locked
OWA don't work for domain admins RRS feed

  • Question

  • Owa is working for all domain users except for domain admins. How can we solve this problem?

    We user Exchange 2003 and we get the error ;

    You could not be logged on to Outlook Web Access. Make
    sure your domain\user name and password are correct, and then try again.

    Username and password are good ofcourse :-)

    Thursday, May 31, 2012 11:56 AM

All replies

  • Something is probably pretty seriously messed up with your permissions.  Though, actually, I would consider this a "feature" since your administrators should probably not have mailboxes in the first place.  :-) 

    Can these folks access Exchange through Outlook?   If so, it may be the that the permissions on the \Exchweb folder has got a deny in place for Administrators or Domain Admins.


    Jim McBee - Blog - http://mostlyexchange.blogspot.com

    Friday, June 1, 2012 4:00 AM
  • I'am the administrator and have a mailbox. I've checked the permissions on the exchweb but it looks good.

    Friday, June 1, 2012 6:22 AM
  • Hi,

    Please try to create user and then add the user to domain admins group to test the issue.

    Do you have split Domain permission model configured?

    Working with Active Directory Permissions in Exchange Server

    http://technet.microsoft.com/en-us/library/bb124223(v=exchg.65)

    Besides, Liza is a free tool for Active Directory environments which allows you to display and analyze object rights in the directory hierarchy. You can have a try.

    http://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated-permissions-en-us.aspx

    http://www.ldapexplorer.com/en/liza.htm


    Xiu Zhang

    TechNet Community Support


    • Edited by Xiu Zhang Friday, June 1, 2012 9:01 AM
    Friday, June 1, 2012 9:01 AM
  • On Fri, 1 Jun 2012 06:22:05 +0000, J.A. van der Feest wrote:
     
    >
    >
    >I'am the administrator and have a mailbox. I've checked the permissions on the exchweb but it looks good.
     
    Jim's referring to the fact that accounts that are members of
    "priviledged" groups (like Domain Admins) have permission inheritenc
    blocked on their user accounts. That prevents Exchange from receiving
    the permissions necessary to deal with the mailbox properly.
     
    The reason why user accounts with elevated permissions shouldn't have
    a mailbox will become evident the first time they open a message with
    an worm/virus/rootkit link in it. Those are bad enough when it's just
    a "normal" user but, oops! you just gave away the userid and password
    to the whole forest!
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Saturday, June 2, 2012 1:58 AM