+ Post New Thread
Results 1 to 14 of 14
Windows Thread, Exchange 2003 Authentication Problems in Technical; I have quite a big problem with my M$ Exchange 2003 setup, when I create new accounts the user is ...
  1. #1
    paul's Avatar
    Join Date
    Jun 2005
    Location
    Preston
    Posts
    170
    Thank Post
    2
    Thanked 12 Times in 8 Posts
    Rep Power
    21

    Exchange 2003 Authentication Problems

    I have quite a big problem with my M$ Exchange 2003 setup, when I create new accounts the user is unable to authenticate on the Exchange server when trying to access OWA, instead of automatically authenticating they are presented with a standard windows logon box filling this in correctly will still not allow access, you are then prevented with the following error:
    HTTP/1.1 401 Unauthorized.
    Trawling msexchange.org has provided little help and I have already checked the authentication settings in System manager > set to integrated windows authentication.
    Anyone any ideas?

    Also can anyone tell me where is the option to be able to view individuals mailboxes, have done this under 2k buit can't remember how!

  2. #2
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Location
    Greater Manchester
    Posts
    795
    Thank Post
    20
    Thanked 70 Times in 42 Posts
    Rep Power
    34

    Re: Exchange 2003 Authentication Problems

    Can help you with the easy bit.. To view someone else's mailbox, just go to:

    http : // yourexchangeserver/exchange/theirusername

    and log in with YourDomain\SomePowerfulAccount

    It's possible in System Manager to control the permissions on mailboxes (with a standard Windows ACL permissions box), but I'd read up on it first as there may well be some gotchas lurking!

    For your main login problem, try sending them an email before they log in first time. Also, try checking in their account properties to make sure that their email addresses have been created the same as your working users.

  3. #3

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: Exchange 2003 Authentication Problems

    Hi.

    In ESM, and when looking at your OWA authentication methods window, have you also checked "Basic authentication..."? OWA cannot use anonymous authentication (that's for SMTP I believe) but needs an authentication mechanism. The three it can use are:

    1. Negotiate
    2. NTLM
    3. Basic

    IE 5.0 and above uses NTLM if the desktop belongs to the same domain as the Exchange Server. Current versions AFAIK use Kerberos, otherwise they use Basic. All Basic does (hehehe) is pass the user's name and password across the wires in clear text (that's why *they* recommend you use this with SSL).

    Anyway, just thought I would throw that out there. You may have already enabled Basic anyway- and if you have discard; or you may use SSL etc already...again, discard.

    Hope you get it fixed soon!

    Paul

  4. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,619
    Thank Post
    1,499
    Thanked 1,053 Times in 922 Posts
    Rep Power
    304

    Re: Exchange 2003 Authentication Problems

    We have this issue sometimes, try after making the account, sending a test message to it from a known working account and this seems to "open" the account.

  5. #5
    paul's Avatar
    Join Date
    Jun 2005
    Location
    Preston
    Posts
    170
    Thank Post
    2
    Thanked 12 Times in 8 Posts
    Rep Power
    21

    Re: Exchange 2003 Authentication Problems

    Thanks for the replies, I have already tried the old trick of sending an email to open the accounts have suffered this problem once under ex2k, this time though it seems to have no effect.
    As for accessing the users email through OWA I am using my domain admin account but am receiving the same problem; HTTP/1.1 401 Unauthorized. Just about to start pulling my hair out on this 1!

  6. #6

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: Exchange 2003 Authentication Problems

    Hi Paul.

    Are you using FBA (Forms Based Access)?

    Paul too :-)

  7. #7

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,486
    Thank Post
    613
    Thanked 2,194 Times in 1,006 Posts
    Blog Entries
    23
    Rep Power
    634

    Re: Exchange 2003 Authentication Problems

    I sometimes encounter this. Logging on with:
    Domain\Username
    Password

    this works every time i.e:

    yourschool\jbloggs
    password

  8. #8
    paul's Avatar
    Join Date
    Jun 2005
    Location
    Preston
    Posts
    170
    Thank Post
    2
    Thanked 12 Times in 8 Posts
    Rep Power
    21

    Re: Exchange 2003 Authentication Problems

    @DB I have tried this it will not validate the username or password, login box will keep appearing and then fail after 4 attempts.

  9. #9
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113

    Re: Exchange 2003 Authentication Problems

    does
    Code:
    username@domain.local
    (or whatever the domain is) work?

  10. #10
    paul's Avatar
    Join Date
    Jun 2005
    Location
    Preston
    Posts
    170
    Thank Post
    2
    Thanked 12 Times in 8 Posts
    Rep Power
    21

    Re: Exchange 2003 Authentication Problems

    @DMcCoy: no affraid not

  11. #11
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,464
    Thank Post
    10
    Thanked 496 Times in 436 Posts
    Rep Power
    113

    Re: Exchange 2003 Authentication Problems

    Are you using ssl for exchange logins? You have to apply it to certain directories rather than the web root itself. I broke mine this way before reading a kb about which folders to enable ssl for (and client certificates).

    Are there any exchange related errors in a fresh boot of the server? I had issues with backup exec being locked out at times and this was always fixed by a reboot (no idea why though!).

  12. #12

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: Exchange 2003 Authentication Problems

    This is a bit of a funny one really- if you are using FBA then you *have* to (AFAIK) use Basic as the authentication method. You can then use SSL to secure the connection so that you can't suffer man-in-the-middle attacks and HTTP stream redirects.

    I think you kind of said already that you had checked ESM. Did you look at:

    Protocols > HTTP > Exchange Virtual Server

    The "compression" option on mine (looking at it now) is set to "none". You should check the box is ticked to enable Forms Based Authentication. You should have gotten a message when you did so that told you to enable SSL. DB was right- you need to enter credentials like this:

    domain\username

    But OwaLogon definitely only uses Basic Authentication and protects that plain text mess with SSL.

    Other than that I'm now stumped. I had a similar problem myself that meant I couldn't authenticate; tried sending an email so that it "unlocks" the account. Didn't work. I had integrated security checked and thought that OWA would work with this. It didn't seem to like it, so I took some good advice from an MS MVP and enabled Basic Authentication for Forms Based Access. Boof. Worked.

    Not saying this is your issue- but it's worth double checking to make sure (or decca-checking since you are no doubt sick of looking at it by now)!

    Paul

  13. #13

    Join Date
    Jul 2005
    Location
    North Wales
    Posts
    54
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Exchange 2003 Authentication Problems

    To access all mailboxes, create a non-administrator account and add it to the "Exchange Services" group.

    the problem with logging on to OWA - have you changed email addresses in RUS recently, or are you running two domains in the same forest/exchange organisation?

    If so, you might have accidentally deleted the email address that everyone must have. in ESM -> servername -> protocols -> http->exchange virtual server, right-click the "Exchange" virtual directory. whatever's in the "mailboxes from SMTP domain" box has to exist as an email address for all users. took me ages to work out why our students couldn't logon to OWA and this was the problem - staff get @mail.domain.com, students get @student.domain.com and the SMTP domain for OWA had reset itself to @mail.domain.com so no student could log on.

    The domain doesn't need to be the primary SMTP address, but it does need to at least exist for every account you want to log on through OWA.

  14. #14

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181

    Re: Exchange 2003 Authentication Problems

    @Paul: In Exchange 2003 you have to change the permissions on the mailboxes to give you read access. By default only the user has access to the account -hence why you get unauthorized.

    If OWA is completely busted - check the .NET login credentials too. Maybe blitz the OWA stuff in IIS and re-install.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 20th February 2007, 09:42 PM
  2. Exchange 2003 Account Creation Problems
    By paul in forum Windows
    Replies: 2
    Last Post: 22nd November 2006, 03:17 PM
  3. Exchange 2003 - Authentication problem
    By pooley in forum Wireless Networks
    Replies: 5
    Last Post: 20th July 2006, 05:44 PM
  4. Replies: 4
    Last Post: 27th May 2006, 02:48 PM
  5. Replies: 5
    Last Post: 2nd February 2006, 10:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •