none
Exchange 2010 OWA problem - single user

    Question

  • I have an Exchange 2010 sp1 with rollup 5 environment. I have a single user that when trying to login to OWA puts in their credentials and the login screen flashes and then comes right back up - no errors. I've reset the password to ensure that's correct. I've verified that the user has OWA enabled in the EMC. I've tried from different machines and get the same results. I've checked the users security settings in AD to ensure she is inheriting permissions (just because this has caused other 2010 issues for me). I don't have any other users having this issue.

    Any ideas?

    Friday, October 28, 2011 10:01 PM

All replies

  • Try moving the user to another database?
    Sukh
    Friday, October 28, 2011 10:25 PM
  • How about the AD account?

    Expired? Disabled?

    Anything in the app log on the CAS when it fails?

     

     

    Friday, October 28, 2011 10:43 PM
  • Moved the mailbox to another db, didn't help.
    Saturday, October 29, 2011 1:47 AM
  • The account is active and enabled.
    Saturday, October 29, 2011 1:48 AM
  • Did you try running the following command against their mailbox?

    set-Mailbox -identity "MailboxName" -ApplyMandatoryProperties

    That command will make sure they have all of the proper mailbox settings on their account for an Exchange 2010 server.


    Harness
    • Edited by Harness Saturday, October 29, 2011 2:44 AM
    Saturday, October 29, 2011 1:51 AM
  • I just tried your suggestion. It didn't help.
    Saturday, October 29, 2011 2:36 AM
  • How about this?

    get-mailbox “MailboxAlias | set-Mailbox -RoleAssignmentPolicy "Default Role Assignment Policy"


    Harness
    • Edited by Harness Saturday, October 29, 2011 2:49 AM
    Saturday, October 29, 2011 2:49 AM
  • What is the error code in IIS log when the issue occurs? please try the OWA logon in CAS server via https://localhost/owa, if the issue continues, verify the IIS log in c:\inetpub\logs\logfiles\W3SVC1.

    Hope it is helpful.


    Fiona
    Monday, October 31, 2011 7:17 AM
  • I tried logging in directly from the CAS server and still got the same experience. Here is the log details from this try. I apologize as I didn't know where this log entry stopped, so there may be an extra line. I've also substituted "domain\user" for the actual user:

    2011-10-31 15:05:14 ::1 POST /owa/auth.owa - 443 domain\user ::1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729) 401 1 1329 171


    2011-10-31 15:05:14 ::1 GET /owa/auth/logon.aspx url=https://localhost/owa/&reason=2 443 - ::1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729) 200 0 0 15


    2011-10-31 15:05:14 ::1 GET /owa/auth/logon.aspx replaceCurrent=1&reason=2&url=https%3a%2f%2flocalhost%2fowa%2f 443 - ::1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729) 200 0 0 0

    Monday, October 31, 2011 3:16 PM
  • Have you tried using a differnet browser?
    -Hieu
    Monday, October 31, 2011 6:05 PM
  • As a test, can you add this 1 user to the local admin group on the Exch 2010 server and test?

     


    Sukh
    Monday, October 31, 2011 6:14 PM
  • We've tried on different computers, but always on IE8. This is our mandated browser and doesn't cause issues for other users.
    Monday, October 31, 2011 6:55 PM
  • Just tried this, didn't help.
    Monday, October 31, 2011 6:55 PM
  • Are there any logon restrictions on the account?

    Have you tried logging on like domain\alias?

    As a test mentioned above, what if you try and use say FireFox?  Does it work?


    Sukh
    Monday, October 31, 2011 7:17 PM
  • I tried logging in directly from the CAS server and still got the same experience. Here is the log details from this try. I apologize as I didn't know where this log entry stopped, so there may be an extra line. I've also substituted "domain\user" for the actual user:

    2011-10-31 15:05:14 ::1 POST /owa/auth.owa - 443 domain\user ::1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729) 401 1 1329 171


    2011-10-31 15:05:14 ::1 GET /owa/auth/logon.aspx url=https://localhost/owa/&reason=2 443 - ::1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729) 200 0 0 15


    2011-10-31 15:05:14 ::1 GET /owa/auth/logon.aspx replaceCurrent=1&reason=2&url=https%3a%2f%2flocalhost%2fowa%2f 443 - ::1 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729) 200 0 0 0


    Error code 401.1 means 401.1 - Logon failed. See http://support.microsoft.com/kb/943891. You might be notice the related failure in Application log in GC server or Exchange server.

    Exchange 2010 OWA is supported in IE8, See http://technet.microsoft.com/en-us/library/ff728623.aspx.

    Based on the current situation, I would suggest you type the credentials in notepad, and then copy and paste it to try again. please try in different format, for example, domain\user, user@domain.  Hope it is helpful.


    Fiona
    Tuesday, November 01, 2011 4:20 AM
  • Paul, at some point you should just take the easy way ...

    1) Dump her mailbox to a PST from the client, or server, delete her AD account, create a new one and import the mail back

    OR

    2) Disable the mailbox in the exchange console, delete the AD account, and re-connect the mailbox to a new AD account

     

    In some cases, it's just faster and more thorough to create a brand new account and let the correct permissions and settings apply naturally. I wouldn't bother trying to find a needle in the stack when it can be solved quickly through creating a new account.


    • Proposed as answer by Kris Wilk Tuesday, November 01, 2011 5:16 AM
    Tuesday, November 01, 2011 5:15 AM
  • hi everyone, 
    my team have same issue:

    Was a typo in the account creation, User logon name had a “g” instead of “q”.
    double check your user name

    Regards,



    Wednesday, September 18, 2013 5:35 PM