Discriminating OWA access....

Discriminating OWA access....

Post by Blair Haithcoc » Wed, 27 Nov 2002 23:09:53



 We have OUs created to represent our orginizational structure.  In one
particular OU, any user created under it, is denied access to OWA.  Logging
into a workstation as that user and going into OWA, the user should
automaticaly see his email and everything, but not these users.  When they
try to hit the OWA they are prompted to login.  When they try to login, it
fails.  These users can access their email using Outlook, no problem.  On
two different occasions I've seen it where a duplicated user account will
show up, but the second account will have alot of garbage immediately after
the name, within the name (i.e. orig=Testuser, dup acct=
Testuser~8734htkrjhrfkgjhe48)

Any ideas?

 
 
 

Discriminating OWA access....

Post by Rich Matheisen [MVP » Thu, 28 Nov 2002 12:49:16



> We have OUs created to represent our orginizational structure.  In one
>particular OU, any user created under it, is denied access to OWA.  Logging
>into a workstation as that user and going into OWA, the user should
>automaticaly see his email and everything, but not these users.  

That sounds positively schizophrenic. This user should see his mail
but not this user? Yikes!

Quote:>When they
>try to hit the OWA they are prompted to login.  When they try to login, it
>fails.  

Okay.

Quote:>These users can access their email using Outlook, no problem.  

I'd like to think so.

Quote:>On
>two different occasions I've seen it where a duplicated user account will
>show up,

Show up where? OWA doesn't create user accounts, nor does Exchange.

Quote:>but the second account will have alot of garbage immediately after
>the name, within the name (i.e. orig=Testuser, dup acct=
>Testuser~8734htkrjhrfkgjhe48)

And where does this "show up"?

Quote:>Any ideas?

Not a clue. I'm confused by your explanation.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

 
 
 

Discriminating OWA access....

Post by Blai » Thu, 28 Nov 2002 21:35:27


You're right, my explanation kinda sucks, but the following shows up in
Active Directory Users and Computers.  It's only happend twice, but each
time it's been in those particular OU's.

"but the second account will have alot of garbage immediately after
the name, within the name (i.e. orig=Testuser, dup acct=
Testuser~8734htkrjhrfkgjhe48)"

The question is:  How mcould some uses be allowed to use the OWA and others
not, when there has been no special priviledges granted or taken away.
Those users are getting:
HTTP/1.1 401 Unauthorized
after their third login attempt.  This is the case for any user I created
under this OU, and I know for a fact that there aren't any group policy's
floating around that might prevent their using OWA.

I hope this explains a little better.




> > We have OUs created to represent our orginizational structure.  In one
> >particular OU, any user created under it, is denied access to OWA.
Logging
> >into a workstation as that user and going into OWA, the user should
> >automaticaly see his email and everything, but not these users.

> That sounds positively schizophrenic. This user should see his mail
> but not this user? Yikes!

> >When they
> >try to hit the OWA they are prompted to login.  When they try to login,
it
> >fails.

> Okay.

> >These users can access their email using Outlook, no problem.

> I'd like to think so.

> >On
> >two different occasions I've seen it where a duplicated user account will
> >show up,

> Show up where? OWA doesn't create user accounts, nor does Exchange.

> >but the second account will have alot of garbage immediately after
> >the name, within the name (i.e. orig=Testuser, dup acct=
> >Testuser~8734htkrjhrfkgjhe48)

> And where does this "show up"?

> >Any ideas?

> Not a clue. I'm confused by your explanation.

> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

 
 
 

Discriminating OWA access....

Post by Rich Matheisen [MVP » Fri, 29 Nov 2002 12:50:58



>You're right, my explanation kinda sucks, but the following shows up in
>Active Directory Users and Computers.  It's only happend twice, but each
>time it's been in those particular OU's.

>"but the second account will have alot of garbage immediately after
>the name, within the name (i.e. orig=Testuser, dup acct=
>Testuser~8734htkrjhrfkgjhe48)"

>The question is:  How mcould some uses be allowed to use the OWA and others
>not, when there has been no special priviledges granted or taken away.
>Those users are getting:
>HTTP/1.1 401 Unauthorized
>after their third login attempt.  

This is a failure to authenticate. It's not related to Exchange.

Can you tell if the error is 401.1 (logon), 401.3 (ACL), 401.4
(filter), or 401.5 (ISAPI)?

Quote:>This is the case for any user I created
>under this OU, and I know for a fact that there aren't any group policy's
>floating around that might prevent their using OWA.

If the error only happens for users in a specific OU then I'd be
looking at the OU to see what's different.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm