OWA problem please help !

[DavrosDalek]

Hi
I have what would appear to be a permissions problem with OWA in Exchange 2000. I ran the iis lockdown tool ages ago. SInce then i've had no end of problems. Basicaly OWA works perfectly except when logging off. When i log off i get a HTTP 500 Internal server error. The page can not be displayed. I can't seem to figure out where the permissions are knackered.

Can anybody help ?

PS i can't roll back using the iis lockdown tool either :-(

Cheers

Craig

 

[quell]

Did you pick the right template when you installed the IIS lockdown tool? This is just a shot in the dark but what are your NTFS permissions on the exchweb/bin/USA/logoff.asp file? On mine web annony and web apps are deny write with everyone at full control. Also what error do you get when you try and run the lockdown tool again?

 

[DavrosDalek]

Hi

The NTFS permissions are the same as yours. Here is my logfile showing the errors. I ran the exchange 2000 OWA template in the lockdown tool... The errors are at the end of the log and i have set them to be Bold

Changes service msftpsvc startup type from Automatic to Disabled.
Backed up metabase
Locked idq.dll
Disabled Internet Printing
Installed URLScan
Removed script map: .htw, C:\WINNT\System32\webhits.dll
Removed script map: .ida, C:\WINNT\System32\idq.dll
Removed script map: .idq, C:\WINNT\System32\idq.dll
Removed script map: .idc, C:\WINNT\System32\inetsrv\httpodbc.dll
Removed script map: .shtm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .shtml, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .stm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .printer, C:\WINNT\System32\msw3prt.dll
Removed script map: .htw, C:\WINNT\System32\webhits.dll
Removed script map: .ida, C:\WINNT\System32\idq.dll
Removed script map: .idq, C:\WINNT\System32\idq.dll
Removed script map: .idc, C:\WINNT\System32\inetsrv\httpodbc.dll
Removed script map: .shtm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .shtml, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .stm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .printer, C:\WINNT\System32\msw3prt.dll
Removed script map: .htw, C:\WINNT\System32\webhits.dll
Removed script map: .ida, C:\WINNT\System32\idq.dll
Removed script map: .idq, C:\WINNT\System32\idq.dll
Removed script map: .idc, C:\WINNT\System32\inetsrv\httpodbc.dll
Removed script map: .shtm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .shtml, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .stm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .printer, C:\WINNT\System32\msw3prt.dll
Removed script map: .htw, C:\WINNT\System32\webhits.dll
Removed script map: .ida, C:\WINNT\System32\idq.dll
Removed script map: .idq, C:\WINNT\System32\idq.dll
Removed script map: .idc, C:\WINNT\System32\inetsrv\httpodbc.dll
Removed script map: .shtm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .shtml, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .stm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .printer, C:\WINNT\System32\msw3prt.dll
Removed script map: .htw, C:\WINNT\System32\webhits.dll
Removed script map: .ida, C:\WINNT\System32\idq.dll
Removed script map: .idq, C:\WINNT\System32\idq.dll
Removed script map: .idc, C:\WINNT\System32\inetsrv\httpodbc.dll
Removed script map: .shtm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .shtml, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .stm, C:\WINNT\System32\inetsrv\ssinc.dll
Removed script map: .printer, C:\WINNT\System32\msw3prt.dll
Removed printer virtual dir (/LM/W3SVC/1/ROOT/Printers)
Removed samples (/LM/W3SVC/1/ROOT/IISSamples)
Removed MSADC virtual dir (/LM/W3SVC/1/ROOT/MSADC)
Removed scripts virtual dir (/LM/W3SVC/1/ROOT/Scripts)
Removed IISAdmin virtual dir (/LM/W3SVC/1/ROOT/IISAdmin)
Removed IISAdmin web site (/LM/W3SVC/2)
Removed IISAdmin virtual dir (/LM/W3SVC/1/ROOT/IISHelp)
Set Deny All ACE for anonymous web users on system utilities under C:\WINNT
Set Deny Write ACE for anonymous web users under D:\Program Files\Trend\PCCSRV\Web
Set Deny Write ACE for anonymous web users under C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\isapi
Set Deny Write ACE for anonymous web users under E:\Program Files\Exchsrvr\ExchWeb
Set Deny Write ACE for anonymous web users under M:\MYDOMAIN.COM\Public Folders
Warning: Unable to secure content (M:\MYDOMAIN.COM\Public Folders): Access is denied.
Warning: Unable to secure content (M:\MYDOMAIN.COM\Public Folders\Internet Newsgroups): Access is denied.
Set Deny Write ACE for anonymous web users under M:\MYDOMAIN.COM\MBX
Unable to set ACLs on web content files: The network request is not supported.
Can not ACL content that is not on a local NTFS drive. (\\.\BackOfficeStorage)
Lockdown finished.
Details have been written to the log that is used for undoing the changes (oblt-log.log). Note: modifying or erasing oblt-log.log will prevent the tool from being able to successfully undo the results of this lockdown.