22 Juni 2012 15:07
Hello, we have started to see an issue when a user access Outlook Web App and attempts to view a message receives an Access Denied pop up box. All three of the CAS servers we have are doing the same and all are running Exchange 2010 SP2. One of the three was just build from scratch a week ago and is showing the same issues. I have found that is Group by Converstations is removed the issue goes away.
Anyone have any ideas? I have tried reseting the OWA virtual directory and I am seeing next to nothing as far as errors with Event Viewer. Even increased logging levels for OWA with no help.
22 Juni 2012 19:06
Do the IIS logs give any indication of errors?
Sounds like a permission error, not sure if it will help but can you check if "inherited permissions" checkbox is selected for a user?
25 Juni 2012 9:23Moderator
Does this issue occur to all the message and all the users?
27 Juni 2012 15:53
Simon_Wu, yes this happens to all users on all messages. As soon as you turn off Group by Conversation, everything works correctly.
DareDevil57, there is not indications in the logs of any issues.
The oddest part is all three of these servers were built within the last 3 months and the same issue occurs on all 3 CAS servers so somehow I managed to create this issue 3 times in a row. I did not not anything unusual during the install process so I am not sure if it is something with a Windows patch or with Exchange 2010 SP2. I am going to be applying Exchange 2010 SP2 RU3 in the near future, but I'm not sure if that will help.
25 Juli 2012 13:03Quick update. I installed RU3, but that made no change. The odd thing is one of my servers started to work correctly all of the sudden, but the other two still give the Access Denied. I have three servers CAS01, CAS02, and CAS03. All are rebuilt servers within the last few months. CAS01 is a completely rebuild machine, however it was renamed back to the same name as an older server that was functioning correctly prior to the rebuild. Could there be something in the metadata with AD that would have remained resident even after a rebuild that would cause that server to function correctly? I'm seriously out of ideas on this one, I have users turning off Group by Conversations to use OWA.