We are using SBS 2003 and OWA. It has worked in the past but after PCI
complaince we don't seem to be able to logon any longer. We can still see the
interface via the web and we are still presented with a logon page:
Domain\username and also password entry. I have tried every conceivable
variation for more than one user but the screen meerly refreshes and asks for
us to logon once more. Of course the simple answer is to undo the compliance
but that has other issues which are far more risky. I am all service packed
up and have ran the remote wizard on the server, it makes no difference. One
of the changes the compliance forced was changing the registry to only allow
certain levels of SSL.

SBS 2003 *is not* PCI-DSS compliant. You have a choice to make...

-Cliff


"Chris Palmer" <ChrisPalmer@newsgroup> wrote in message
news:4D72C460-6E90-4BB9-8E53-4E2CA4671D2A@newsgroup

> We are using SBS 2003 and OWA. It has worked in the past but after PCI
> complaince we don't seem to be able to logon any longer. We can still see
> the
> interface via the web and we are still presented with a logon page:
> Domain\username and also password entry. I have tried every conceivable
> variation for more than one user but the screen meerly refreshes and asks
> for
> us to logon once more. Of course the simple answer is to undo the
> compliance
> but that has other issues which are far more risky. I am all service
> packed
> up and have ran the remote wizard on the server, it makes no difference.
> One
> of the changes the compliance forced was changing the registry to only
> allow
> certain levels of SSL.

On Fri, 14 May 2010 00:11:01 -0700, Chris Palmer
<ChrisPalmer@newsgroup> wrote:

>We are using SBS 2003 and OWA. It has worked in the past but after PCI
>complaince we don't seem to be able to logon any longer. We can still see the
>interface via the web and we are still presented with a logon page:
>Domain\username and also password entry. I have tried every conceivable
>variation for more than one user but the screen meerly refreshes and asks for
>us to logon once more. Of course the simple answer is to undo the compliance
>but that has other issues which are far more risky. I am all service packed
>up and have ran the remote wizard on the server, it makes no difference. One
>of the changes the compliance forced was changing the registry to only allow
>certain levels of SSL.

It sounds like you removed Anonymous on the default website? IIRC, it
needs that for the initial connection.

If not, what were the IIS changes done to make it compliant?

And as Cliff mentioned, I really didn't think SBS was complicantable
(is that a word?), so it really depends on what was changed. Maybe you
can back that portion out, otherwise, you need to remove everything
that was altered to IIS or to Exchange, for that matter.

Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Hi Chris,

Thanks for your post and Cliff and Ace's suggestions.

In addition, in case you have not tried, please just rerun the CEICW wizard on the SBS server and see if it changes.

Also, I would like to suggest you double check and reset the Exchange OWA virtual directories settings via IIS console and then test OWA again:

Note: if you had already perform the steps in this KB, please confirm again.

Virtual Internet Information Services (IIS) Directories That Are Used by Outlook Web Access in Exchange Server 2003
http://support.microsoft.com/kb/821898/en-us

Default settings of 'Default Website', Virtual Directories under Default Website and Companyweb on a SBS 2003 Server
http://blogs.technet.com/asksbs/arch...03-server.aspx

More information:
How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server
2003
http://support.microsoft.com/kb/883380/en-us


Please have a try. Hope this helps.



Best regards,
Robbin Meng(MSFT)
Microsoft Online Newsgroup Support

==================================================================
Please post your SBS 2008 related questions to the SBS newsgroup on Connect website:
https://connect.microsoft.com/sbs08/...i/default.aspx

Please post your EBS related questions to the EBS newsgroup on Connect website:
https://connect.microsoft.com/ebs08/...i/default.aspx

If you want to use a newsreader other than a web forum to access these newsgroups,
please refer to the following blog to apply NNTP password and configure a newsreader:
http://msmvps.com/blogs/bradley/arch...ewsgroups.aspx
==================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==================================================================