Our company has recently instituted a security policy to restrict staff from logging onto any other office PC than their own, and a few select communal workstations. This restriction was put in place through the user's Active Directory user account "Log On To" properties.
The problem is though, once those restriction were put in, they disabled the ability of the staff to connect to their Exchange 2003 mailbox via the Outlook Web Access application. Any staff with no logon restrictions (myself and the company owners) have no issues connecting, but restricted accounts are blocked. The users receive the error "The local security authority cannot be contacted" or (if Show friendly HHTP error messages is turned off) "HTTP 500 - Internal server error"
So... is there any work around for this problem, or perhaps a group policy that would allow both the restrictions AND the OWA to function properly, or am I stuck?
Any assistance is greatly appreciated.
Shaun.
This conversation is currently closed to new comments.
Since you've restricted them to logging onto only their workstation, they cannot login to the OWA system. You will need to either remvoe the policy, or grant them permission to log into their workstation AND the OWA system.
When you say "grant them permission to log into their workstation AND the OWA system", I had actually already tried that by adding the Exchange server to the workstations the users were allowed to log onto. It still made no difference... the staff couldn't access OWA.
If I can't have the OWA access AND the logon restriction in place concurrently it will be unacceptable for our management. There HAS to be some sort of work-around, user policy, or registry hack that would allow both to function properly.
I found the same problem with restricting workstation access causing the OWA not to work for those users. I also tried to add the Exchange OWA computer (same machine for all parts) to the allowed workstation, but that didn't change anything. Did anyone find a solution to this? Thanks in advance.
To the machine logon restrictions in active directory I added the name mail and then the test account was able to logon to OWA without being able to log on to all machines in our domain.
Duke I would love to get some further information from you on this as I am also stuck on this exact issue. I tried adding "mail" as well as the name of our mail server and "mail.ourdomain.com" and it still does not work. Am I missing something from your post?
I added just our common domain name domain.org (not mail.domain.org) and it works great. But it seems that there is only a limit number of characters that can be entered, so I'm curious what happens if your domain name is longer than that?
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
OWA & workstation access permissions
The problem is though, once those restriction were put in, they disabled the ability of the staff to connect to their Exchange 2003 mailbox via the Outlook Web Access application. Any staff with no logon restrictions (myself and the company owners) have no issues connecting, but restricted accounts are blocked. The users receive the error "The local security authority cannot be contacted" or (if Show friendly HHTP error messages is turned off) "HTTP 500 - Internal server error"
So... is there any work around for this problem, or perhaps a group policy that would allow both the restrictions AND the OWA to function properly, or am I stuck?
Any assistance is greatly appreciated.
Shaun.