• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA (E2K) will only let Administrators log in

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> General >> OWA (E2K) will only let Administrators log in Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
OWA (E2K) will only let Administrators log in - 7.Nov.2001 4:17:00 PM   
Steve0212

 

Posts: 3
Joined: 7.Nov.2001
Status: offline
I have a unique problem that I could not find on Microsoft's support
site - only administrators can log in.

I fixed the obvious problem of the "log on locally" right. I have
placed a text file on the web server and can successfully log in to
get that with the same user id so I know the right is set properly.

I cannot even log on to the OWA server from IE on the server itself
unless it is an admin account. I believe the problem is rights on
the files in the exchsrvr directory. I do not know what they are,
but the rights do not look right. If someone could post what their
rights are set to on an OWA server that is functional, I would
greatly appreciate it.

Has anyone else seen this?

TIA
Steve

Post #: 1
RE: OWA (E2K) will only let Administrators log in - 7.Nov.2001 4:55:00 PM   
zulea

 

Posts: 3
Joined: 7.Nov.2001
From: Wisconsin - USA
Status: offline
I am having the same problem and actually just posted basically the same post you did about 10 minutes before you. Glad to see that I am not going crazy. Hopefully one of us can get an answer that will take care of this.

Kevin


(in reply to Steve0212)
Post #: 2
RE: OWA (E2K) will only let Administrators log in - 7.Nov.2001 5:05:00 PM   
Lander215

 

Posts: 11
Joined: 6.Nov.2001
Status: offline
Are you restricting the non-Admins to only log on to a specific computer? If so, then OWA won't work unless they are on the computer specified in the ADUC for that user.

(in reply to Steve0212)
Post #: 3
RE: OWA (E2K) will only let Administrators log in - 7.Nov.2001 8:41:00 PM   
zulea

 

Posts: 3
Joined: 7.Nov.2001
From: Wisconsin - USA
Status: offline
Steve,
I have a some progress but not a complete fix. I created a Local Grooup on the IIS/OWA Member Server. Added the Global Group from the Domain into that Group then gave that local group permissions to the whole exchsrvr directory structure. Now I can get the first Password box to pass me to the Gold sign on screen and that passes me to teh next password box that has the users name already filled in. Its that last box that won't let me in. I get the
"Failed to connect to the Microsoft Exchange Server, (<servername> )" error. I tried the two Technet articles about it and so far no luck. Q247085 and Q178511
Hope this helps.

Kevin


(in reply to Steve0212)
Post #: 4
RE: OWA (E2K) will only let Administrators log in - 8.Nov.2001 8:07:00 PM   
Steve0212

 

Posts: 3
Joined: 7.Nov.2001
Status: offline
I am at a complete loss. I have tried everything I can think of to get this to work. I actually end up getting a 401.3 error in the browser (access denied by ACL). I tried turning on auditing on the drives to see what was failing. Nothing appeared (I did have auditing configured correctly as I could see successful file retrievals).

The users are not restricted to certain machines. I can log on to the web server and access everything except for Exchange. I can access the root directory, other virtual directories, etc.

AARRGGHH!


(in reply to Steve0212)
Post #: 5
RE: OWA (E2K) will only let Administrators log in - 8.Nov.2001 9:01:00 PM   
Lander215

 

Posts: 11
Joined: 6.Nov.2001
Status: offline
That is strange, because I did a "default" install, and after I turned off the computer restrictions in the ADUC for the users, they could log onto the Exchange servers OWA.

What error are you getting? Do you get the log in screen even?


(in reply to Steve0212)
Post #: 6
RE: OWA (E2K) will only let Administrators log in - 9.Nov.2001 2:16:00 AM   
Steve0212

 

Posts: 3
Joined: 7.Nov.2001
Status: offline
I am not confident that all of the file permissions are default. When I open the /exchange URL, I get prompted for a password from the browser (not a logon form) as IIS is setup to only use Windows Authentication. After three unsuccessfull attempts to logon, I get a "401.3 - Access denied by ACL" error message.

(in reply to Steve0212)
Post #: 7
RE: OWA (E2K) will only let Administrators log in - 13.Dec.2001 11:08:00 PM   
dstavneak

 

Posts: 1
Joined: 13.Dec.2001
Status: offline
Has anyone had any luck fixing this? I have the exact same problem.

(in reply to Steve0212)
Post #: 8
RE: OWA (E2K) will only let Administrators log in - 13.Dec.2001 11:27:00 PM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Hi!

Users need to have the right to:

a) Log on locally
b) Access this computer from the network

Define these settings at Start->Administrative tools->Local security settings->Local policies->User rights assignment.

See also MS Q261228 and Q248486.

Regards,

Johan


(in reply to Steve0212)
Post #: 9
RE: OWA (E2K) will only let Administrators log in - 14.Dec.2001 8:00:00 AM   
v_r_ray

 

Posts: 1
Joined: 14.Dec.2001
Status: offline
Hi there,
Do you have proxy there.
I read some message said that "Integrated Windows authentication" may not pass thur proxy server,
beware if you have one there, you should allow "Basic authentication" too.

(in reply to Steve0212)
Post #: 10
RE: OWA (E2K) will only let Administrators log in - 14.Dec.2001 10:12:00 AM   
jonbush1

 

Posts: 40
Joined: 14.Sep.2001
From: Bristol, UK
Status: offline
as Johan mentioned, make sure you have user rights to log on locally to both the exchange box, and the web server.

I had this issue, and this fixed it.

jon.


(in reply to Steve0212)
Post #: 11
RE: OWA (E2K) will only let Administrators log in - 18.Dec.2001 3:36:00 AM   
Guest
I have this same problem as well. I'm using basic authentication with a default domain setup. All relevant policies have been checked. (They were already this way by default) No proxy server either as I'm running IE from the mail machine.

No matter what I do I end up with a:

Error: Access is Denied.

message.

Log from IIS looks like this:

2001-12-18 01:33:05 <client ip> <domain name>\<username> <server ip> 80 GET /exchange - 401 Mozilla/4.0+(compatible;+MSIE+5.5;+Windows+NT+5.0)

Any other ideas out there? I've reinstalled Exchange 2000 twice as well without any luck.


(in reply to Steve0212)
  Post #: 12
RE: OWA (E2K) will only let Administrators log in - 18.Dec.2001 10:32:00 AM   
pankaj

 

Posts: 38
Joined: 11.Sep.2001
Status: offline
try using different version of ie like 4.0,5.0,5.5,6.0.
did user mailbox has right for http

regards
pankaj


(in reply to Steve0212)
Post #: 13
RE: OWA (E2K) will only let Administrators log in - 18.Dec.2001 3:15:00 PM   
IntaDev

 

Posts: 5
Joined: 15.Dec.2001
From: Japan
Status: offline
This seems to be a frequent problem with Exchange/OWA.

I have a very similar problem that occoured after I crearted a new exchange server (totally fresh install) and moved some users mailboxes over to it.
Nothing I try will get me access to the mailboxes. I have verified all the settings (that I know of) against the Old server and they are the same. I think the key point is there is no consise reference/check list of what needs to exist on order for OWA to function.

Perhaps some kind person could post a listing of ALL the required settings for OWA to work corretly.
1) Permissions
2) registry
3) IIS Config
4) Required DLLS.
5) Anything else.

In the end its just a web server so there should be some way to debug.


(in reply to Steve0212)
Post #: 14
RE: OWA (E2K) will only let Administrators log in - 18.Dec.2001 4:50:00 PM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Hi, all of you!

Follow up with some other issues (apart from setting the appropriate policies):

If you host multiple e-mail domains, e.g. firstdomain.com and seconddomain.com, users MUST have a valid e-mail address for the same domain as OWA uses! Sounds complicated? Well, this is what I mean.

Assume you set up the Exchange server to host accounts for “firstdomain.com”. Users will have addresses like joe@firstdomain.com. OWA is accessed by www.firstdomain.com/exchange (or something). Now suppose your company would like to host mail for “seconddomain.com”. You add the appropriate recipient policy and users can send and receive e-mail just as usual. Everything is fine. BUT, if a particular user ONLY has an address for the other domain, e.g. john@seconddomain.com, this user will NOT be able to access OWA from www.firstdomain.com. You would have to add a new HTTP Virtual server for seconddomain.com and thus creating the address www.seconddomain.com/exchange in order to fix this. OR you could just make sure that everyone has at least two addresses, one in each respective mail domain, e.g. joe@firstdomain.com AND joe@seconddomain.com.


Regards,

Johan

[ December 18, 2001: Message edited by: Johan Sandqvist ]

[ December 18, 2001: Message edited by: Johan Sandqvist ]


(in reply to Steve0212)
Post #: 15
RE: OWA (E2K) will only let Administrators log in - 18.Dec.2001 5:41:00 PM   
Guest
I've tried everything from ie 5.0 to 6.0 and no luck. Mozilla 0.9.6 and Opera 6.0 don't work either. I completely reinstalled the entire machine (and exchange) and I still have the same problem. I'm only attempting this with a single domain to simplify at this point so that couldn't be the problem.

I agree with IntaDev, I need a list of things that are security concerns (in order), since it's logging me in to the iis server just fine, however something beyond that is denying access.

Also as an interesting note, by setting up an IIS site manually (straight to <exchange drive>\<domain>\mbx) I was able to get to the items in a user mailbox with a user login and password. However this wasn't very useful because they were listed in "directory listing" format. I was never able to figure out how to get that to work with the html files.


(in reply to Steve0212)
  Post #: 16
RE: OWA (E2K) will only let Administrators log in - 18.Dec.2001 7:43:00 PM   
AuburnHills

 

Posts: 2
Joined: 18.Dec.2001
From: USA
Status: offline
I too am having these problems with OWA on Exchange 2000! It's driving me crazy too! I checked everything you guys suggested: log on locally and access this computer from the network are both set to the right groups and are the effective policy in place; In ADUC, user is set to log onto all computers; I even gave users Full Control over the Exchange 2000 tree... still nothing... (BTW: I changed it back due to the unsafe nature it would cause); I've check DACL's too! What do I do? Like above, only Admins can access OWA. I do have 2 email domains, however the email domain I'm using is set as the primary in the receipiant's policy and the users have BOTH email addresses (one from each domain) in their Email Addresses tab in ADUC.

(in reply to Steve0212)
Post #: 17
RE: OWA (E2K) will only let Administrators log in - 19.Dec.2001 1:40:00 AM   
IntaDev

 

Posts: 5
Joined: 15.Dec.2001
From: Japan
Status: offline
There is an interesting post on the microsoft newsgroups on this Topic.

quote:
From: "Bill Diekmann" <newses@yahoo.com> Sent: 12/18/2001 3:25:06 PM

This may not be the case for you, but after I installed
SP2 all of my NTFS security settings for the program
files\exchsrvr\exchweb were reset to default. (right click
folder, security tab). I had to re-apply all of my
security settings and tweak the IIS settings also.


This could also be the problem in my case but I Installed SP2 immediately after setting up the new server, so its a major oversight for MS if that is the case.


The trouble is without knowing what all the security setting are its impossible to know what to check.

I have checked that we have e-mail addresses for the default domain and that isnt the issue.
If someone (a very kind exchange guru) were to publish a check/debugging list then that would be one important thing to include, as it seems to be another common problem.


(in reply to Steve0212)
Post #: 18
RE: OWA (E2K) will only let Administrators log in - 19.Dec.2001 1:46:00 AM   
IntaDev

 

Posts: 5
Joined: 15.Dec.2001
From: Japan
Status: offline
quote:
Originally posted by <GooRoo>:

Also as an interesting note, by setting up an IIS site manually (straight to <exchange drive>\<domain>\mbx) I was able to get to the items in a user mailbox with a user login and password. However this wasn't very useful because they were listed in "directory listing" format. I was never able to figure out how to get that to work with the html files.


You may need Exchfilt.dll added to ISAPI Filters in the new site. I think this is what does the processing to actually build the page. does anyone know ?

The Exchange 2000 Exchfilt.dll file is located in C:\Exchsrvr\Bin, for upgrades from Ex5.5 but for new installations, the files are located in C:\Program files\Exchsrvr\Bin.


(in reply to Steve0212)
Post #: 19
RE: OWA (E2K) will only let Administrators log in - 19.Dec.2001 2:29:00 AM   
Guest
Well, I solved my problem, though it was a very unelegant fix.

I exported all the mailboxes, did a complete fdisk/format/reinstall of windows 2000, then reinstalled exchange. Reimport the mailboxes and I was back to the '403.1 Access is denied by ACL on resource' error, rather that 'Access is denied' from before. This looked to me like a file permissions problem, and sure enough, noone except admins had access to the <exchange dir>\exchweb directory. I reset that and gave the 'everyone' group 'full access'

After doing this all the users can now access OWA!

I'd like to hear a real fix rather than this though. Seems like there should be an easier way to solve the problem.


(in reply to Steve0212)
  Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> General >> OWA (E2K) will only let Administrators log in Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter