Microsoft KB Archive/320089

= XCCC: The URLScan Utility Does Not Allow You to Open Messages in OWA =

PSS ID Number: 320089

Article Last Modified on 9/19/2003

-

The information in this article applies to:


 * Microsoft Exchange 2000 Server
 * Microsoft Exchange 2000 Enterprise Server
 * Microsoft Exchange Server 5.5
 * Microsoft Exchange Server 5.5 SP1
 * Microsoft Exchange Server 5.5 SP2
 * Microsoft Exchange Server 5.5 SP3
 * Microsoft Exchange Server 5.5 SP4

-



This article was previously published under Q320089



SYMPTOMS
If you try to open messages that include certain characters in the Subject box while you are using Microsoft Outlook Web Access (OWA), you receive the following error message in your browser:

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.

Please try the following:

- If you typed the page address in the Address bar, make sure that it is spelled correctly.

- Open the home page, and then look for links to the information you want.

- Click the Back button to try another link.

HTTP 404 - File not found

Internet Information Services



CAUSE
This behavior occurs because you have installed the URLScan utility on the Web server where OWA is installed, and you have not changed the default settings.



RESOLUTION
To resolve this behavior, modify the Urlscan.ini file to allow certain Uniform Resource Locator (URL) sequences. To do this:  Locate the following path, and then open the Urlscan folder:

Winnt\System32\Inetsrv

 Open the Urlscan.ini file in Notepad. Remove or preface the lines in the [DenyURLSequences] section with a semi-colon.

If you experience additional issues when you try OWA requests with Urlscan turned on (enabled), check the Urlscan.log file for the list of requests that are being rejected. The default location of the Urlscan.log file is:

\System32\Inetsrv\Urlscan



MORE INFORMATION
By default, the URLScan utility blocks access to messages that contain the following characters in the Subject box for the following reasons:   .. ; Does not allow directory traversals ./ ; Does not allow trailing dot on a directory name \  ; Does not allow backslashes in URL :  ; Does not allow alternate stream access %  ; Does not allow escaping after normalization &  ; Does not allow multiple CGI processes to run on a single request

Note If you change &quot; ..&quot; to &quot; ../&quot;, requests are protected from the traversal and e-mail messages that have ellipsis (...) in the subject are allowed. For additional information about the URLScan utility, click the article number below to view the article in the Microsoft Knowledge Base:

309508 XCCC: IIS Lockdown and URLscan Configurations in an Exchange Environment

Additional query words: urlscan owa attachment

Keywords: kberrmsg kbprb KB320089

Technology: kbExchange2000EntServ kbExchange2000Search kbExchange2000Serv kbExchange2000ServSearch kbExchange550 kbExchange550SP1 kbExchange550SP2 kbExchange550SP3 kbExchange550SP4 kbExchangeSearch kbZNotKeyword2

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.