Sometimes a strange situation crops up in which a user can access his Exchange 2003 email from an Outlook client without trouble, but can’t successfully log into Outlook Web Access. You will get the standard, “You could not be logged on to Outlook Web Access” error message.
Chances are this user recently had a password change, or maybe the users account was deleted and then recreated again. But you’ve checked everything: the password, the OWA feature turned on for that user, the ability to log on with other user accounts, the temporary internet files cache, IISRESET. But nothing works–no matter which workstation you use to access OWA, you can’t log on as that user.
If you really press on and actually reboot the server, you find that the problem is resolved, but you are left uneasy. What actually happened, and why did it take a server reboot to fix it? Very unsatisfactory.
The problem is actually related to how IIS caches credentials when it uses Forms Based Authentication. If you change a user password or delete and recreate a user account, sometimes IIS has a different SID/password cached for that user and any attempts to authenticate will fail until that cache is emptied. An IISRESET will not resolve the problem, but a reboot will.
But there’s another way to resolve this without a reboot.
1. Open up the Exchange System Manager and drill down into the Server section and down into Protocols.
2. Open the HTTP folder and get properties on Exchange Virtual Server.
3. Go into the Settings tab and uncheck the Enable Forms Based Authentication checkbox. Apply it.
4. Go to the command-line and do an IISRESET.
5. Now go and recheck the Enable Forms Based Authentication checkbox.
That’s it. You should be able to log into OWA with that user now.