General discussion

Locked

Exchange 2k OWA only allows Admin Access

By acattr ·
I installed a 2000 server for a small 10 user network. It runs AD, exchange 2k sp3, on windows 2000 sp3. Only Domain Admins are able to successfully login to Outlook Web Access. All other users are rejected. I have tried:

1. Under Local Policy and the Default Domain Controller Policy I gave Domain Users "log on locally" rights.

2. I gave the everyone group, domain users, and IUSR_MachineName full control over the exchweb folder, propogating permission thruout all subfolders.

Still only Domain Admins can access web outlook.

Any suggestions?

This conversation is currently closed to new comments.

28 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Exchange 2k OWA only allows Admin Access

by ottermill In reply to Exchange 2k OWA only allo ...

When the user opens a browser and types the address of the exchange server what message is displayed in the browser? Or if a logon prompt is displayed what message is returned when the enters their account details?

Collapse -

Exchange 2k OWA only allows Admin Access

by acattr In reply to Exchange 2k OWA only allo ...

Browser requests a logon for username and password. It only accepts Domain Admins. If a Domain User attempts to login they get "Error: Access is Denied." Let me know if this helps you.

Collapse -

Exchange 2k OWA only allows Admin Access

by acattr In reply to Exchange 2k OWA only allo ...

Point value changed by question poster.

Collapse -

Exchange 2k OWA only allows Admin Access

by Joseph Moore In reply to Exchange 2k OWA only allo ...

I always hated OWA! I have seen this problem myself, and heard of it often.
Unfortunately, I don't know of the specific fix for it. It could be several things.

First off, Technet article 311422 states that, "In earlier versions of Microsoft Outlook Web Access (OWA), users must have the "Log on locally" right to gain access to OWA. In the Exchange 2000 version of OWA and later, this right is no longer required. The only right that users must have is the "Access this computer from the network" right, which is given to the Users group by default in Microsoft Windows 2000."

So, make sure that your domain users in your AD domain have the "access this computer from the network" right. I would NOT remove the "log on locally" right you gavethem, just to be safe!

Now, another Technet article I read (I didn't save the article #, sorry) stated to use the e-mail address for the login name when your users log in, instead of a DOMIAN\USERNAME login name. Ok. It also said to make sure that all of your e-mail accounts were unique in your mailboxes (i.e., that 2 mailboxes did NOT have the same e-mail address). If there were duplicate e-mail addresses in mailboxes, the OWA login using e-mail address as login name would not work (not to mention the e-mail problems).

Next, Technet article 317471 talks about the default NTFS permissions on the C:\Program Files\Exchsrvr folder that are needed for OWA logins to work. The article is here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;317471
(please remove any spaces)

Lastly, Technet article 322309 talks of a bunch of settings for Exchange 2K and OWA. Take a look at this article also if needed:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322309
(please remove any spaces)

Collapse -

Exchange 2k OWA only allows Admin Access

by Joseph Moore In reply to Exchange 2k OWA only allo ...

Ok, that is all for quoting Technet articles. Here are my gut feelings on this.

It is obviously some type of permissions issue. Your Domain Admins are gonna have all the rights necessary to defeat any NTFS Security permissions and/or system rights. Since the DA's can log in, but normal users can't, then this is what is the problem. It is not a Exchange setup issue.

Now, I would actually start with the article 371471 first. This could just be a matter of NTFS permissioning on the Exchange folder.

Collapse -

Exchange 2k OWA only allows Admin Access

by Joseph Moore In reply to Exchange 2k OWA only allo ...

Last thoughts:

You didn't mention if the Exchange server is itself the web server, or if you have an IIS server, with a virtual directory pointing to Exchange. IF that is the case (IIS on machine1, and Exchange on machine2), then I would check the user account you use in the virtual directory, that connects to the Exchange server. Try and make that account an Domain Admin-level account. This can happen with virtual directories going over a network connection to remote Windows machines. The user account used to make the virtual directory does not have enough rights on the remote system to connect.

hope this all helps

Collapse -

Exchange 2k OWA only allows Admin Access

by acattr In reply to Exchange 2k OWA only allo ...

Answer 1: "Access this computer from the network" Rights
I checked the local policy and the default domain controller policy, added "Domain Users" even though everyone group was there, did not help.

Answer 2: Email address instead of DOMAIN\username
neither username@domain.com or username or Domain\username work for me. PS: Exchange 2000 will now allow for duplicate email addresses. I've tried.

Answer 3: Technet article 317471
Very Interesting article, im waiting to kick users off.....
Sorry it didnt help. F***, I thought it would.

Answer 4: Technet article 322309
My hopes went really high when I read this one, but sad to say it still does not work.

Regarding Last thought:
Its a small company, only one server.ALL in ALL thanks for your comments, I am more knowledgeable about OWA now.

Collapse -

Exchange 2k OWA only allows Admin Access

by Dynamo2003 In reply to Exchange 2k OWA only allo ...

Everyone group should have had Domain Users permission by default. I will say check you DNS configuration properly. Try creating a cache only DNS server close to the users.

Collapse -

Exchange 2k OWA only allows Admin Access

by acattr In reply to Exchange 2k OWA only allo ...

Please refrase your answer. I don't know what Domain user Permissions are?

Also it cannot be DNS, because I try connecting to the server using IP and it works.

Collapse -

Exchange 2k OWA only allows Admin Access

by acattr In reply to Exchange 2k OWA only allo ...

Point value changed by question poster.

Back to Software Forum
28 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums