Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Help! Disabling OWA seems to be a one way street!
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 11:22:30 AM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
I run Exchange 2003, on a single server site.
Most users can use OWA without incident. However, I disabled it for some users owing to security issues. I disabled it using AD U&C -> Exchange Tasks for each user.
Now, I try and re-enable it for a specific user, and AD U&C says it is reenabled. However, the user can still not connect via OWA.
I tested this too. I did the following:
1. Create account.
2. Gain access via OWA.
3. Disable OWA using AD U&C
4. Attempt to gain access via OWA. FAIL
5. Re-enable OWA using AD U&C
6. Attempt to gain access via OWA. ???
Well, if I do the above, I fail at 6 as well. Surely that should be a pass?
What am I missing here?
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 11:40:47 AM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
It might simply be the case that your AD hasn't replicated yet, but if you have waited more that say, 20 mins, then it probably isn't that. It depends on the complexity of your domain. The first thing I would try is to empty the browser cache, and delete all cookies related to that server. Maybe try it from a different computer.
_____________________________
Lee.
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 11:43:35 AM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
Hi,
I waited over a weekend so its not a replication issue. Also, it happens on any PC I try.
Thanks for the suggestions though!
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 11:49:07 AM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
How about stop/starting IIS?
_____________________________
Lee.
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 12:14:46 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
Tried that, also tried restarting the mail server.
At the moment, the only way of reactivating it is to delete the user account, then recreate it. As you can imagine I am loathe to do that...
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 12:23:03 PM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
I just tried it here with my own account. I got 403 - Forbidden for a very long time, and I thought mine was broken too. I stopped/started the Information Store, and then it was working again. Of course, it might be a coincidence, but it might be worth another try there?
_____________________________
Lee.
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 12:36:48 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
Still no joy I'm afraid. I have never got a 403 error though. It just says:
You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again.
I know the password is ok, because it is the same one I used before I disabled OWA.
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 12:46:15 PM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
Sounds like a different kind of error. Maybe the account is locked out. Unless it's your own?
_____________________________
Lee.
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 12:55:06 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
No there's nothing wrong with any accounts. The users can log on and access their email using Outlook without a problem. The problem only arises when they use OWA.
Incidently, that is the message I get on all users who have OWA disabled. I had always assumed that that was standard OWA behavior. IE rather than saying "OWA is disabled" it just says that you have entered an incorrect username or password.
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 12:59:45 PM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
Mine says
HTTP/1.0 403 Forbidden
when I try it here.
Do you have SSL on your Exchange VDir? How about FBA?
_____________________________
Lee.
___________________________________
Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 1:12:09 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
Yes on both counts.
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 1:19:36 PM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
Same here. I wonder why there is a difference? Can you paste the part of your IIS log that is written when you try to use it?
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 1:51:59 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
This is the events generated from a single logon attempt by user johndoe
(All IPs have been changed...)
2006-01-16 12:47:09 W3SVC1 192.168.1.3 GET /exchweb/bin/auth/owalogon.asp url=https://212.123.123.212:444/exchange&reason=0 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
2006-01-16 12:47:12 W3SVC1 192.168.1.3 GET /exchange - 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 2 2148074254
2006-01-16 12:47:12 W3SVC1 192.168.1.3 GET /exchweb/bin/auth/owalogon.asp url=https://212.123.123.212:444/exchange&reason=0 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
2006-01-16 12:47:23 W3SVC1 192.168.1.3 POST /exchweb/bin/auth/owaauth.dll - 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
2006-01-16 12:47:23 W3SVC1 192.168.1.3 GET /exchange - 444 johndoe 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 5 0
2006-01-16 12:47:23 W3SVC1 192.168.1.3 GET /exchweb/bin/auth/owalogon.asp url=https://212.123.123.212:444/exchange&reason=2 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
Hope that helps. Thanks for the help by the way.
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 1:53:36 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
Incidently it uses 444 for SSL because another ssl server service uses 443 on our firewall.
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 2:02:11 PM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
The 401 response just looks like a normal logon failure. I'm not sure why one has subcode 2, and the other has 5. Have you tried logging in with domain\johndoe, instead of just johndoe ?
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 2:23:27 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
2006-01-16 13:20:08 W3SVC1 192.168.1.3 GET /exchange - 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 2 2148074254
2006-01-16 13:20:08 W3SVC1 192.168.1.3 GET /exchweb/bin/auth/owalogon.asp url=https://212.123.123.212:444/exchange&reason=0 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
2006-01-16 13:20:22 W3SVC1 192.168.1.3 POST /exchweb/bin/auth/owaauth.dll - 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
2006-01-16 13:20:22 W3SVC1 192.168.1.3 GET /exchange - 444 mydomain\johndoe 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 5 0
2006-01-16 13:20:22 W3SVC1 192.168.1.3 GET /exchweb/bin/auth/owalogon.asp url=https://212.123.123.212:444/exchange&reason=2 444 - 212.123.123.212 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
Thats what happens when I specify the domain; the same.
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 2:27:27 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
Finally, if I type in a non-existent username, I get this:
2006-01-16 13:25:12 W3SVC1 192.168.1.3 GET /exchange - 444 - 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 2 2148074254
2006-01-16 13:25:12 W3SVC1 192.168.1.3 GET /exchweb/bin/auth/owalogon.asp url=https://213.123.123.213:444/exchange&reason=0 444 - 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
2006-01-16 13:25:19 W3SVC1 192.168.1.3 POST /exchweb/bin/auth/owaauth.dll - 444 - 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
2006-01-16 13:25:19 W3SVC1 192.168.1.3 GET /exchange - 444 workdammit 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 1 1332
2006-01-16 13:25:19 W3SVC1 192.168.1.3 GET /exchweb/bin/auth/owalogon.asp url=https://213.123.123.213:444/exchange&reason=2 444 - 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 200 0 0
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 2:54:49 PM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
The 401-1 for the non-existent user is exactly what you'd expect. The 401-5 is a puzzle. This means Unauthorized failed by ISAPI/CGI app (which is OWA, of course). The 401-2 at the beginning is just FBA stepping in when you first access /Exchange, and directing you to logon.asp (the FBA form).
Is there anything in the Event logs, or any services not running that are set for Automatic?
Can you turn off FBA for a few minutes, and see if you can log in?
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 3:54:35 PM
|
|
|
SunnyByfleet
Posts: 36
Joined: 16.Feb.2004
From: UK
Status: offline
|
This is johndoe with FBA disabled. In this case, I just get a username/password dialog, which fails for johndoe but lets ordinary users who never had OWA disabled in fine.
2006-01-16 14:50:01 W3SVC1 192.168.1.3 GET /exchange - 444 - 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 2 2148074254
2006-01-16 14:50:16 W3SVC1 192.168.1.3 GET /exchange - 444 - 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 1 0
2006-01-16 14:50:16 W3SVC1 192.168.1.3 GET /exchange - 444 mydomain\johndoe 213.123.123.213 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) 401 5 0
|
|
|
|
|
RE: Help! Disabling OWA seems to be a one way street! - 16.Jan.2006 4:08:56 PM
|
|
|
leederbyshire
Posts: 974
Joined: 4.Jan.2006
Status: offline
|
Anything written to any of the event logs when you try to use it?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
