I have installed Exchange server 2000 and it has created my OWA within my IIS server on the same box. However when I go to I get a error 403 access forbidden. as far as I can see I have access I'm the administrator. any help?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
OUTLOOK WEB ACCESS HELP! 2
- Thread starter Shift838
- Start date
And PS: being an administrator does not by default give you all Exchange rights !
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
- Thread starter
- #4
- Thread starter
- #6
owa 2000 doesn't have a login screen in the same way that 5.5 does, I don't think.
by going to
you should be prompted for username/password/domain (or username/password if you are using XP as the client)
We set a redirect on the root of the site, to take users to /exchange without them needing to type it.
Rob
by going to
you should be prompted for username/password/domain (or username/password if you are using XP as the client)
We set a redirect on the root of the site, to take users to /exchange without them needing to type it.
Rob
- Thread starter
- #9
-
2
- #11
compgirlfhredi
Technical User
There are a variety of 401 and 403 error codes, but knowing the exact error codes that are being generated can provide you with some excellent clues about the cause of the problem. Below I've listed the various 401 and 403 error codes and what these codes mean:
401;1 Unauthorized access because the logon has failed
401;2 Unauthorized access because the logon has failed due to the server
configuration
401;3 Unauthorized access because of an Access Control List (ACL) entry
401;4 Unauthorized access because an IIS filter is blocking access
401;5 Unauthorized access because of an ISAPI or CGI application
403;1 Forbidden because execute access isn't allowed
403;2 Forbidden because read access isn't allowed
403;3 Forbidden because write access isn't allowed
403;4 Forbidden because SSL use is required
403;5 Forbidden because 128-bit SSL use is required
403;6 Forbidden because the IP address was rejected
403;7 Forbidden because a client certificate is required
403;8 Forbidden because access to the site is denied
403;9 Forbidden because too many users are presently attached to the site
403;10 Forbidden because of an invalid configuration
403;11 Forbidden because of an invalid password
403;12 Forbidden because the Web site requires a valid client certificate
403;13 Forbidden because the client certificate was revoked
403;14 Forbidden because the directory listing is denied
403;15 Forbidden because the client access license count was exceeded
403;16 Forbidden because the client access certificate is invalid or untrusted
403;17 Forbidden because the client access certificate is expired or is not yet valid
Are you running a Script access that's not been enabled for the site or virtual directory at the IIS server?
If you do not see the Network Login dialog box, the security settings for the site may be incorrect. Make sure that you have selected ONLY Basic Authentication and DEselected Anonymous Access and NT Authentication.
If you see the Network Login dialog box three times, and then the login fails, your server may be authenticating you against its own User accounts instead of the network's. Try logging in with <DOMAIN_NAME>/<USERNAME> instead of just <USERNAME>, or verify the default Authentication Domain for the site in IIS manager.
Also, be aware that Outlook Web Access requires that all users have the 'Log On Locally' right on the IIS server.
401;1 Unauthorized access because the logon has failed
401;2 Unauthorized access because the logon has failed due to the server
configuration
401;3 Unauthorized access because of an Access Control List (ACL) entry
401;4 Unauthorized access because an IIS filter is blocking access
401;5 Unauthorized access because of an ISAPI or CGI application
403;1 Forbidden because execute access isn't allowed
403;2 Forbidden because read access isn't allowed
403;3 Forbidden because write access isn't allowed
403;4 Forbidden because SSL use is required
403;5 Forbidden because 128-bit SSL use is required
403;6 Forbidden because the IP address was rejected
403;7 Forbidden because a client certificate is required
403;8 Forbidden because access to the site is denied
403;9 Forbidden because too many users are presently attached to the site
403;10 Forbidden because of an invalid configuration
403;11 Forbidden because of an invalid password
403;12 Forbidden because the Web site requires a valid client certificate
403;13 Forbidden because the client certificate was revoked
403;14 Forbidden because the directory listing is denied
403;15 Forbidden because the client access license count was exceeded
403;16 Forbidden because the client access certificate is invalid or untrusted
403;17 Forbidden because the client access certificate is expired or is not yet valid
Are you running a Script access that's not been enabled for the site or virtual directory at the IIS server?
If you do not see the Network Login dialog box, the security settings for the site may be incorrect. Make sure that you have selected ONLY Basic Authentication and DEselected Anonymous Access and NT Authentication.
If you see the Network Login dialog box three times, and then the login fails, your server may be authenticating you against its own User accounts instead of the network's. Try logging in with <DOMAIN_NAME>/<USERNAME> instead of just <USERNAME>, or verify the default Authentication Domain for the site in IIS manager.
Also, be aware that Outlook Web Access requires that all users have the 'Log On Locally' right on the IIS server.
- Thread starter
- #12
I get prompted for user id and password and domain when I goto
I put in my user id and password (admin account) and then receive the following error:
HTTP Error 403 - Forbidden
I put in my user id and password (admin account) and then receive the following error:
HTTP Error 403 - Forbidden
That just means 'administrator; has no rights to get to OWA.
Double - triple check your rights !!!
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
Double - triple check your rights !!!
Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
- Thread starter
- #16
Use a domain account for a known mailbox.
If you login to the root, it chooses which mailbox to use, based on your credentials. If you logon as the local administrator, it won't know which mailbox to login to, so will give an error.
Rob
If you login to the root, it chooses which mailbox to use, based on your credentials. If you logon as the local administrator, it won't know which mailbox to login to, so will give an error.
Rob
- Thread starter
- #19
compgirlfhredi
Technical User
Anonymous Access
Typically, all unknown users attempting to establish an HTTP connection with your Web server will log on as anonymous users. An unknown user is someone who does not have valid Windows NT accounts on your domain. While you may have them identify themselves by filling out a form, you will still want to use a real Windows account for these untrusted users to log on with.
Regardless of the type of authentication used, when a user establishes a connection, IIS will impersonate this user and log them onto the server as the impersonated account. For anonymous users, IIS will use a valid and well-known account (and randomly generated password) created during the installation of the Web server in Windows NT User Manager for Domains and in Internet Service Manager. The name of this account is IUSR_computername, where computername is the name of the machine the Web server is installed on. For Internet scenarios, this account typically is defined on the Web server machine; for intranet, it is part of a domain on which the IIS server is a member.
IIS lets anyone into Web Server with no access checks.
All anonymous users run as impersonated account (IUSR_computername) by default.
If Everyone group or IUSR_computername have NTFS file access allowed to the ASP file, it loads and runs.
This account has security restrictions that limit the type of Web content that anonymous users can access. By default, it is granted Log on Locally user rights. This account also has security restrictions determined by NTFS permissions and the rights granted to the anonymous user account; these limit the type of Web content anonymous users can access and anything else that impersonated thread attempts to do. If anonymous access has been disabled for the IIS virtual directory being accessed, or the anonymous account has not been granted permission to the file being accessed, access will be denied for the anonymous user. The anonymous user account will have access to any resources where the 'Everyone' account is enabled.
To allow anonymous access to your Web site:
Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. The Internet Information Services window appears.
Expand the tree in the left pane until your Web server is displayed.
Right-click the Web server and then click Properties.
Click the Internet Information Services tab.
Verify that is selected in the Master Properties box.
Click Edit. The Master Properties dialog box appears.
Click the Directory Security tab.
In the Anonymous access and authentication control frame, click Edit. The Authentication Methods dialog box appears (See Figure 5).
Select Anonymous access and click OK.
Typically, all unknown users attempting to establish an HTTP connection with your Web server will log on as anonymous users. An unknown user is someone who does not have valid Windows NT accounts on your domain. While you may have them identify themselves by filling out a form, you will still want to use a real Windows account for these untrusted users to log on with.
Regardless of the type of authentication used, when a user establishes a connection, IIS will impersonate this user and log them onto the server as the impersonated account. For anonymous users, IIS will use a valid and well-known account (and randomly generated password) created during the installation of the Web server in Windows NT User Manager for Domains and in Internet Service Manager. The name of this account is IUSR_computername, where computername is the name of the machine the Web server is installed on. For Internet scenarios, this account typically is defined on the Web server machine; for intranet, it is part of a domain on which the IIS server is a member.
IIS lets anyone into Web Server with no access checks.
All anonymous users run as impersonated account (IUSR_computername) by default.
If Everyone group or IUSR_computername have NTFS file access allowed to the ASP file, it loads and runs.
This account has security restrictions that limit the type of Web content that anonymous users can access. By default, it is granted Log on Locally user rights. This account also has security restrictions determined by NTFS permissions and the rights granted to the anonymous user account; these limit the type of Web content anonymous users can access and anything else that impersonated thread attempts to do. If anonymous access has been disabled for the IIS virtual directory being accessed, or the anonymous account has not been granted permission to the file being accessed, access will be denied for the anonymous user. The anonymous user account will have access to any resources where the 'Everyone' account is enabled.
To allow anonymous access to your Web site:
Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager. The Internet Information Services window appears.
Expand the tree in the left pane until your Web server is displayed.
Right-click the Web server and then click Properties.
Click the Internet Information Services tab.
Verify that is selected in the Master Properties box.
Click Edit. The Master Properties dialog box appears.
Click the Directory Security tab.
In the Anonymous access and authentication control frame, click Edit. The Authentication Methods dialog box appears (See Figure 5).
Select Anonymous access and click OK.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question