|
Home > Archive > microsoft.public.exchange2000.admin > November 2002 > Discriminating OWA access....
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Discriminating OWA access....
|
|
| Blair Haithcock 2002-11-26, 8:23 am |
| We have OUs created to represent our orginizational structure. In one
particular OU, any user created under it, is denied access to OWA. Logging
into a workstation as that user and going into OWA, the user should
automaticaly see his email and everything, but not these users. When they
try to hit the OWA they are prompted to login. When they try to login, it
fails. These users can access their email using Outlook, no problem. On
two different occasions I've seen it where a duplicated user account will
show up, but the second account will have alot of garbage immediately after
the name, within the name (i.e. orig=Testuser, dup acct=
Testuser~8734htkrjhrfkgjhe48)
Any ideas?
| |
| Rich Matheisen [MVP] 2002-11-26, 10:23 pm |
| "Blair Haithcock" <bhaithcock@ofc-wic.com> wrote:
> We have OUs created to represent our orginizational structure. In one
>particular OU, any user created under it, is denied access to OWA. Logging
>into a workstation as that user and going into OWA, the user should
>automaticaly see his email and everything, but not these users.
That sounds positively schizophrenic. This user should see his mail
but not this user? Yikes!
>When they
>try to hit the OWA they are prompted to login. When they try to login, it
>fails.
Okay.
>These users can access their email using Outlook, no problem.
I'd like to think so.
>On
>two different occasions I've seen it where a duplicated user account will
>show up,
Show up where? OWA doesn't create user accounts, nor does Exchange.
>but the second account will have alot of garbage immediately after
>the name, within the name (i.e. orig=Testuser, dup acct=
> Testuser~8734htkrjhrfkgjhe48)[
/color]
And where does this "show up"?
[color=blue]
>Any ideas?
Not a clue. I'm confused by your explanation.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
| |
|
| You're right, my explanation kinda sucks, but the following shows up in
Active Directory Users and Computers. It's only happend twice, but each
time it's been in those particular OU's.
"but the second account will have alot of garbage immediately after
the name, within the name (i.e. orig=Testuser, dup acct=
Testuser~8734htkrjhrfkgjhe48)"
The question is: How mcould some uses be allowed to use the OWA and others
not, when there has been no special priviledges granted or taken away.
Those users are getting:
HTTP/1.1 401 Unauthorized
after their third login attempt. This is the case for any user I created
under this OU, and I know for a fact that there aren't any group policy's
floating around that might prevent their using OWA.
I hope this explains a little better.
"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message
news:mtf8uuckvt9cp70q394edin22
pfbv4fru9@4ax.com...
> "Blair Haithcock" <bhaithcock@ofc-wic.com> wrote:
>
> > We have OUs created to represent our orginizational structure. In one
> >particular OU, any user created under it, is denied access to OWA.
Logging
> >into a workstation as that user and going into OWA, the user should
> >automaticaly see his email and everything, but not these users.
>
> That sounds positively schizophrenic. This user should see his mail
> but not this user? Yikes!
>
> >When they
> >try to hit the OWA they are prompted to login. When they try to login,
it
> >fails.
>
> Okay.
>
> >These users can access their email using Outlook, no problem.
>
> I'd like to think so.
>
> >On
> >two different occasions I've seen it where a duplicated user account will
> >show up,
>
> Show up where? OWA doesn't create user accounts, nor does Exchange.
>
> >but the second account will have alot of garbage immediately after
> >the name, within the name (i.e. orig=Testuser, dup acct=
> > Testuser~8734htkrjhrfkgjhe48)[
/color]
>
> And where does this "show up"?
>[color=green]
> >Any ideas?
>
> Not a clue. I'm confused by your explanation.
>
> --
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
| |
| Rich Matheisen [MVP] 2002-11-27, 10:23 pm |
| "Blair" <bhaithcock@ofc-wic.com> wrote:
>You're right, my explanation kinda sucks, but the following shows up in
>Active Directory Users and Computers. It's only happend twice, but each
>time it's been in those particular OU's.
>
>"but the second account will have alot of garbage immediately after
>the name, within the name (i.e. orig=Testuser, dup acct=
>Testuser~8734htkrjhrfkgjhe48)"
>
>The question is: How mcould some uses be allowed to use the OWA and others
>not, when there has been no special priviledges granted or taken away.
>Those users are getting:
>HTTP/1.1 401 Unauthorized
>after their third login attempt.
This is a failure to authenticate. It's not related to Exchange.
Can you tell if the error is 401.1 (logon), 401.3 (ACL), 401.4
(filter), or 401.5 (ISAPI)?
>This is the case for any user I created
>under this OU, and I know for a fact that there aren't any group policy's
>floating around that might prevent their using OWA.
If the error only happens for users in a specific OU then I'd be
looking at the OU to see what's different.
--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
|
|
|
|
|