PSS ID Number: 320089
Article Last Modified on 9/19/2003
The information in this article applies to:
- Microsoft Exchange 2000 Server
- Microsoft Exchange 2000 Enterprise Server
- Microsoft Exchange Server 5.5
- Microsoft Exchange Server 5.5 SP1
- Microsoft Exchange Server 5.5 SP2
- Microsoft Exchange Server 5.5 SP3
- Microsoft Exchange Server 5.5 SP4
This article was previously published under Q320089
SYMPTOMS
If you try to open messages that include certain characters in the Subject box while you are using Microsoft Outlook Web Access (OWA), you receive the following error message in your browser:
CAUSE
This behavior occurs because you have installed the URLScan utility on the Web server where OWA is installed, and you have not changed the default settings.
RESOLUTION
To resolve this behavior, modify the Urlscan.ini file to allow certain Uniform Resource Locator (URL) sequences. To do this:
- Locate the following path, and then open the Urlscan folder:
Winnt\System32\Inetsrv
- Open the Urlscan.ini file in Notepad.
- Remove or preface the lines in the [DenyURLSequences] section with a semi-colon.
If you experience additional issues when you try OWA requests with Urlscan turned on (enabled), check the Urlscan.log file for the list of requests that are being rejected. The default location of the Urlscan.log file is:
WinDir
\System32\Inetsrv\Urlscan
MORE INFORMATION
By default, the URLScan utility blocks access to messages that contain the following characters in the Subject box for the following reasons:
.. ; Does not allow directory traversals ./ ; Does not allow trailing dot on a directory name \ ; Does not allow backslashes in URL : ; Does not allow alternate stream access % ; Does not allow escaping after normalization & ; Does not allow multiple CGI processes to run on a single request
Note If you change " .." to " ../", requests are protected from the traversal and e-mail messages that have ellipsis (...) in the subject are allowed. For additional information about the URLScan utility, click the article number below to view the article in the Microsoft Knowledge Base:
309508 XCCC: IIS Lockdown and URLscan Configurations in an Exchange Environment
Additional query words: urlscan owa attachment
Keywords: kberrmsg kbprb KB320089
Technology: kbExchange2000EntServ kbExchange2000Search kbExchange2000Serv kbExchange2000ServSearch kbExchange550 kbExchange550SP1 kbExchange550SP2 kbExchange550SP3 kbExchange550SP4 kbExchangeSearch kbZNotKeyword2