Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OUTLOOK WEB ACCESS HELP! 2

Status
Not open for further replies.

Shift838

IS-IT--Management
Jan 27, 2003
987
US
I have installed Exchange server 2000 and it has created my OWA within my IIS server on the same box. However when I go to I get a error 403 access forbidden. as far as I can see I have access I'm the administrator. any help?
 
have a look in IIS for the authentication methods for the exchange virtual directory.

ours is set to use basic and integrated, but not anonymous.

hope this helps

Rob
 
And PS: being an administrator does not by default give you all Exchange rights !

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
[/sub]
 
I have made sure the IIS authentication for the Exchange Virtual Directory is set to Basic and Integerated, but I still have the problem..
 
try going to /exchange/mailboxname/inbox

eg mine would be /exchange/rob.ellis/inbox

you should get prompted for authentication?

Rob
 
shouldn't I be able to go to the root of the virtual directory to get the login screen for OWA?
 
owa 2000 doesn't have a login screen in the same way that 5.5 does, I don't think.

by going to
you should be prompted for username/password/domain (or username/password if you are using XP as the client)

We set a redirect on the root of the site, to take users to /exchange without them needing to type it.



Rob
 
OWA 2000 gives you a log in box prompting for user name and password. have you tried using domain name\user name?



****
Problems are nothing more than an opportunity for improvement
;-P hehehehe
 
I have tried the requested options, but still no access..
 
are you being prompted? or do you get a 403 error straight away?

Rob
 
There are a variety of 401 and 403 error codes, but knowing the exact error codes that are being generated can provide you with some excellent clues about the cause of the problem. Below I've listed the various 401 and 403 error codes and what these codes mean:



401;1 Unauthorized access because the logon has failed
401;2 Unauthorized access because the logon has failed due to the server
configuration
401;3 Unauthorized access because of an Access Control List (ACL) entry
401;4 Unauthorized access because an IIS filter is blocking access
401;5 Unauthorized access because of an ISAPI or CGI application
403;1 Forbidden because execute access isn't allowed
403;2 Forbidden because read access isn't allowed
403;3 Forbidden because write access isn't allowed
403;4 Forbidden because SSL use is required
403;5 Forbidden because 128-bit SSL use is required
403;6 Forbidden because the IP address was rejected
403;7 Forbidden because a client certificate is required
403;8 Forbidden because access to the site is denied
403;9 Forbidden because too many users are presently attached to the site
403;10 Forbidden because of an invalid configuration
403;11 Forbidden because of an invalid password
403;12 Forbidden because the Web site requires a valid client certificate
403;13 Forbidden because the client certificate was revoked
403;14 Forbidden because the directory listing is denied
403;15 Forbidden because the client access license count was exceeded
403;16 Forbidden because the client access certificate is invalid or untrusted
403;17 Forbidden because the client access certificate is expired or is not yet valid

Are you running a Script access that's not been enabled for the site or virtual directory at the IIS server?

If you do not see the Network Login dialog box, the security settings for the site may be incorrect. Make sure that you have selected ONLY Basic Authentication and DEselected Anonymous Access and NT Authentication.
If you see the Network Login dialog box three times, and then the login fails, your server may be authenticating you against its own User accounts instead of the network's. Try logging in with <DOMAIN_NAME>/<USERNAME> instead of just <USERNAME>, or verify the default Authentication Domain for the site in IIS manager.
Also, be aware that Outlook Web Access requires that all users have the 'Log On Locally' right on the IIS server.
 
I get prompted for user id and password and domain when I goto
I put in my user id and password (admin account) and then receive the following error:

HTTP Error 403 - Forbidden
 
That just means 'administrator; has no rights to get to OWA.
Double - triple check your rights !!!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
[/sub]
 
Hi..

I believe that your exchange server is installed on domain controller, check if there is logon locally rights on that dc.

Chintan
 
Sorry Chintan, but OWA needs Exchange and IIS rights, nothing to do with local rights!
 
The account I am using to try and access OWA is the local adminstrator account and has logon locally priviledges. But still cannot access it.
 
Use a domain account for a known mailbox.

If you login to the root, it chooses which mailbox to use, based on your credentials. If you logon as the local administrator, it won't know which mailbox to login to, so will give an error.

Rob
 
Administrator has a mailbox too, so that works as well (unless you removed Administrator of course).
But like I said before, OWA needs Exchange and IIS rights, NOTHING to do with local rights!!
 
My administrator has been renamed and given a email address. Are you saying I need to create a different ID with a new mailbox, etc..

 
Anonymous Access

Typically, all unknown users attempting to establish an HTTP connection with your Web server will log on as anonymous users. An unknown user is someone who does not have valid Windows NT accounts on your domain. While you may have them identify themselves by filling out a form, you will still want to use a real Windows account for these untrusted users to log on with.

Regardless of the type of authentication used, when a user establishes a connection, IIS will impersonate this user and log them onto the server as the impersonated account. For anonymous users, IIS will use a valid and well-known account (and randomly generated password) created during the installation of the Web server in Windows NT User Manager for Domains and in Internet Service Manager. The name of this account is IUSR_computername, where computername is the name of the machine the Web server is installed on. For Internet scenarios, this account typically is defined on the Web server machine; for intranet, it is part of a domain on which the IIS server is a member.
IIS lets anyone into Web Server with no access checks.
All anonymous users run as impersonated account (IUSR_computername) by default.
If Everyone group or IUSR_computername have NTFS file access allowed to the ASP file, it loads and runs.
This account has security restrictions that limit the type of Web content that anonymous users can access. By default, it is granted Log on Locally user rights. This account also has security restrictions determined by NTFS permissions and the rights granted to the anonymous user account; these limit the type of Web content anonymous users can access and anything else that impersonated thread attempts to do. If anonymous access has been disabled for the IIS virtual directory being accessed, or the anonymous account has not been granted permission to the file being accessed, access will be denied for the anonymous user. The anonymous user account will have access to any resources where the 'Everyone' account is enabled.

To allow anonymous access to your Web site:

Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. The Internet Information Services window appears.
Expand the tree in the left pane until your Web server is displayed.
Right-click the Web server and then click Properties.
Click the Internet Information Services tab.
Verify that is selected in the Master Properties box.
Click Edit. The Master Properties dialog box appears.
Click the Directory Security tab.
In the Anonymous access and authentication control frame, click Edit. The Authentication Methods dialog box appears (See Figure 5).
Select Anonymous access and click OK.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top