Domain Users Cannot Login to OWA unless they are Local Admin

Only way for anybody to login to OWA is by making them a local admin on the 
OWA server. This is what I think is the chain of events. The server was moved 
to a new OU with a different GPO applied a few weeks ago. We are using the MS 
High Security template with then another GP with the exceptions needed to 
enable services, rights, etc. Today the server was rebooted, now OWA doesn't 
allow users to login. This took something away but don't know exactly what. 
We have moved server back to original OU and ran GPUPDATE /FORCE but there 
must be something that was taken away by the other GP they is not configured 
in the old GP. We have checked the NTFS permissions, IIS permission but it 
looks like it is something with the logon locally to the server? What are the 
basic local rights/groups that a user must be in to access OWA?
0
Zboy (4)
9/22/2005 3:34:02 AM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
556 Views

Similar Articles

[PageSpeed] 28

That would probably depend on the version of Exchange you're running.
-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Zboy" <Zboy@discussions.microsoft.com> wrote in message 
news:CC2B7CAB-8FAA-4DB4-B055-1DB2FD0BC176@microsoft.com...
> Only way for anybody to login to OWA is by making them a local admin on 
> the
> OWA server. This is what I think is the chain of events. The server was 
> moved
> to a new OU with a different GPO applied a few weeks ago. We are using the 
> MS
> High Security template with then another GP with the exceptions needed to
> enable services, rights, etc. Today the server was rebooted, now OWA 
> doesn't
> allow users to login. This took something away but don't know exactly 
> what.
> We have moved server back to original OU and ran GPUPDATE /FORCE but there
> must be something that was taken away by the other GP they is not 
> configured
> in the old GP. We have checked the NTFS permissions, IIS permission but it
> looks like it is something with the logon locally to the server? What are 
> the
> basic local rights/groups that a user must be in to access OWA? 


0
curspice6401 (3487)
9/23/2005 2:47:59 AM
It is Exchange 2003sp1. Thanks but the problem has been resolved. We created 
an expection GPO to "allow logon locally" to the "authenticated users" group.

"Ed Crowley [MVP]" wrote:

> That would probably depend on the version of Exchange you're running.
> -- 
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
> 
> "Zboy" <Zboy@discussions.microsoft.com> wrote in message 
> news:CC2B7CAB-8FAA-4DB4-B055-1DB2FD0BC176@microsoft.com...
> > Only way for anybody to login to OWA is by making them a local admin on 
> > the
> > OWA server. This is what I think is the chain of events. The server was 
> > moved
> > to a new OU with a different GPO applied a few weeks ago. We are using the 
> > MS
> > High Security template with then another GP with the exceptions needed to
> > enable services, rights, etc. Today the server was rebooted, now OWA 
> > doesn't
> > allow users to login. This took something away but don't know exactly 
> > what.
> > We have moved server back to original OU and ran GPUPDATE /FORCE but there
> > must be something that was taken away by the other GP they is not 
> > configured
> > in the old GP. We have checked the NTFS permissions, IIS permission but it
> > looks like it is something with the logon locally to the server? What are 
> > the
> > basic local rights/groups that a user must be in to access OWA? 
> 
> 
> 
0
Zboy (4)
9/23/2005 2:35:03 PM
Reply:

Similar Artilces:

Heads-up to users of "Bitdefender"
A simple heads-up to users of "bitdefender" http://www.networkworld.com/news/2010/032010-bad-bitdefender-update-clobbers-windows.html -- Carmel Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________ ...

Excel.Application User-define Error
In trying to solve a Access to Excel data linking problem from Microsoft's site http://support.microsoft.com/kb/904953 I am trying to run the example and it dies on Dim xlApp As Excel.ApplicationThe error message I get is "Compile error: User-defined type not defined." Is there something I need to add like a reference in order to get this to work?Mike You need to add a reference to Excel (through Tools | References while in the VB Editor). Personally, I prefer using Late Binding, since setting a reference then limits your application to only those users with the same ...

T-SQL query for finding shared user and team records
Hi all, I'm new to CRM and would appreciate any help. I need to find account records that record owners have shared to users or teams in CRM. I've found out that this requires direct query to filtered view tables. Microsoft responded as below by I need actual T-SQL query. Can anyone help with this? You would need to write a query against the PrincipalObjectAccess table and you would need to have joins to the other related tables. If you tried to have it all displayed using one query, it would be a pretty complex query. This is because you would need to join to the FilteredA...

Forward misspelled names to user account if doman is correct.
Is it possible to catch for instance a misspelled name like moike@domain.com that should be mike@domain.com and forward it to another account? It should be able to pick up anything (like *@domain.com) and forward it to joe@domain.com. Thanks in advance. Mike Are you really sure that you want to do this? If so, you can take a look at the methods listed here. http://hellomate.typepad.com/exchange/2003/08/exchange_catcha.html -- Ben Winzenz Exchange MVP MessageOne "pakitloss" <pakitloss@discussions.microsoft.com> wrote in message news:24DB863D-49F5-457A-BA47-B7D26F422...

User folder on desktop has a bad name
My name is Matteo (like User Name). Hence I had a User Folder on desktop named Matteo. Now it has a different name, but files inside are C:\Users\Matteo The wrong name is visible only on desktop How can I restore the correct name? "Allamarein" <matteo.diplomacy@gmail.com> wrote in message news:c9cd2878-a7ad-46c5-b802-a37c9d4f5b7a@d39g2000yqa.googlegroups.com... > My name is Matteo (like User Name). Hence I had a User Folder on > desktop named Matteo. Now it has a different name, but files inside > are C:\Users\Matteo The wrong name is visible only on deskto...

problem with deleting items via OWA on Vista
Good afternoon! We are working on a big project and I have heard from my colleagues that a couple of users are having problems when attempting to delete e-mails when using OWA. Now, unfortunately this is all I know. The colleague who has heard directly from the client is not available for the next several hours. Here is what I do know: Server-side: Exchange Server 2003 SP2 fully patched - did this myself Windows Server 2003 R2 fully patched Two different OUs (CORPORATE Users and KIOSK Users) - did this myself Two different Mailbox Stores (Corporate and KIOSK) - did this myself Differ...

How to get local ip address
Is there anyone know the API to get local machine ip address ? Use gethostbyname(name) can make it. "EagleChen" <xx@xx> ���g��l��s�D:eAO7ftO0DHA.548@tk2msftngp13.phx.gbl... > Is there anyone know the API to get local machine ip address ? > > Look at the docs for the IP Helper interfaces. These at least make it possible to get all IP addresses on multi-homed hosts. "EagleChen" <xx@xx> wrote in message news:eAO7ftO0DHA.548@tk2msftngp13.phx.gbl... > Is there anyone know the API to get local machine ip address ? > > you can use the geth...

CRM 4.0
Hi How does one configure a WF Local Service / Data Exchange Service in CRM 4.0? In a custom WF host I can accomplish this by specifying the service in the host application's configuration file. Is this approach possible with CRM 4.0? I understand that the workflow runtime is hosted by the CRM Asynchronous Service, and I have been able to register custom WF Activity as detailed in the CRM SDK documentation. However I can find no references to registering / configuring a local service. Any help much appreciated! Regards, Gareth On Oct 23, 1:38=A0pm, rgdav...@gmail.com wrote: > H...

User Activity window in GP 9
Hi! Does anyone know why GP removed the User Activity option under Tools-Setup-System in GP 9? How can you tell who's logged in the system without going to SQL Query Analyzer or Enterprise Mgr? Thanks -- Marisol Mortera Hi Marisol, Now found under Tools --> Utilities --> System Robert Marisol wrote: > Hi! > > Does anyone know why GP removed the User Activity option under > Tools-Setup-System in GP 9? How can you tell who's logged in the system > without going to SQL Query Analyzer or Enterprise Mgr? Thanks ...

User form problem
I have made a userform, which works great. However i have a problem. I would like the userform to only load up when the template file i opened. I do not want it to load when saved workbook copies of th template are opened. The system I am creating is an invoice system, and thus the loading o the userform is only necessary upon opening the template, not any othe files. Is this possible to do? Any help would be appreciated. Thanks. Z -- Message posted from http://www.ExcelForum.com Hi Zairn You can check the Len of the Thisworkbook.path in the Macro. A template have no path Sub test() I...

User Deleted From Active Directory Still holds a License
Hi All, So along time ago a user was deleted from our Active Directory and she still holds a license. How do I free up her license. I have tried threw the front end but it gives me the error "make sure object exsists in the active directory." any ideas Mark See the answer above. Matt Parks MVP - Microsoft CRM ---------------------------------------- ---------------------------------------- On Tue, 1 Mar 2005 16:09:03 -0800, "ACDMark" <ACDMark@discussions.microsoft.com> wrote: Hi All, So along time ago a user was deleted from our Active Directory and she st...

Slow Login #2
I am having issues with a machine which does not host the Store Operations DB being slow to sign in. When the cashier signs in it thinks for about 10 seconds then lets you in to POS. They are on a 100mb network but suspect it is a comms issue backto thw SO. ...

Unable to connect to other users mailbox
Hello, I’ve just added a second exchange server to our Org, and found that users on the new server can not open mailboxes on the old server after I moved their mailbox, which they were able to do before the migration. It’s been 2 days now so I know AD replication is not the issue. When someone attempts to open a mailbox on the old server, Outlook (2003) throws the error: “Unable to display the folder. The information store could not be opened.” I have read article 830830 from the knowledge base. I did not follow the instructions because the msExchMailboxSecurityDescriptor attribute exi...

Word default paper size- networked user accounts
Word 2004- processors various, OS 10.5 How do I get Word to default to A4 (instead of US letter) for networked accounts? Hi Jeremy: The succinct answer to this is "By ensuring that your operating system locality preferences are set correctly before you install." Microsoft Office picks up all its global settings from the "Language and Text" system preferences in OS 10.6 (I think they were called something else in 10.5). If this has been done wrongly at installation, you need to set the System Preferences correctly and then delete the individual user's...

Money 2005 won't accept my Passport login
My Microsoft Passport is associated with my user name (first@firstlast.com). WHy won't Passport accept this? ...

send as another user
i gave one user right to access another user mailbox and enable "send on behalf" of him/her in exchange. back in outlook, when the user highlight the other user inbox and click on send...it still say his send from his name instead of the other user name? am i doing someting wrong? if so, can someone tell me how to make this thing work? thx in advance. "send on behalf" is NOT "send as" theyre 2 totally different things. send as is given via ADUC "vincentnyc" <vincentnyc@discussions.microsoft.com> wrote in message news:F2A6FD12-5080-47...

Exchange 2003 OWA Front End Server
Hello everyone, just a quick question regarding best practice for OWA. I have three large sites (about 500 to 700 users per site). In the main site (700 users), I wanted to use a Front End E2k3 Front End server and allow all users in the domain to have access to it. From the main site, i have VPN tunnels built to the other two sites using full T1 lines. My question is whether or not it's ok to use an OWA server as a front end server for remote mailbox stores. So a user that is in Europe would log into a front end server in North America to get to his or her mailbox through OWA. See w...

deleted IMAP messages appear in OWA
If I delete an email message in my IMAP client, why does the message not appear as deleted when I view my email via OWA or native Exchange MAPI? did you purge the imap folder? -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide) Author, Google and Other Search Engines (Visual QuickStart Guide) Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com Join OneNote Tips mailing list: http://www.onenote-tips.net/ Vote for your favorite Outlook and Exc...

User Manual for Pocket Money ???
I got Pocket Money from handmark for the palm pilot. Problem is, that, it does not come with a manual on how to use the software. Does anyone in this forum know where I can get a manual ? ... I just downloaded PocketMoney and I see a user manual in PDF and html in the installation folder. Otherwise, you can paste http://www.handmark.com/instructions/pm_manual.pdf into your browser to view the manual. Shelley Elmblad About Financial Software http://financialsoft.about.com About.com is part of The New York Times companies http://about.com richmarin@earthlink.net wrote: > I got Pocket...

Outlook cannot connect...OWA can
WinSvr2K3EE ExchSvr2K3EE Let's start with the sentence that we all know and love... The server has been working perfectly with no problems...until now. 8^)> I just restarted my server after applying some Microsoft updates. After restarting, I logged into the console and left the server at the desktop. From any of my 150 clients, including Outlook 2000, Outlook 2003, and OWA, only my OWA clients are able to login and utilize the email server now. When any of the Outlook clients log in, Outlook 2000 simply hangs forever and ever (I gave up after 15 minutes) and Outlook 2003 displ...

different domains
Hi there, How can I modify the OU in order to assign an especific domain to the users that belong to that OU? Suppose that I have two OUs, one called First and the 2nd one called second; and I have 10 peoples in each OU, but I have two domains, one colled domain1.com and the other one called domain2.com I want to create the 20 users, but once inside the OU the software should be able to assign the domain that belongs to tha OU. Is it possible? Tks a lot. tDL In the last exciting episode, "Administrator" <administrator@domoti-k.com> wrote: >Hi there, > >How can I ...

Block Users from changing permissions
How can i stop users from changing permissions on their mailboxes. For example, we have 20 CSR's that I what to block from being able to change how their calender and contacts are shared. Only managers should be able to access their calenders, but they like to grant each other the permissions to do so. Also, is there a way to do this by group or mailbox store? I have tried playing with the permissions on the Exchange Advanced tab in AD users and computers to no avail, i have checked the deny on change permissions on Self, but it doesnt seem to have any affect. Thanks PS. Exchange 2003 S...

crm contact and user
The system needs to allow a CRM User to also be a contact without incident. Right now when you Promote an email to an activity in SFO any email addresses for people that are contacts and users are unresolved. This needs to work automatically! For me it would be sufficient if users are also synchronised to the Outlook contacts. We added all users as contacts to get them down to Outlook and further to the PDAs. Now the mails are not resolved. Kai "JD_CRM_User" wrote: > The system needs to allow a CRM User to also be a contact without incident. > Right now when you Pr...

Exchange 2003 and 2000 coexisting to seperate domains
I want to be able to sync up the directory information for both companies. I want to be able to search the GAL for employees at ABC as well as employees at XYZ. How do I accomplish this and can you provide some documentation. I think the best way to do this is inter-organizaiton connection agreement. I have yet thought to find any documentation on how to really configure this between to seperate sites. To synchronize Recipients across Forests so that they show up in each others' GALs, you can use GALSync in MIIS Feature Pack. Rod Fournier has step-by-step instructions on his bl...

how do i create a local client rule for outlook 2003
hello has anyone ever been able to create a local client rule for outlook 2003? exchange 2003? I can create the rule to send it to a PST (i dont know whether this can be done) then when i run the rule it says there is an error with the rule and it turns red. Does anyone have the steps for how to get this to work? Thanks A does the pst exist and is it in your profile? -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Coauthor, OneNote 2003 for Windows (Visual QuickStart Guide) Author, Google and Other Search Engines (Visual QuickStart Guide) Outlook Tips: htt...