IWA automatically re-enables on OWA folders.

This is a bit of a strange one.

We're running OWA on an E2k3 cluster in support of a large client base
of mixed Win2k and XP Pro clients.  Our site is SSL secured and
therefore we have manually DISABLED Integrated Windows Authentication
on the Exchange virtual directory within Exchange System Manager,
leaving only basic enabled.

The system has been running fine for months but recently we ran into a
problem where none of our Win2k clients could log on.  After a whole
hunt, we found that this was because Integrated Windows Authentication
had mysteriously switched itself back on!

Microsoft say our UPN logons were failing because of the 2k version of
credui.dll which cannot process UPN logons through IWA whereas the XP
version can.  Sure enough, when we manually disabled IWA again, the
problem disappeared.

However, this doesn't explain why that setting switched itself on.
This wasn't a once off either and has happened several times since
then - with nothing obvious in the event logs, no failover, servers
just sitting there...

Bizarro; anyone got any ideas?
0
jabbrwcky (2)
5/23/2005 11:19:55 AM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
285 Views

Similar Articles

[PageSpeed] 56

Where are you making the authentication change?  If you are changing this in 
IIS Manager, the problem may be a process called DS2MB, where the settings 
within Exchange System Manager (hence AD) override (and overwrite) the 
settings in the IIS Metabase.  IIRC, the DS2MB process runs every 15 
minutes.

Go into ESM, server, protocols, HTTP, Exchange Virtual Server, Exchange 
properties, then Access tab, Authentication button.  Make sure that 
Integrated is not checked.  If it is, uncheck it in here and not in IIS 
Manager.

-- 
Ben Winzenz
Exchange MVP
MessageOne


"Jab Wocky" <jabbrwcky@hotmail.com> wrote in message 
news:6rd391hh0e5b3ubl7bjoe09ctf8pf7k36m@4ax.com...
> This is a bit of a strange one.
>
> We're running OWA on an E2k3 cluster in support of a large client base
> of mixed Win2k and XP Pro clients.  Our site is SSL secured and
> therefore we have manually DISABLED Integrated Windows Authentication
> on the Exchange virtual directory within Exchange System Manager,
> leaving only basic enabled.
>
> The system has been running fine for months but recently we ran into a
> problem where none of our Win2k clients could log on.  After a whole
> hunt, we found that this was because Integrated Windows Authentication
> had mysteriously switched itself back on!
>
> Microsoft say our UPN logons were failing because of the 2k version of
> credui.dll which cannot process UPN logons through IWA whereas the XP
> version can.  Sure enough, when we manually disabled IWA again, the
> problem disappeared.
>
> However, this doesn't explain why that setting switched itself on.
> This wasn't a once off either and has happened several times since
> then - with nothing obvious in the event logs, no failover, servers
> just sitting there...
>
> Bizarro; anyone got any ideas? 


0
Ben
5/23/2005 1:27:32 PM
On Mon, 23 May 2005 08:27:32 -0500, "Ben Winzenz [Exchange MVP]"
<ben_winzenz@NOSPAMdotmessageonedotcom> wrote:

>Where are you making the authentication change?  If you are changing this in 
>IIS Manager, the problem may be a process called DS2MB

Cheers for the idea Ben, but we'd already thought of that one; the
change is definitely made in ESM and will stick for a few weeks before
being overridden - we've just no idea how or why...
0
jabbrwcky (2)
5/23/2005 2:16:58 PM
Reply:

Similar Artilces:

Re-print pay stubs for current/closed year.
Is there a way i can view or print pay stubs for current/closed year? Thanks, Hetal. ...

Automatic Toolbar
When we click on a hyperlink, the Web toolbar is automatically loaded. Other toolbars automatically appear for other actions. Is there any way we can disable this feature? From a previous thread: http://groups.google.com/groups?threadm=3F25EA4F.E6C51A45%40msn.com Kevin wrote: > > When we click on a hyperlink, the Web toolbar is > automatically loaded. Other toolbars automatically appear > for other actions. Is there any way we can disable this > feature? -- Dave Peterson ec35720@msn.com ...

Running a macro automatically from a formula
can you somehow run a macro automatically from a formula with a specific criteria? Basically having a macro run by itself if a formula's criteria is met. I have a macro assigned to an active X control to copy formulas when I click it. My problem is when I delete a row of data and click on the active X control, there is an extra row of formula's copied because I have removed one. My idea was to have a formula determine whether or not there was to many formulas and then have a macro run automatically to delete that extra row if that was the case. Any ideas? Hi Macros can be started fr...

import folders from OE to O2002
my problem: i'd like to migrate all my email history (messages (in several folders), addresses, etc.) from Outlook Express 6.0 to MS Outlook 2002 ok i know.. use the "import/export", i use it, but i dont know where are my folder from outlook express to outlook 2002. when i import the folders i see a progress bar and all work fine, no errors. but only see messages in the "inbox" folder =/ any help plz! guarez <guarezkredit@yahoo.es> wrote: > i'd like to migrate all my email history (messages (in > several folders), addresses, etc.) from Outlook E...

Re: Word 2001 for Mac and Color Stylewriter 1500 problem
Discussion ongoing on microsoft.public.mac.office.word, which gets more traffic anyhow. "Peter Gurney" wrote: > Dear Expert, > > There seems to be an incompatibility between MS Word 2001 for Mac (for which > I have run the latest updater) and the Color Stylewriter 1500 printer driver > vZ2-2.2.1 which is part of the Mac OS 9.1 software. > > Unlike other components of Office 2001 and other applications such as MS > Works 4.0, Claris Works etc which have A4 as an option in the pop-up menu > for page size, with Word 2001 this is not available and so I hav...

Password Change Option on OWA
Is there any reason I shouldn't change the option to allow users to change their password from OWA? Microsoft must have had a reason to not make it available by default. -- Paul Bergson It isn't available by default beause SSL is required by default in order to be able to change passwords. Since SSL cannot be enabled until you have installed a certificate, it makes sense to not have the ability to change passwords via OWA on by default, right? -- Ben Winzenz Exchange MVP "Paul Bergson" <pbergson_nospam@allete.com> wrote in message news:%23G8VO6uLFHA.3016...

Active-sync points to a non-existant folder
Our 'Microsoft-Server-ActiveSync' (exchange 2003-server) points a non-existant folder C:\Program Files\Exchsrvr\OMA\Sync. The 'Sync' part is missing. Do I have to make this folder manually, is it an empty folder, or can I assume something more is missing or went wrong during or after installation ? TIA Rudy Steyaert ...

How do I access public folders?
I am using Exchange 2000 and Outlook 2002. I access my mailbox using IMAP but I can't figure out how to get to my Public Folders. I can access them in OWA. Thanks for any assistance. First - Public Folders are only on an exchange Server enviroment. (You must have that since you can see them in OWA) The Public folders are at the bottom of the pst, or folder boxes. Then you need to expand a few times to see the Public one's that allow you to poast or whatever. If you do not see them then your permission are not set properly at the Exchange Server. Larry >-----Original M...

Outlook 2003 does not display contents of "Notes" folder
Outlook 2003 does not display the contents of my Notes folder when I click on the Notes "button" at the bottom of the left window pane. The left window pane gets updated but the right window pane still displays the previous folder. For example, I click on the Mail button. Next I click on the Notes button. The left pane changes to list a choice of views (which are MAIL-specific) but the middle pane still shows my inbox and the right pane still the mail preview. If I click on Tasks then Notes, the left pane lists a choice of views (which are TASKS-specific) but the right pa...

email gets trapped in the queue folder....ugh!!
am experiencing a very annoying problem with an exchange 5.5 server on an NT server, that also uses a win 2000 server as the default smtp server. It seems that the queue in the inetpub/mailroot folder is receiving a large amount of spam....this is good. However, the problem lies in the fact that there is also some good email getting trapped in here.......and this "good" email seems to be originating from one sender that our company has alot of communication with. What the heck is the purpose of the "queue" folder, and why would healthy email be getting stuck here? When...

Default folder for replying to emails
Version: 2008 Operating System: Mac OS X 10.6 (Snow Leopard) Processor: Intel Email Client: pop In Outlook there was an option to automatically save a reply in the same folder as the original email message. Now that I have bought an iMac I can't find a similar option in the Entourage Preferences. Does this option exist? Or do I have to move the reply from 'Sent Mail' to the desired folder manually? ...

failures moving/copying public folders from exchange 5.5 to pst with outlook 2000/2003
good day. i'm a one-man network shop with exchange 5.5 on nt4, outlook 2000 on win2k, and (seemingly random) messages in the public folders on the exchange that outlook is unable to copy to a pst. searched knowledge base at least 6 different ways, and have been unable to locate anything to help me get the messages copied. when copy attempted with outlook, either 2000 or xp, dialog says "Can't copy the items. Some items could not be copied. They were either moved or deleted, or access was denied." seems to recreate the entire pf structure in destination pst, and moves SO...

Which OWA 2003 ports to I need to open?
Hi, I have installed Exchange 2003 in our test lab, but how can I get OWA to work from the internet, I need to NAT my ourside address to this internal server, but which ports do I need to use? Andy "Andy" <anonymous@discussions.microsoft.com> wrote in message news:593f01c4748b$e3a34220$a301280a@phx.gbl... > Hi, I have installed Exchange 2003 in our test lab, but > how can I get OWA to work from the internet, I need to > NAT my ourside address to this internal server, but which > ports do I need to use? > > Andy Http 80, or for secure https 443 ...

Re: Outlook 2000
I am using and have always used Outlook NOT Outlook Express, and I search for .pst on my old data and there are no such files. I have older .pst saved on CD's but I want the latest info when XP crashed. Alec <anonymous@discussions.microsoft.com> wrote: > I am using and have always used Outlook NOT Outlook > Express, and I search for .pst on my old data and there > are no such files. There must be. It's in a hidden file, however. You must enable showing hidden files and folders in Folder Options. Control Panel>Appearance and Themes>Folder Options>View&g...

Public Folder Send on Behalf permissions
I've got a mail enabled public folder with an SMTP address. Mail comes into this folder. When users pick up an item that has come in, and reply, the mail get's send out with the users own SMTP address. I'd like the from: address to be the SMTP address of the public folder, so additional reply's come into the folder again. Send on behalf settings on the public folder sounds like the answer. But I can't get it to work. I've added users to the Send on Behal list, but the users still get an error when sending. In addition, I added the user to the ACL (full control) ...

OWA SSL problem... please help
Hi, We have an Exchange Server with OWA on SSL. 2 Days ago something happened to the SSL on IIS. On accessing the https://mailserveraddress/exchange website the certificate or login prompts do not appear. Instead I get a "page cannot be displayed" error. When SSL is disabled (http://mailserveraddress/exchange) OWA works just fine. I have tried everything I could find on MS KB with little success. Does somebody know how to resolve this problem and get Certificate Services back up on IIS ? Thank you for your help Sai Krishnakumar ...

Shared calendar write access via OWA
My goal is to give another user full access to my calendar (ie read and write) but not access to my inbox, contacts, etc... If I use the Outlook 2003 client to grant another user full access to the calendar then the user can get to the calendar via OWA (ie http://myserver.com/exchange/username/calendar) but no matter what rights I grant they only have read access. If I go to the server and use "active directory users and computers" to grant the user access to the mailbox then they do get write access to the calendar via OWA but they also get full access to the Inbox and everyht...

Recovered items never show up in the Deleted Items folder
We recently implemented a Group Policy that empties the Deleted Items folder when a user exits Outlook (without a warning). Since implementing the policy several users have reported that when they try to recover deleted items using the Recover Deleted Items tool, the recovered items never show up in their Deleted Items folder. We are running Exchange 2003 SP2 and Outlook 2003, cached mode. When I turn off cached mode, the affected users can open Outlook "connected" and the previously missing items are in their Deleted Items folder. They can also see them when using OWA. I...

automatic changes on my workbook
Version: 2008 Operating System: Mac OS X 10.6 (Snow Leopard) Processor: Intel <i>have created an extensive workbook and now whenever i open it up, with out me making changes, when i try to close it the workbook asks if i &quot;want to make changes to the workbook&quot;</i>&#32;<br><br>how can i check for the changes being made to the work book? <i>know that i am not physically making them- sometimes i just open the workbook to check on this- and close it right away- same message</i> Whenever you open an Excel workbook, Excel will recalcul...

Enable Change password through OWA?
How do I enable them to change their passwords using OWA on an exchange 2003 server? Thanks http://support.microsoft.com/kb/297121/en-us -- Bharat Suneja MCSE, MCT www.zenprise.com blog: www.suneja.com/blog ----------------------------------------- "Boe" <boe_d@notspam.hotmail.com> wrote in message news:OZgQEw4RGHA.5036@TK2MSFTNGP12.phx.gbl... > How do I enable them to change their passwords using OWA on an exchange > 2003 server? > > Thanks > Thank you! "Bharat Suneja" <bharatsuneja@no.spam.org> wrote in message news:OFrGu44RGHA...

Re: Unable to open exchange 2000 mail box using Outlook 2003
"Ken Tech" <vtechakamphousha@4bizinet.com> wrote in message news:... > Urgent!!! > > My company has Exchange Server 2000 + latest sp on Win2k Server. Client > machines contain Outlook 2000, Outlook XP, and Outlook 2003. All outlook > versions work fine (can connect to exchange server and browse mailbox for > each user. > > Then I try to upgrade Exchnage server 2000 to 2003, the pre-install step has > been done but the program cannot be installed due to inproperly of ADC > version. The upgrade was cancel. > > After that outlook 2003 user cann...

Help needed re: parameter query
I create a parameter query to allow users to check records with interview dates that fall between a specific time window on a timely basis. To do so, I first create 2 fields as: start_date: [On! or AFTER (m/d/yyyy):] end_date: [On or BEFORE (m/d/yyyy):] Then for the "interview date" field, I put in the criteria: >=[On or AFTER (m/d/yyyy):] And <=[On or BEFORE (m/d/yyyy):] This way when opening/running the query, the user will be prompted to enter a start date and an end date. However, the test run picks up one record that falls outside the range (along with all other r...

Auto Delete Junk Email Folder contents every week
Hi; Have anyone tried successfully to delete the mailbox's junk email folder contents maybe on a weekly basis...? Cheers.... In the Folder List view right-click Junk E-mail and go to properties, select "Archive this folder using these settings:", specify the length of time and then select "Permanently delete old items" "mustang" <colincolvelmustang@yahoo.com.sg> wrote in message news:3280c00.0406141942.7d647d0a@posting.google.com... > Hi; > > Have anyone tried successfully to delete the mailbox's junk email folder > contents maybe ...

Outlook 2003 confusing folders from multiple HTTP email accounts
Hello all, I recently moved from Outlook Express to Outlook 2003. I have multiple HTTP (Hotmail) accounts that I migrated. Very often, Outlook 2003 confuses the folders from these accounts, such that I click on the inbox for account A and see the mail in the inbox in account B. When it does this, it seems to do it for all of the folders in common (so the junk email folder for account A also shows the junk email for account B). I noticed this some in Outlook Express, but Outlook 2003 does this all the time. Is there a remedy? Closing Outlook and re-opening it _sometimes_ fixes the problem. Th...

Automatically mail for birthdates
Hi; I have tried to create a rule for accounts and contacts in order to send mail for birthdates. But I cant see the fields in the fields of these objects . And also I have tried to assign a case if the owner does not respond in 12 hours. How can I do this? Alper Can ...