Ok..I’ve read «a lot» of articles on this topic but, none have resolved my issue so far. Authentication fails for External OWA back into a lab for Exchange 2010/2007 with a 401 error. I’m publishing through 2010 TMG server. Internal works fine for 2010 and
2007 and redirects to my legacy 2007 CAS (Had to use manual redirection though).
The environment is a cross forest trust with users in one forest accessing their mailboxes in another forest (Linked mailboxes). Users access a Website via
HTTP (http://www.mail.domain.com) which is published as the OWA root and then click on a link to access the 2010 CAS (https://mail.domain.com). They
can get
to the OWA root web page in the lab but, accessing the actual OWA link fails to authenticate and generates the 401 error.
OWA 2010 Publishg rule is as follows:
Action — Allow
From — anywhere
TO — mail.domain.com
10.0.0.20
Forward original host header
Requests appear to come from TMG
Traffic — HTTPS
Public Name- Requests for the following web sites/mail.domain.com
Paths — /public/*;/OWA/*;/exchweb/*;/Exchange/*;/ECP/*
Authentication Delegation — Basic
Users — All Authenticated
Listener Rule is as follows:
Networks — External
Connections — Enable SSL /443
Certificate — *.domain.com assigned to the TMG server
Authentication — Forms>Advanced — SSL client certificate timeout — 300 sec.
SSO — not turned on.
On the 2010 CAS IIS properties:
The web root is setup on the 2010 CAS as a seperate site with a seperate IP:
http:www.mail.domain.com / 10.0.0.30 / Only port 80 is bound to the site.Authentication is anonymous only. An index.asp file is referenced that provides a
link to https://mail.domain.com.
The
Any help would be greatly appreciated.
Hi all,
In a test lab I just installed an Exchange 2003 server. I have a mydomain.local, but I modified the default Recipient Update Policy to create mydomain.com (for future purposes, this box is not connected to the internet yet. All testing is being done internally).
The only other modification I have made is enabling SSL on the /Exchange virtual directory for secure OWA access.
I created a user account john.doe (primary email address john.doe@mydomain.com, secondary email address john.doe@mydomain.local).
Logged into a Windows XP SP2 client laptop and tried to pull up OWA in IE 6 using the url: https://myexchange.mydomain.local/exchange
I get the popup box asking for username and password and originally tried entering the username as john.doe. This didn’t work and I was asked to re-enter my credentials until finally I am taken to an Error: Access is Denied page.
If I use john.doe@mydomain.local OWA starts to load (I can see the left navigation pane with the Inbox and other folders and buttons), but then I get the popup again asking for username and password and no matter what combination I try nothing works. Eventually
I am left at a blank Inbox with the message: «The folder can’t be displayed. You don’t have permission to perform this action.»
This is Exchange 2003 Standard running SP2 on Windows 2003 Standard SP2. I did not change any other security settings other than SSL, but did check the /Exchange and /Public virtual directories and ensure Basic Authentication and Windows Integrated Authentication
are enabled.
I have also checked IE6 settings and confirmed Integrated Windows Authentication is enabled.
I have also tried accessing OWA via: https://myexchange.mydomain.local/exchange/john.doe
Furthermore, I have tried logging in from the same client using Firefox and it WORKED correctly using username: john.doe and my password.
Any ideas?
Thanks!
Newer 2010 Exchanger server with an OWA redirect. When trying to access OWA with http://mail.xxxx.com or https://mail.xxxx.com I instantly get an: 401 — Unauthorized: Access is denied due to invalid credentials. Using https://mail.xxxx.com/owa still works.
I’ve done 2010 Exchange installs before with OWA redirection successfully in the past. I’ve researched this error to no avail. Please assist, thanks in advance.
ExchangeMicrosoft IIS Web Server
See if you can find for us the 401 response in your IIS log file. It will help a lot.
Thank you for your resonse, are you looking for this?
2012-06-07 16:02:39 10.38.32.77 GET / — 443 — xx.xxx.xx.xxx Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) 401 3 5 62
Yes. The 3 after the 401 is the subcode, so the complete response status is 401.3 . That means that access is denied due to the ACL (i.e. NTFS permissions) on a file on the server somewhere. It’s hard to be sure which it will be, but I guess the first thing would be to look at the NTFS permissions for the
C:Program FilesMicrosoftExchange ServerV14ClientAccessOwa
folder on the server. What do you have listed? Is there any group that has any of the Deny checkboxes checked?
Authenticated users: Read (not inherited)
System: Full control
Administrators: Full control
Also, I don’t even get to a point to enter my usernamepassword when trying to access the site when using the http://mail.xxxx.com or https://mail.xxxx.com Forgot to mention that in the beginning.
owa-perms.PNG
Then it could be something like the folder containing the logon form:
C:Program FilesMicrosoftExchange ServerV14ClientAccessOwaauth
or the logon form itself within that folder: logon.aspx . Check the NTFS permissions on the file and the folder. They should be similar to what you found before.
Same permissions as above.
Do you think it is a file permission issue eventhough I no issues accessing and logging into OWA using the full https://mail.xxxx.com/owa address?
Ah, I forgot that. If you created a script file to do the redirection I would check the NTFS permissions on that.
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a
7-Day free trial
and enjoy unlimited access to the platform.
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a
7-Day free trial
and enjoy unlimited access to the platform.
Awarded points to LeeDerbyshire for suggesting NTFS permissions were the problem.
Проблемы
Microsoft Outlook несколько раз запросит учетные данные пользователей, даже если они введите правильные учетные данные. На стороне клиента (Outlook 401″ сообщение об ошибке с кодом состояния HTTP. Некоторые пользователи успешно устраняют эту проблему, масштабирование контроллеров доменов.
Решение
Чтобы устранить эту проблему, установите следующее обновление:
Накопительный итог обновления 11 Exchange Server 2019 г. или более поздней версии накопительного Exchange Server 2019 г.
Ссылки
Узнайте о терминологии, используемой корпорацией Майкрософт для описания обновлений программного обеспечения.
Нужна дополнительная помощь?
Нужны дополнительные параметры?
Изучите преимущества подписки, просмотрите учебные курсы, узнайте, как защитить свое устройство и т. д.
В сообществах можно задавать вопросы и отвечать на них, отправлять отзывы и консультироваться с экспертами разных профилей.
Hey,
So about a week ago autodiscover stopped working for internal users and we are unable to add new accounts to outlook, keeps going around in circles asking for usernames and passwords. Delved into this and got it down to autodiscover, when I run the connectivity test via outlook its self, Im returned with a 401 error, it can find the autodiscover via SCP but then just errors out every time. I’ve checked permissions and they all seem good, I can browse to the autodiscover via internal internet and given prompts, once logged in I get a 600 invalid request.
I’m a bit stummped with this and cannot seem to find a way to resolve this.
Probably worth mentioning that OWA works fine, just internal mail apps such as outlook that dont like it.
Any help / suggestions would be appreciated
check
Best Answer
Right, I have some good news, its fixed, turns out there was a typo in the DNS, stupidly I copied the typo when re-creating the entries hence why it didn’t go through, so that resolved, and I thank you for the guidance!
Another problem has arisen in that no-one is able to use out of office via outlook, works via owa of course. Pings back an error saying «Your Automatic reply settings cannot be displayed because the server is unavailable. try again later.» Do you happen to know where the URL for OOF should point to, at the moment its «remote.domain.com/ecp/exchange» should it not be the same as autodiscover or am I wrong?
Again, thanks for all your help!
Was this post helpful?
thumb_up
thumb_down
View Best Answer in replies below
Read these next…
Where are they in Windows 11?
Windows
Quick and I hope easy question, I have figured out ways to do this in W11 but just wondering if there is an easier way.Where are the following in «Windows 11″1. Map Network Drive2. Add PC to a Domain3. This PC (Option)Thank you.
Tape library
Data Storage, Backup & Recovery
HI I am trying to learn my self how to connect a Dell R720 server with a LTO 7 tape library. Can someone advise and guide me with the best practice? because to begin with I have these questions.1. Can I connect the tape Libary directly to the server? if …
Raspberry Pi uses? As a desktop?
Hardware
I saw this post:https://twitter.com/mysterybiscuit5/status/1663271923063685121I like the form factor. Got me thinking — are any of the Raspberry Pi offerings a viable replacement for a windows 10 PC? For general work — surfing, document writing? spreadsh…
Spark! Pro series – 2nd June 2023
Spiceworks Originals
Today in History marks the Passing of Lou Gehrig who died of
ALS or Lou Gehrig’s Disease. I have a
friend suffering from this affliction, so this hits close to home. If you get the opportunity, or are feeling
g…
Snap! — AI Camera, Android Malware, Space, and more Space
Spiceworks Originals
Your daily dose of tech news, in brief.
Welcome to the Snap!
Flashback: June 2, 1966: The US «Soft Lands» on Moon (Read more HERE.)
Bonus Flashback: June 2, 1961: IBM Releases 1301 Disk Storage System (Read more HERE.)
You need to hear…
