Microsoft KB Archive/173470

= How to troubleshoot a "Failed to get Inbox" error message in Exchange Server 5.5 and OWA 5.5 =

Article ID: 173470

Article Last Modified on 10/28/2006

-

APPLIES TO


 * Microsoft Exchange Server 5.5 Service Pack 4
 * Microsoft Exchange Server 5.5 Standard Edition
 * Microsoft Exchange Server 5.5 Service Pack 1
 * Microsoft Exchange Server 5.5 Service Pack 2
 * Microsoft Exchange Server 5.5 Service Pack 3

-



This article was previously published under Q173470





SUMMARY
This article discusses how to troubleshoot the following error messages that you may receive when you try to access your mailbox by using Microsoft Outlook Web Access (OWA):

Error Message 1

Failed to get Inbox

Error Message 2

Error: Access is denied

Error Message 3

OWA was unable to get to your inbox

Error Message 4

HTTP/1.0 401 Unauthorized

To troubleshoot this problem, follow these steps:  Confirm that the mailbox name does not include any spaces. If the name of the mailbox includes a space, rename the mailbox without a space.

Note You can use an underscore character in the mailbox name. Confirm that the user is trying to log on to the Exchange server where his or her mailbox resides. If the user is trying to log on to an Exchange server that is not the server where his or her mailbox resides, make sure that the user waits a sufficient time for directory replication to occur before the user logs on. Confirm that the user is not bypassing the authenticated domain logon by pressing the ESC key. When the user is prompted for credentials, he or she must enter the username in the Log On dialog box in the following format:

\

 Determine whether you are experiencing an issue with ambiguous name resolution.

For additional information about ambiguous name resolution, click the following article number to view the article in the Microsoft Knowledge Base:

198444 You cannot log on to OWA because of ambiguous mailbox names

 Confirm that the correct permissions and rights have been set.

For additional information about the permissions and rights required for OWA, click the following article number to view the article in the Microsoft Knowledge Base:

175892 XWEB: Permissions required for Outlook Web Access

If the user receives an error message even though the correct permissions and rights are set and Exchange is installed on an NTFS file system partition, share the Webdata folder and the Webtemp folder with the same names, and then give the Everyone group Full Control permissions on both directories. Determine whether the user has logged on to OWA, logged off, and then logged on to OWA again as a different user. The error messages that are mentioned in the "Summary" section occur in this scenario because the browser caches the original logon credentials. If the user has logged on, logged off, and then logged on as a different user, clear the cache by restarting the browser. Determine whether the Mapisvc.inf file has been modified or is missing. The Mapisvc.inf file is located in the Winnt\System32 folder. If the Mapisvc.inf file has been modified or is missing, replace the Mapisvc.inf file with an unmodified copy of the original file or add the following sections to the file:

[EMS_MDB_private]

PR_PROVIDER_DLL_NAME=EMSMDB.DLL

PR_RESOURCE_TYPE=MAPI_STORE_PROVIDER

PR_RESOURCE_FLAGS=STATUS_PRIMARY_IDENTITY|STATUS_DEFAULT_STORE|STATUS_PRIMARY_STORE

66090003=0C000000

660A0003=01000000

34140102=5494A1C0297F101BA58708002B2A2517

PR_DISPLAY_NAME=Private Folders

PR_PROVIDER_DISPLAY=Microsoft Exchange Message Store

[EMS_DSA]

PR_DISPLAY_NAME=Microsoft Exchange Directory Service

PR_PROVIDER_DISPLAY=Microsoft Exchange Directory Service

PR_PROVIDER_DLL_NAME=EMSABP.DLL

PR_RESOURCE_TYPE=MAPI_AB_PROVIDER</li> Determine whether the authentication on the Exchange virtual directory in Microsoft Internet Information Services (IIS) on the Exchange computer or on the OWA Web server is set to use NTLM authentication (formerly known as Windows NT Challenge/Response). NTLM does not support multiple hops between computers. Use only basic authentication (Base64 encoded clear text). With basic authentication, users are prompted for user credentials every time that they log on to a mailbox by using a Web browser. For extra protection, use basic authentication over a connection that uses Secure Sockets Layer (SSL).

Users receive the errors that are mentioned in the "Summary" section if authentication is set to NTLM in one of the following scenarios: <ul> Exchange and the OWA component are installed on separate computers.</li> OWA is running on an Exchange server, and you log on to OWA by using credentials that are different from the credentials that you first entered to log on to the network.</li></ul> </li> If the user or users who cannot log on to OWA reside in a different domain than the Exchange server or the OWA Web server, confirm that there is a two-way trust between the domains. Users in the remote domain must also be granted 'Log on locally' permissions and 'Access this computer from the network' permissions on the Exchange server or the OWA Web server by following these steps: <ol style="list-style-type: lower-alpha;"> In the remote domain, create a global group and add all the users in that domain who will use OWA.</li> In the local domain, create a local group on the Exchange server or on the OWA Web server.</li> Add the global group from the remote domain to the local group in the local domain.</li> Assign the new local group 'Log on locally' permissions and 'Access this computer from the network' permissions.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

236811 XWEB: How to set up OWA for specific users

</li></ol> </li> If you log on to OWA through a proxy server that is in a different domain than the Exchange server or the OWA Web server, a minimum of a one-way trust must exist between the two domains, where the domain of the proxy server trusts the users in the domain of the Exchange server or the OWA Web server. If this trust relationship does not exist, create the relationship. You must configure the domain of the proxy server as the trusting domain and the domain of the Exchange server as the trusted domain.

Additionally, the users from the domain of the Exchange server or the OWA Web server must have 'Log on locally' permissions and 'Access this computer from the network' permissions on the proxy server. To grant these permissions, follow these steps: <ol style="list-style-type: lower-alpha;"> Create a global group in the domain of the Exchange computer, and then add all the OWA users to the global group.</li> Create a local group in the domain of the proxy server, on the proxy server.</li> Add the global group from the domain of the Exchange server to the local group in the domain of the proxy server.</li> On the proxy server, assign the new local group 'Log on locally' permissions and 'Access this computer from the network' permissions.</li></ol>

Note If you log on to OWA through a proxy server, authentication on the Exchange virtual directory in Microsoft Internet Information Services (IIS) on the Exchange server or on the OWA Web server must be set to basic authentication, because Windows NT Challenge/Response (NTLM) does not support multiple hops between computers.</li> The error messages that are mentioned in the "Summary" section may occur if the Exchange Server computer that OWA is using for directory services is either not running or the directory on that server has inaccurate information. You may be able to resolve this issue by pointing the OWA server to another Exchange Server computer. To determine which Exchange Server computer hosts the mailbox that OWA is trying to access, OWA 5.5 uses the Exchange server that is listed in the following registry key:

For additional information about how to change the Exchange Server computer that OWA uses, click the following article number to view the article in the Microsoft Knowledge Base:

243841 XCLN: How to change the organization, site, or Exchange Server computer for OWA

</li> If all these procedures are not successful and you are logging on from a computer that is running Microsoft Windows 95, try to log on with the same user credentials from Internet Explorer on another computer. If the same user can log on from another computer, the user's password file on the original computer may be corrupted. Delete the Username.pwl file on the computer that the user cannot log on to, log off, and then log back on to the same computer. The Username.pwl file is re-created when the user logs on, and the issue is resolved.

Note If you are using a personal certificate, you must export it before you rename your .pwl file. If you do not export the personal certificate, it may be unavailable when you send e-mail.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

190296 Unable to use personal certificates in Outlook Express

</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
When you use OWA in an Internet browser client to access an Exchange server, you cannot open multiple browser windows to view multiple mailboxes at the same time. If you try to do this, you may receive the following error message:

Failed to get Inbox

This behavior is by design.

If none of the procedures in this article resolve the issue, you may have to remove and then reinstall OWA.

For additional information about how to remove and reinstall OWA, click the following article number to view the article in the Microsoft Knowledge Base:

290287 How to completely remove and re-install OWA

Additional query words: XWEB exfaqclnt exclnfaq owa

Keywords: kbinfo kbusage KB173470

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.