OWA 2007 is not working for one user. After checking the OWA properties, found no issues with the exch side.
1. As soon as i set the "Log On to" this computer option in AD for that particular user.OWA not working. 2. Tried for other users as well for testing, setting up the above option in AD, makes the OWA authentication fails. 3. In OWA, it wont through any specific error, just says username/password incorrect. 4. No proplem with MAPI.
"Log On To" this computer option in AD should not affect OWA authentication
Actually setting this DOES affect everything! A little AD lesson...
"Log on to" settings on a user account in active directory restrict which machine a user can AUTHENTICATE from. This means the user will be able to only log onto active directory from the specified machines!
Your solution is simple...Take off the workstation restriction OR inform the user that he\she may only log onto OWA from the specified computer. They will NOT be able to log into OWA from any other machine in the world (even from home, which defeats the purpose!)
_____________________________
Ibrahim Benna - Microsoft Exchange MVP Forum Moderator Navantis
First, On the restricted computer also, OWA is not working and also in public.
Secondly, This option is specific for AD normally we use this option to restrict certain users for specific PC, it should not affect the OWA login..
I tried digging into this in detail, on the permission perspective also, the user security entities also getting inherited, no explicit changes haapen in the security after setting up the Log On to Settings. So there is no break up in terms of secuirty validation.
There must be an alternate way, for making OWA work. Strange that im not able to find any piece of info about this.. in internet..
I ran into this problem myself and found a simple solution. For starters I experienced the same issue. Most of our users are locked down in AD via the "Log On To" tab. This way we can make sure the only PC they can log onto is their own without having to over complicate GPO and local rights etc. However as you described if the only PC they can log onto is their own then OWA does not function correctly, IE they can’t log on from other computers etc. Well to solve this for now I simply added the hostnames of all my CAS servers into each users "Log On To" field. Being this is repetitive you could simply script this to fix old accounts or make sure it’s part of your process moving forward. Once in place my users where then able to log into OWA from any PC or device etc. Now if you're worried about security I wouldn’t be too concerned. Default AD Users can obviously log into any PC they want, and now just their own and technically my CAS servers. However my CAS servers are in a locked server room, locked rack, with no keyboard or monitor etc. If Joe User could pick 2 locks and figure out how to get keyboard and mouse to my CAS server without getting caught on TV then more power to him. Of course the CAS servers are hardened from any network based remote features like RDP etc. Also side note Domain Users naturally get local logon rights to all boxes joined to the domain. Removing said nesting of Domain Users from local users on my exchange servers broke all exchange functionality for them. I haven’t cared enough to see if one could remove all abilities of domain Users from being able to physically log on locally to the Exchange Servers if they happened to get access to the server room. If someone has solved that issue I would love to hear it.
I've had some users have problems accessing OWA too at some point or another; usually getting a 500 error or something. The solution I found was to go into the security properties of their user account in ADU&C, choose the advanced button, and ensure that the 'Include inheritable permissions from this object's parent' is selected.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> OWA 2007 not working for One User 
OWA 2007 not working for One User - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
