Microsoft KB Archive/320089

From BetaArchive Wiki
Knowledge Base


XCCC: The URLScan Utility Does Not Allow You to Open Messages in OWA

PSS ID Number: 320089

Article Last Modified on 9/19/2003


The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Exchange Server 5.5
  • Microsoft Exchange Server 5.5 SP1
  • Microsoft Exchange Server 5.5 SP2
  • Microsoft Exchange Server 5.5 SP3
  • Microsoft Exchange Server 5.5 SP4


This article was previously published under Q320089

SYMPTOMS

If you try to open messages that include certain characters in the Subject box while you are using Microsoft Outlook Web Access (OWA), you receive the following error message in your browser:

The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.


Please try the following:
- If you typed the page address in the Address bar, make sure that it is spelled correctly.
- Open the <server> home page, and then look for links to the information you want.
- Click the Back button to try another link.

HTTP 404 - File not found
Internet Information Services

CAUSE

This behavior occurs because you have installed the URLScan utility on the Web server where OWA is installed, and you have not changed the default settings.

RESOLUTION

To resolve this behavior, modify the Urlscan.ini file to allow certain Uniform Resource Locator (URL) sequences. To do this:

  1. Locate the following path, and then open the Urlscan folder:

    Winnt\System32\Inetsrv

  2. Open the Urlscan.ini file in Notepad.
  3. Remove or preface the lines in the [DenyURLSequences] section with a semi-colon.

If you experience additional issues when you try OWA requests with Urlscan turned on (enabled), check the Urlscan.log file for the list of requests that are being rejected. The default location of the Urlscan.log file is:

WinDir\System32\Inetsrv\Urlscan


MORE INFORMATION

By default, the URLScan utility blocks access to messages that contain the following characters in the Subject box for the following reasons: 

   ..  ; Does not allow directory traversals
   ./  ; Does not allow trailing dot on a directory name
   \   ; Does not allow backslashes in URL
   :   ; Does not allow alternate stream access
   %   ; Does not allow escaping after normalization
   &   ; Does not allow multiple CGI processes to run on a single request



Note If you change " .." to " ../", requests are protected from the traversal and e-mail messages that have ellipsis (...) in the subject are allowed. For additional information about the URLScan utility, click the article number below to view the article in the Microsoft Knowledge Base:

309508 XCCC: IIS Lockdown and URLscan Configurations in an Exchange Environment



Additional query words: urlscan owa attachment

Keywords: kberrmsg kbprb KB320089
Technology: kbExchange2000EntServ kbExchange2000Search kbExchange2000Serv kbExchange2000ServSearch kbExchange550 kbExchange550SP1 kbExchange550SP2 kbExchange550SP3 kbExchange550SP4 kbExchangeSearch kbZNotKeyword2



Send feedback to Microsoft

© 2004 Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/320089&oldid=380738
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki