[isapros] Re: Exch permissions Q
- From: "Young, Gerald G" <Gerald.Young@xxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Tue, 18 Jul 2006 08:32:22 -0500
Hmm,
I would have thought one of the DCs would have recorded the attempt in
the Security Event Log since that's a DC-controlled "permission".
Cordially yours,
Jerry G. Young II
MCSE (4.0/W2K)
Atlanta EES Implementation Team Lead
ECNS Microsoft Engineering
Unisys
11493 Sunset Hills Rd.
Reston, VA 20190
Office: 703-579-2727
Cell: 703-625-1468
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Monday, July 17, 2006 9:35 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Exch permissions Q
Actually, Tim seemed rather fabric-stressed when he saw her pre-grad
pictures last year.
Correct -this only affected OWA (internally & externally); she never had
access to RPC/HTTP, but I suspect it would have failed as well, since it
also depends on IIS impersonation.
Since MAPI speaks directly to Exch via RPC, there is no
IIS-pseudo-impersonation weirdosity happening.
The only clue was in the IIS logs themselves; the "401.1" error.
It didn't send me in any particular direction, since this translates to
"invalid credentials (not much help, since she logs on with those same
creds).
Jim Harrison
jim@xxxxxxxxxxxx
www.isatools.org
Sent using Vista Beta 2 and Office 12 Beta 2 (aincha jealous?)
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Monday, July 17, 2006 5:39 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Exch permissions Q
He knows I'm kidding ;)
So Jim-- you've checked that from an account standpoint, all is well
(OWA enabled, account not locked, Exchange profile intact, etc).
Just to make sure I understand: I got that OWA does not work internally
or externally, and that MAPI works, but does Outlook work internally as
expected via RPC? I'm guessing it does (since MAPI works), but would be
nice to verify.
Did you by chance change the NTFS/IIS permissions for the Exchange
virtual server in IIS? If outlook works internally, then it's something
on the IIS side (and not ISA like the good doctor pointed out). You
might want to turn on auditing for the exchange dirs and check your
security logs. Anything in the IIS logs or the Event logs?
t
On 7/17/06 5:05 PM, "Greg Mulholland" <gmulholland@xxxxxxxxxxxx> spoketh
to
all:
> OMFG im suprised that he talks to you at all.!!
>
> ----- Original Message -----
> From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> To: <isapros@xxxxxxxxxxxxx>
> Sent: Tuesday, July 18, 2006 9:53 AM
> Subject: [isapros] Re: Exch permissions Q
>
>
>> Yes, I tested it too, and I can attest that your daughter's box is
>> enabled.
>>
>> T
>>
>>
>>
>> On 7/17/06 4:18 PM, "Jim Harrison" <Jim@xxxxxxxxxxxx> spoketh to all:
>>
>>> That's what I thought I did, but checking Exch permissions, it's
enabled.
>>>
>>>
>>> -------------------------------------------------------
>>> Jim Harrison
>>> MCP(NT4, W2K), A+, Network+, PCG
>>> http://isaserver.org/Jim_Harrison/
>>> http://isatools.org
>>> Read the help / books / articles!
>>> -------------------------------------------------------
>>>
>>>
>>> -----Original Message-----
>>> From: isapros-bounce@xxxxxxxxxxxxx
>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>> On
>>> Behalf Of Thomas W Shinder
>>> Sent: Monday, July 17, 2006 16:11
>>> To: isapros@xxxxxxxxxxxxx
>>> Subject: [isapros] Re: Exch permissions Q
>>>
>>> OK, you might have turned off her account's access to OWA.
>>>
>>> Thomas W Shinder, M.D.
>>> Site: www.isaserver.org
>>> Blog: http://blogs.isaserver.org/shinder/
>>> Book: http://tinyurl.com/3xqb7
>>> MVP -- ISA Firewalls
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>>>> Sent: Monday, July 17, 2006 6:10 PM
>>>> To: isapros@xxxxxxxxxxxxx
>>>> Subject: [isapros] Re: Exch permissions Q
>>>>
>>>> No; doesn't work from in or out, but MAPI works fine.
>>>>
>>>>
>>>> -------------------------------------------------------
>>>> Jim Harrison
>>>> MCP(NT4, W2K), A+, Network+, PCG
>>>> http://isaserver.org/Jim_Harrison/
>>>> http://isatools.org
>>>> Read the help / books / articles!
>>>> -------------------------------------------------------
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat
>>>> Sent: Monday, July 17, 2006 15:58
>>>> To: isapros@xxxxxxxxxxxxx
>>>> Subject: [isapros] Re: Exch permissions Q
>>>>
>>>> She can log in from outlook internally?..did you disable her
mailbox?
>>>>
>>>> S
>>>>
>>>> -----Original Message-----
>>>> From: isapros-bounce@xxxxxxxxxxxxx
>>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>>>> Sent: Monday, July 17, 2006 7:06 PM
>>>> To: isapros@xxxxxxxxxxxxx
>>>> Subject: [isapros] Exch permissions Q
>>>>
>>>> My turn to ask...
>>>>
>>>> I disabled my daughter's OWA access while she was in school because
>>>> the raging dumba$$3$ in your school let the kids veg on the
>>>> Internet all freakin' day (different issue).
>>>> Now that she's actually gradumatated, I want to re-enable it, but I
>>>> can't make it work.
>>>> Of course, I don't know what I did, yasilly; or else I wouldn't be
>>>> asking.
>>>> ISA policies allow her to log in, but the OWA page keeps
>>>> regurgitating "401.1".
>>>> 401.1 is supposed to be "invalid credentials", but I know the
>>>> username/password are correct.
>>>>
>>>> I've checked her Exch permissions, and they seem fine (same as mine
>>>> for her mailbox).
>>>>
>>>> -------------------------------------------------------
>>>> Jim Harrison
>>>> MCP(NT4, W2K), A+, Network+, PCG
>>>> http://isaserver.org/Jim_Harrison/
>>>> http://isatools.org
>>>> Read the help / books / articles!
>>>> -------------------------------------------------------
>>>>
>>>>
>>>> All mail to and from this domain is GFI-scanned.
>>>>
>>>>
>>>>
>>>> All mail to and from this domain is GFI-scanned.
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> All mail to and from this domain is GFI-scanned.
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>
>
>
All mail to and from this domain is GFI-scanned.
Other related posts:
