2012, nor R2.


The functional level is 2008 I believe.

And yes, basically the thing I must have messed up was the virtual directory settings. And now even though I rebuilt it, still doesn't work.

Any ideas? Thanks again for your help on this

Yashy
0
 
Gareth GudgerCommented:
Just to confirm. No load balancing or reverse proxy right?

Hmm. Out of the box Integrated Windows Authentication is turned on. Let's get you back to the out of the box setting.

Set-OWAVirtualDirectory -Identity "owa (Default Web Site)" -WindowsAuthentication $true

Open in new window


Then rerun Get-OwaVirtualDirectory -Server FCUSSRMAIL | Select Name,Server, Internal*, External*, *Authentication

Then do an IISRESET. And retest OWA.
0
 
YashyAuthor Commented:
Hey Gareth,

There's no load balancing or reverse proxy.

And I did everything above in the hope that it would be a miracle and still the IE, Mozilla and Chrome come back with the same messages as before. In IE, the wheel at the top keeps spinning as if it is trying to load a page but just sits there forever. Chrome and mozilla are the only two that come back with responses and both seem to be related to some sort of redirect issue?

Now, if I type the wrong password for that account then it works as it should (i.e. by needing you to re-enter the credentials).
0
 
Gareth GudgerCommented:
Ok. I'm not sure if this was asked before. But are all your Exchange Services started? Can you connect okay with an Outlook client?

Any errors in the Event Logs in Application Logs?
0
 
Adam FarageEnterprise ArchCommented:
This is getting confusing fast, so I have a few questions to piggy back good old Gareth up there..

1) How many Exchange servers are here, how are the setup and what AD site are they located within ?
2) Your changes are within Exchange right, not IIS?

What it sounds like from all of this is that the CAS is trying to redirect the OWA connection to another CAS, which is what I am a bit confused about. CAS Authentication should be set to the same, and if its Exchange 2010 > Exchange 2010 or Exchange 2010 > Exchange 2007 it should be FBA (forms based authentication). You can use IWA (Integrated Windows Auth) but that may cause issues when redirecting (as you cannot do silent redirection, or if you have FBA on the source and IWA on the target it may puke on itself).
0
 
YashyAuthor Commented:
I want to kill myself....it was because the 'default website' section (regardless of my removal and addition) decided to keep the redirect as https://fcussrmail.uk.fc.local/owa. It is supposed to be 'us.fc.local'!! Unbelievable. And thank you guys again for your input, means a lot.
0
 
Gareth GudgerCommented:
Glad to help!
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 10
  • 5
  • 4
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now