No announcement yet.

OWA permissions issues?

  • Filter
  • Time
  • Show
Clear All
new posts

  • OWA permissions issues?

    Hi All,

    This has got me pulling my hair out!!

    Our exchange organisation is quite large, about 75 exhange boxes roughly split 50/50 between 2k and 2k3 servers

    Earlier this week I built two new exchange 2003 servers, which are intended to sit in the DMZ and provide a network load balanced Outlook web access solution. The servers have not been put in the dmz yet as I wanted to check everything worked ok on the inside first.

    The servers were built and tested and seemed to be working fine, until i created a couple of test users. The test users cannot access OWA. If they type in the URL http://servername/exchange , they are prompted for the uname and password three times, then get HTTP/1.1 401 Unauthorized error.

    If I make the user a domain admin it works immediately.

    I then thought this may be to do with standard users not having the logon locally permission. This is explicitly denied by our Group policy unless you are in certain groups. (I dont know if this permission is required in exchange 2003) I changed the policy to allow everyone and domain users to logon locally ,and access this computer from the network. No difference.

    I reset all IIS permissions and made sure the permissions are set on the Exchsrvr in line with MS article kb327843, still to no avail.

    I then tried to use owa on one of our back end servers. The same thing occurs!! It works fine for me as a domain admin, but not for a standard user. This makes me think it may be a group policy setting or an exchange policy that is causiing this.

    I have installed OWA boxes in two other organisations and never had to do any additional config, it has just worked as it was supposed to. I've found plenty of posts for this problem, but no-one with a solution other than the log on locally issue.

    Any help on this greatly appreciated!!!!

    Thanks in advance


  • #2
    Re: OWA permissions issues?

    Just a thought - could it be that be playing with the GPO and logon locally setting you also denied the iuser_servername user account and/or the guests group permissions to access the files needed for OWA to work?

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services