 |
|
|
|
| Author |
Message |
StillLearnin
Joined: 19 Feb 2008
Posts: 3
|
 Posted: Tue Feb 19, 2008 12:03 am Post subject: OWA access to Exchange 2007 |
 |
|
I have some users that can't access Exchange 2007 SP1 using OWA. Out of the 2
that I'm working on, one was moved from Ex2003, one was newly created in
Ex2007.
The inheritable permissions is checked for the user and all OU's. The top OU
is a member of the Exchange Servers group per:
http://technet.microsoft.com/en-us/library/bb885050(EXCHG.80).aspx
The msExchVersion is correct.(KB941146)
The Locale is the same.
I have compared Effective Permissions to a working user account, and they
are the same.
Both users can connect using Outlook 2003.
I have run DcDiag on my domain controllers, with no errors.
Active Directory Best Practices Analyzer doesn't report any problems either.
Here is the error information:
Request
Url: https://mail.mydomain.com:443/OWA/lang.owa
User host address: 192.168.1.9
Exception
Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: There was a problem accessing Active Directory.
Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext
owaContext, OwaIdentity logonIdentity, CultureInfo culture, String
timeZoneKeyName, Boolean isOptimized)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)
Inner Exception
Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
Exception message: Active Directory operation failed on myDC.mydomain.com.
This error is not retriable. Additional information: Insufficient access
rights to perform the operation. Active directory response: 00002098: SecErr:
DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Call stack
Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection
connection, DirectoryRequest request, DirectoryException de, Int32
totalRetries, Int32 retriesOnServer)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave,
IEnumerable`1 properties)
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
Inner Exception
Exception type: System.DirectoryServices.Protocols.DirectoryOperationException
Exception message: The user has insufficient access rights.
Call stack
System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
messageId, LdapOperation operation, ResultAll resultType, TimeSpan
requestTimeOut, Boolean exceptionOnTimeOut)
System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation)
Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry entry, DirectoryRequest request, ADObjectId originalId)
Any more ideas? I don't know what else to check...
TIA,
Jeff
Archived from group: microsoft>public>exchange>clients |
|
| Back to top |
|
 |
M3 PostMasters
Joined: 28 Jan 2008
Posts: 51
|
| Posted: Wed Feb 20, 2008 4:08 pm Post subject: Re: OWA access to Exchange 2007 |
|
|
What is mentioned in your IIS logfiles when the user tries to authenticate
to the CAS server? Also, do they recieve an IE error? If so, what's the
error please?
--
Richard Rodgers
M3 PostMasters
M3PostMasters@nospam.m3tg.com
M3 Technology Group
www.m3tg.com
"StillLearnin" wrote in message @microsoft.com...
>I have some users that can't access Exchange 2007 SP1 using OWA. Out of the
>2
> that I'm working on, one was moved from Ex2003, one was newly created in
> Ex2007.
>
> The inheritable permissions is checked for the user and all OU's. The top
> OU
> is a member of the Exchange Servers group per:
> http://technet.microsoft.com/en-us/library/bb885050(EXCHG.80).aspx
>
> The msExchVersion is correct.(KB941146)
> The Locale is the same.
>
> I have compared Effective Permissions to a working user account, and they
> are the same.
>
> Both users can connect using Outlook 2003.
>
> I have run DcDiag on my domain controllers, with no errors.
> Active Directory Best Practices Analyzer doesn't report any problems
> either.
>
> Here is the error information:
>
> Request
> Url: https://mail.mydomain.com:443/OWA/lang.owa
> User host address: 192.168.1.9
>
> Exception
> Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
> Exception message: There was a problem accessing Active Directory.
>
> Call stack
>
> Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext
> owaContext, OwaIdentity logonIdentity, CultureInfo culture, String
> timeZoneKeyName, Boolean isOptimized)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext
> owaContext)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext
> owaContext, UserContextCookie userContextCookie)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext
> owaContext)
> Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext
> owaContext)
> System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
> System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> completedSynchronously)
>
> Inner Exception
> Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
> Exception message: Active Directory operation failed on myDC.mydomain.com.
> This error is not retriable. Additional information: Insufficient access
> rights to perform the operation. Active directory response: 00002098:
> SecErr:
> DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>
> Call stack
>
> Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection
> connection, DirectoryRequest request, DirectoryException de, Int32
> totalRetries, Int32 retriesOnServer)
> Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
> entry, DirectoryRequest request, ADObjectId originalId)
> Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave,
> IEnumerable`1 properties)
> Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
>
> Inner Exception
> Exception type:
> System.DirectoryServices.Protocols.DirectoryOperationException
> Exception message: The user has insufficient access rights.
>
> Call stack
>
> System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
> messageId, LdapOperation operation, ResultAll resultType, TimeSpan
> requestTimeOut, Boolean exceptionOnTimeOut)
> System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest
> request, TimeSpan requestTimeout)
> Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest
> request, LdapOperation ldapOperation)
> Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
> entry, DirectoryRequest request, ADObjectId originalId)
>
> Any more ideas? I don't know what else to check...
>
> TIA,
> Jeff |
|
| Back to top |
|
|
StillLearnin
Joined: 19 Feb 2008
Posts: 3
|
| Posted: Mon Feb 25, 2008 7:59 pm Post subject: Re: OWA access to Exchange 2007 |
|
|
Hi Richard,
Thanks for trying to help me. I would have responded sooner, but I didn't
get notified of your response.
I just tried again. Here is the IIS log of it.
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port
cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2008-02-25 22:34:33 W3SVC1 192.168.100.4 GET /exchange - 443 domain\user
192.168.100.9
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 302 0 0
2008-02-25 22:34:33 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 2
2148074254
2008-02-25 22:34:47 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 1 0
2008-02-25 22:34:47 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401 1
2148074252
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET /owa/default.aspx - 443
domain\user 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/owafont.css - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/logon.css - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgntopr.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgntopl.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgntopm.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgnexlogo.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgnbotl.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgnbotr.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgnright.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgnleft.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/lgnbotm.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:35:01 W3SVC1 192.168.100.4 POST /owa/lang.owa - 443
domain\user 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/premium.css - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/error.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/copy.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
/owa/8.1.240.5/themes/base/expnd.gif - 443 - 192.168.100.33
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200 0 0
I don't really know what I'm looking at in the log, but nothing jumps out at
me.
The error in IE is: A problem occurred while trying to use your mailbox.
Please contact technical support for your organization.
It is followed by 2 links, "Copy error details to clipboard" and "Show
details" which is what I put in the orignal post.
Jeff
"M3 PostMasters" wrote:
> What is mentioned in your IIS logfiles when the user tries to authenticate
> to the CAS server? Also, do they recieve an IE error? If so, what's the
> error please?
>
> --
> Richard Rodgers
> M3 PostMasters
> M3PostMasters@nospam.m3tg.com
> M3 Technology Group
> www.m3tg.com
>
>
>
> "StillLearnin" wrote in message
> @microsoft.com...
> >I have some users that can't access Exchange 2007 SP1 using OWA. Out of the
> >2
> > that I'm working on, one was moved from Ex2003, one was newly created in
> > Ex2007.
> >
> > The inheritable permissions is checked for the user and all OU's. The top
> > OU
> > is a member of the Exchange Servers group per:
> > http://technet.microsoft.com/en-us/library/bb885050(EXCHG.80).aspx
> >
> > The msExchVersion is correct.(KB941146)
> > The Locale is the same.
> >
> > I have compared Effective Permissions to a working user account, and they
> > are the same.
> >
> > Both users can connect using Outlook 2003.
> >
> > I have run DcDiag on my domain controllers, with no errors.
> > Active Directory Best Practices Analyzer doesn't report any problems
> > either.
> >
> > Here is the error information:
> >
> > Request
> > Url: https://mail.mydomain.com:443/OWA/lang.owa
> > User host address: 192.168.1.9
> >
> > Exception
> > Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
> > Exception message: There was a problem accessing Active Directory.
> >
> > Call stack
> >
> > Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext
> > owaContext, OwaIdentity logonIdentity, CultureInfo culture, String
> > timeZoneKeyName, Boolean isOptimized)
> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext
> > owaContext)
> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext
> > owaContext, UserContextCookie userContextCookie)
> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext
> > owaContext)
> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext
> > owaContext)
> > System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
> > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> > completedSynchronously)
> >
> > Inner Exception
> > Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
> > Exception message: Active Directory operation failed on myDC.mydomain.com.
> > This error is not retriable. Additional information: Insufficient access
> > rights to perform the operation. Active directory response: 00002098:
> > SecErr:
> > DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
> >
> > Call stack
> >
> > Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection
> > connection, DirectoryRequest request, DirectoryException de, Int32
> > totalRetries, Int32 retriesOnServer)
> > Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
> > entry, DirectoryRequest request, ADObjectId originalId)
> > Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave,
> > IEnumerable`1 properties)
> > Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
> >
> > Inner Exception
> > Exception type:
> > System.DirectoryServices.Protocols.DirectoryOperationException
> > Exception message: The user has insufficient access rights.
> >
> > Call stack
> >
> > System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
> > messageId, LdapOperation operation, ResultAll resultType, TimeSpan
> > requestTimeOut, Boolean exceptionOnTimeOut)
> > System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest
> > request, TimeSpan requestTimeout)
> > Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest
> > request, LdapOperation ldapOperation)
> > Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
> > entry, DirectoryRequest request, ADObjectId originalId)
> >
> > Any more ideas? I don't know what else to check...
> >
> > TIA,
> > Jeff
>
>
> |
|
| Back to top |
|
|
M3 PostMasters
Joined: 28 Jan 2008
Posts: 51
|
| Posted: Mon Feb 25, 2008 9:25 pm Post subject: Re: OWA access to Exchange 2007 |
|
|
Are you using http://mail.yourdomain.com/exchange or
http://mail.yourdomain.com/owa ?
--
Richard Rodgers
M3 PostMasters
M3PostMasters@nospam.m3tg.com
M3 Technology Group
www.m3tg.com
"StillLearnin" wrote in message @microsoft.com...
> Hi Richard,
>
> Thanks for trying to help me. I would have responded sooner, but I didn't
> get notified of your response.
>
> I just tried again. Here is the IIS log of it.
>
> #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
> s-port
> cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
> 2008-02-25 22:34:33 W3SVC1 192.168.100.4 GET /exchange - 443 domain\user
> 192.168.100.9
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 302
> 0 0
> 2008-02-25 22:34:33 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401
> 2
> 2148074254
> 2008-02-25 22:34:47 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401
> 1 0
> 2008-02-25 22:34:47 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401
> 1
> 2148074252
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET /owa/default.aspx - 443
> domain\user 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/owafont.css - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/logon.css - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgntopr.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgntopl.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgntopm.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgnexlogo.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgnbotl.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgnbotr.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgnright.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgnleft.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/lgnbotm.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:35:01 W3SVC1 192.168.100.4 POST /owa/lang.owa - 443
> domain\user 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/premium.css - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/error.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/copy.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
> 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> /owa/8.1.240.5/themes/base/expnd.gif - 443 - 192.168.100.33
> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> 0 0
>
> I don't really know what I'm looking at in the log, but nothing jumps out
> at
> me.
>
> The error in IE is: A problem occurred while trying to use your mailbox.
> Please contact technical support for your organization.
> It is followed by 2 links, "Copy error details to clipboard" and "Show
> details" which is what I put in the orignal post.
>
> Jeff
>
> "M3 PostMasters" wrote:
>
>> What is mentioned in your IIS logfiles when the user tries to
>> authenticate
>> to the CAS server? Also, do they recieve an IE error? If so, what's the
>> error please?
>>
>> --
>> Richard Rodgers
>> M3 PostMasters
>> M3PostMasters@nospam.m3tg.com
>> M3 Technology Group
>> www.m3tg.com
>>
>>
>>
>> "StillLearnin" wrote in message
>> @microsoft.com...
>> >I have some users that can't access Exchange 2007 SP1 using OWA. Out of
>> >the
>> >2
>> > that I'm working on, one was moved from Ex2003, one was newly created
>> > in
>> > Ex2007.
>> >
>> > The inheritable permissions is checked for the user and all OU's. The
>> > top
>> > OU
>> > is a member of the Exchange Servers group per:
>> > http://technet.microsoft.com/en-us/library/bb885050(EXCHG.80).aspx
>> >
>> > The msExchVersion is correct.(KB941146)
>> > The Locale is the same.
>> >
>> > I have compared Effective Permissions to a working user account, and
>> > they
>> > are the same.
>> >
>> > Both users can connect using Outlook 2003.
>> >
>> > I have run DcDiag on my domain controllers, with no errors.
>> > Active Directory Best Practices Analyzer doesn't report any problems
>> > either.
>> >
>> > Here is the error information:
>> >
>> > Request
>> > Url: https://mail.mydomain.com:443/OWA/lang.owa
>> > User host address: 192.168.1.9
>> >
>> > Exception
>> > Exception type:
>> > Microsoft.Exchange.Data.Storage.StoragePermanentException
>> > Exception message: There was a problem accessing Active Directory.
>> >
>> > Call stack
>> >
>> > Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
>> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext
>> > owaContext, OwaIdentity logonIdentity, CultureInfo culture, String
>> > timeZoneKeyName, Boolean isOptimized)
>> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext
>> > owaContext)
>> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext
>> > owaContext, UserContextCookie userContextCookie)
>> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext
>> > owaContext)
>> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext
>> > owaContext)
>> > System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
>> > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
>> > completedSynchronously)
>> >
>> > Inner Exception
>> > Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
>> > Exception message: Active Directory operation failed on
>> > myDC.mydomain.com.
>> > This error is not retriable. Additional information: Insufficient
>> > access
>> > rights to perform the operation. Active directory response: 00002098:
>> > SecErr:
>> > DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>> >
>> > Call stack
>> >
>> > Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection
>> > connection, DirectoryRequest request, DirectoryException de, Int32
>> > totalRetries, Int32 retriesOnServer)
>> > Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
>> > entry, DirectoryRequest request, ADObjectId originalId)
>> > Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject
>> > instanceToSave,
>> > IEnumerable`1 properties)
>> > Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
>> >
>> > Inner Exception
>> > Exception type:
>> > System.DirectoryServices.Protocols.DirectoryOperationException
>> > Exception message: The user has insufficient access rights.
>> >
>> > Call stack
>> >
>> > System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
>> > messageId, LdapOperation operation, ResultAll resultType, TimeSpan
>> > requestTimeOut, Boolean exceptionOnTimeOut)
>> > System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest
>> > request, TimeSpan requestTimeout)
>> > Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest
>> > request, LdapOperation ldapOperation)
>> > Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
>> > entry, DirectoryRequest request, ADObjectId originalId)
>> >
>> > Any more ideas? I don't know what else to check...
>> >
>> > TIA,
>> > Jeff
>>
>>
>> |
|
| Back to top |
|
|
StillLearnin
Joined: 19 Feb 2008
Posts: 3
|
| Posted: Tue Feb 26, 2008 12:51 am Post subject: Re: OWA access to Exchange 2007 |
|
|
Https://mail.mydomain.com/owa
It works fine for most users. I've only found 2 so far that get this error.
"M3 PostMasters" wrote:
> Are you using http://mail.yourdomain.com/exchange or
> http://mail.yourdomain.com/owa ?
>
> --
> Richard Rodgers
> M3 PostMasters
> M3PostMasters@nospam.m3tg.com
> M3 Technology Group
> www.m3tg.com
>
>
>
> "StillLearnin" wrote in message
> @microsoft.com...
> > Hi Richard,
> >
> > Thanks for trying to help me. I would have responded sooner, but I didn't
> > get notified of your response.
> >
> > I just tried again. Here is the IIS log of it.
> >
> > #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query
> > s-port
> > cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
> > 2008-02-25 22:34:33 W3SVC1 192.168.100.4 GET /exchange - 443 domain\user
> > 192.168.100.9
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 302
> > 0 0
> > 2008-02-25 22:34:33 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401
> > 2
> > 2148074254
> > 2008-02-25 22:34:47 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401
> > 1 0
> > 2008-02-25 22:34:47 W3SVC1 192.168.100.4 GET /owa/ - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 401
> > 1
> > 2148074252
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET /owa/default.aspx - 443
> > domain\user 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/owafont.css - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/logon.css - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgntopr.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgntopl.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgntopm.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgnexlogo.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgnbotl.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgnbotr.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgnright.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgnleft.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:34:59 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/lgnbotm.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:35:01 W3SVC1 192.168.100.4 POST /owa/lang.owa - 443
> > domain\user 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/premium.css - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/error.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/copy.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> > 2008-02-25 22:35:01 W3SVC1 192.168.100.4 GET
> > /owa/8.1.240.5/themes/base/expnd.gif - 443 - 192.168.100.33
> > Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322) 200
> > 0 0
> >
> > I don't really know what I'm looking at in the log, but nothing jumps out
> > at
> > me.
> >
> > The error in IE is: A problem occurred while trying to use your mailbox.
> > Please contact technical support for your organization.
> > It is followed by 2 links, "Copy error details to clipboard" and "Show
> > details" which is what I put in the orignal post.
> >
> > Jeff
> >
> > "M3 PostMasters" wrote:
> >
> >> What is mentioned in your IIS logfiles when the user tries to
> >> authenticate
> >> to the CAS server? Also, do they recieve an IE error? If so, what's the
> >> error please?
> >>
> >> --
> >> Richard Rodgers
> >> M3 PostMasters
> >> M3PostMasters@nospam.m3tg.com
> >> M3 Technology Group
> >> www.m3tg.com
> >>
> >>
> >>
> >> "StillLearnin" wrote in message
> >> @microsoft.com...
> >> >I have some users that can't access Exchange 2007 SP1 using OWA. Out of
> >> >the
> >> >2
> >> > that I'm working on, one was moved from Ex2003, one was newly created
> >> > in
> >> > Ex2007.
> >> >
> >> > The inheritable permissions is checked for the user and all OU's. The
> >> > top
> >> > OU
> >> > is a member of the Exchange Servers group per:
> >> > http://technet.microsoft.com/en-us/library/bb885050(EXCHG.80).aspx
> >> >
> >> > The msExchVersion is correct.(KB941146)
> >> > The Locale is the same.
> >> >
> >> > I have compared Effective Permissions to a working user account, and
> >> > they
> >> > are the same.
> >> >
> >> > Both users can connect using Outlook 2003.
> >> >
> >> > I have run DcDiag on my domain controllers, with no errors.
> >> > Active Directory Best Practices Analyzer doesn't report any problems
> >> > either.
> >> >
> >> > Here is the error information:
> >> >
> >> > Request
> >> > Url: https://mail.mydomain.com:443/OWA/lang.owa
> >> > User host address: 192.168.1.9
> >> >
> >> > Exception
> >> > Exception type:
> >> > Microsoft.Exchange.Data.Storage.StoragePermanentException
> >> > Exception message: There was a problem accessing Active Directory.
> >> >
> >> > Call stack
> >> >
> >> > Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
> >> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext
> >> > owaContext, OwaIdentity logonIdentity, CultureInfo culture, String
> >> > timeZoneKeyName, Boolean isOptimized)
> >> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext
> >> > owaContext)
> >> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext
> >> > owaContext, UserContextCookie userContextCookie)
> >> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext
> >> > owaContext)
> >> > Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext
> >> > owaContext)
> >> > System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
> >> > System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
> >> > completedSynchronously)
> >> >
> >> > Inner Exception
> >> > Exception type: Microsoft.Exchange.Data.Directory.ADOperationException
> >> > Exception message: Active Directory operation failed on
> >> > myDC.mydomain.com.
> >> > This error is not retriable. Additional information: Insufficient
> >> > access
> >> > rights to perform the operation. Active directory response: 00002098:
> >> > SecErr:
> >> > DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
> >> >
> >> > Call stack
> >> >
> >> > Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection
> >> > connection, DirectoryRequest request, DirectoryException de, Int32
> >> > totalRetries, Int32 retriesOnServer)
> >> > Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
> >> > entry, DirectoryRequest request, ADObjectId originalId)
> >> > Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject
> >> > instanceToSave,
> >> > IEnumerable`1 properties)
> >> > Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
> >> >
> >> > Inner Exception
> >> > Exception type:
> >> > System.DirectoryServices.Protocols.DirectoryOperationException
> >> > Exception message: The user has insufficient access rights.
> >> >
> >> > Call stack
> >> >
> >> > System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32
> >> > messageId, LdapOperation operation, ResultAll resultType, TimeSpan
> >> > requestTimeOut, Boolean exceptionOnTimeOut)
> >> > System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest
> >> > request, TimeSpan requestTimeout)
> >> > Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest
> >> > request, LdapOperation ldapOperation)
> >> > Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADRawEntry
> >> > entry, DirectoryRequest request, ADObjectId originalId)
> >> >
> >> > Any more ideas? I don't know what else to check...
> >> >
> >> > TIA,
> >> > Jeff
> >>
> >>
> >>
>
>
>
|
|
| Back to top |
|
|
|
|
| Related Topics: | Delegate Access with Outlook 2007 and Exchange 2007 I have Exchange2003 and Exchange2007 co-existing at the moment with userA on a 2007 mailbox and userB still on 2003. UserA has (review) access to userB's inbox. In Outlook 2003 this works as normal but in Outlook 2007 when userA tries to open userB's inbo
Vista, IE7, Office 2007, Outlook Web Access to non 2007 Exch Home : Vista, Office 2007, IE7 Work: Exchange version is not 2007. Work claims the hot fixes described in Article ID: 911829 have been applied. I can access my mail using OWA but when I click reply the form that comes up will not let me enter any message.
OWA 2007 not access mailbox EX2003 Hi 1 x Cas with OWA only and 1 x 2000 BE Im trying to access to This works once the user's mailbox is on the 2007 server. If a user is on a 2003 BE - I get a page cannot be displayed HTTP and 404. What am I missing?
IMAP Exchange Global Address Book Access Hello everybody. Is there a way to configure IMAP clients, such as Outlook express to access the Exchange Global Address Book? I have tried adding a directory service to Outlook Express, and have had no luck getting it to work, and am not even sure if t
Vista + Outlook 2007 + Exchange 2007 Free Busy Problem Hi, A client of mine is in a middle of a transition from Exchange 2003 to Exchange 2007. Users that try to access free busy information from Windows Vista machines and Outlook 2007, get an error message that free busy is unavailable. When the same mailbox |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
