• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA 2007 not working for One User

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> OWA 2007 not working for One User Page: [1]
Login
Message << Older Topic   Newer Topic >>
OWA 2007 not working for One User - 1.Sep.2010 1:19:15 PM   
logu_microsoft

 

Posts: 5
Joined: 4.Dec.2006
Status: offline
Hi Friends,

OWA 2007 is not working for one user. After checking the OWA properties, found no issues with the exch side.

1. As soon as i set the "Log On to" this computer option in AD for that particular user.OWA not working.
2. Tried for other users as well for testing, setting up the above option in AD, makes the OWA authentication fails.
3. In OWA, it wont through any specific error, just says username/password incorrect.
4. No proplem with MAPI.

"Log On To" this computer option in AD should not affect OWA authentication

Please advice

Thanks in adv
Logan
Post #: 1
RE: OWA 2007 not working for One User - 1.Sep.2010 2:20:02 PM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Actually setting this DOES affect everything! A little AD lesson...

"Log on to" settings on a user account in active directory restrict which machine a user can AUTHENTICATE from. This means the user will be able to only log  onto active directory from the specified machines!

Your solution is simple...Take off the workstation restriction OR inform the user that he\she may only log onto OWA from the specified computer. They will NOT be able to log into OWA from any other machine in the world (even from home, which defeats the purpose!)

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to logu_microsoft)
Post #: 2
RE: OWA 2007 not working for One User - 2.Sep.2010 12:30:31 PM   
logu_microsoft

 

Posts: 5
Joined: 4.Dec.2006
Status: offline
Thanks for the reply.....

Yes... This option is specific to AD.

First, On the restricted computer also, OWA is not working and also in public.

Secondly, This option is specific for AD normally we use this option to restrict certain users for specific PC, it should not affect the OWA login..

I tried digging into this in detail, on the permission perspective also, the user security entities also getting inherited, no explicit changes haapen in the security after setting up the Log On to Settings. So there is no break up in terms of secuirty validation.

There must be an alternate way, for making OWA work. Strange that im not able to find any piece of info about this.. in internet..

Thanks in deed.

Logan

(in reply to de.blackman)
Post #: 3
RE: OWA 2007 not working for One User - 2.Sep.2010 12:39:43 PM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
I have given you the reason why it is not working and unfortunately there is NO way out of it! It is what it is and that's how it works!

But good luck to you trying to find a solution...

< Message edited by de.blackman -- 2.Sep.2010 2:53:45 PM >


_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to logu_microsoft)
Post #: 4
RE: OWA 2007 not working for One User - 1.Feb.2012 4:35:03 PM   
Tropworld

 

Posts: 1
Joined: 1.Feb.2012
Status: offline
I ran into this problem myself and found a simple solution. For starters I experienced the same issue. Most of our users are locked down in AD via the "Log On To" tab. This way we can make sure the only PC they can log onto is their own without having to over complicate GPO and local rights etc. However as you described if the only PC they can log onto is their own then OWA does not function correctly, IE they canít log on from other computers etc. Well to solve this for now I simply added the hostnames of all my CAS servers into each users "Log On To" field. Being this is repetitive you could simply script this to fix old accounts or make sure itís part of your process moving forward. Once in place my users where then able to log into OWA from any PC or device etc. Now if you're worried about security I wouldnít be too concerned. Default AD Users can obviously log into any PC they want, and now just their own and technically my CAS servers. However my CAS servers are in a locked server room, locked rack, with no keyboard or monitor etc. If Joe User could pick 2 locks and figure out how to get keyboard and mouse to my CAS server without getting caught on TV then more power to him. Of course the CAS servers are hardened from any network based remote features like RDP etc. Also side note Domain Users naturally get local logon rights to all boxes joined to the domain. Removing said nesting of Domain Users from local users on my exchange servers broke all exchange functionality for them. I havenít cared enough to see if one could remove all abilities of domain Users from being able to physically log on locally to the Exchange Servers if they happened to get access to the server room. If someone has solved that issue I would love to hear it.

(in reply to de.blackman)
Post #: 5
RE: OWA 2007 not working for One User - 7.Feb.2012 3:37:37 PM   
Ytsejamer1

 

Posts: 135
Joined: 3.Jun.2010
Status: offline
I've had some users have problems accessing OWA too at some point or another; usually getting a 500 error or something. The solution I found was to go into the security properties of their user account in ADU&C, choose the advanced button, and ensure that the 'Include inheritable permissions from this object's parent' is selected.

(in reply to Tropworld)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> OWA 2007 not working for One User Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter