PFDAVAdmin 401 Error
Hi,I've got a exchange 2007 sp1 mailbox server on server 2008 x64. I have my administrative account set to have full access. When I launch PFDAVAdmin I can connected and get a mailbox list fine but for every mailbox I get a 401 unauthorized error. Even from that users own mailbox. I checked that integrated auth and basic auth are enabled on the webdav tab. If I maually type in http://<server fqdn>/exadmin I also get teh 401 error.Any thoughts?
July 21st, 2009 12:20am
Hi,
Please let me know where you run the PFDavAdmin tool. I suggest you run the PFDavAdmin tool on Exchange 2007 Mailbox Server directly to troubleshoot the issue.
If the issue persists, please check the IIS log and post related error here.
Mike
Free Windows Admin Tool Kit Click here and download it now
July 21st, 2009 12:57pm
I tried running the tool from ther server adn get the same error. here is the line from the w3svc logs:2009-07-21 13:30:59 10.10.2.25 SEARCH /exadmin/admin/SZD.COM/mbx/<alias>@szd.com/non_ipm_subtree/ - 80 - 192.168.0.78 Exchange+Admin 401 2 5 0This is the line from me trying again from my workstation. The errors are the same except for the ip.
July 21st, 2009 4:34pm
Hi,
Thanks for your response.
I would like to explain that the 401.2 means Authentication was not attempted because the server and client could not agree on an authentication protocol.
For your reference:
The HTTP status codes in IIS 7.0
http://support.microsoft.com/kb/943891/en-us
Therefore, I suggest you attempt following steps to troubleshoot the issue:
1. Please run IIS Admin to check whether the Basic and Integrated authentication has been enabled on the ExAdmin virtual directory on Mailbox Server. For your reference:
Default settings for Exchange-related virtual directories in Exchange Server 2007http://msexchangeteam.com/archive/2008/02/01/447989.aspx2. Please refer to ollowing article to troubleshoot 401.2 problem:
Error message when you try to visit a Web page that is hosted on IIS 7.0: "HTTP Error 401.2 - Unauthorized"
http://support.microsoft.com/kb/942043/en-us
3. If the issue persists, you can also consider recreate exadmin virtual directory:
Remove-OWAVirtualDirectory -Identity "Exadmin (Default Web Site)" -Confirm:$false
New-OWAVirtualDirectory -WebsiteName "Default Web Site" -OwaVersion "Exchange2003or2000" -VirtualDirectoryType "Exadmin"
After that, please reset IIS on the Mailbox Server and check the result.
Mike
Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2009 5:34am
In addition, would you please more detailed log information here for further research? Based on my local test, I would like to explain that the following log may be a normal behavior.
2009-07-21 13:30:59 10.10.2.25 SEARCH /exadmin/admin/SZD.COM/mbx/<alias>@szd.com/non_ipm_subtree/ - 80 - 192.168.0.78 Exchange+Admin 401 2 5 0
I would like to explain that the PFDavAdmin tool will firstly attempt to use Anonymous Account. As the Anonymous is not enabled on the ExAdmin Virtual Directory, the IIS will return a 401.2 status that tells the client is unauthorized. Following is an example log which I gathered on my lab:
2009-07-22 04:01:07 10.0.0.3 SEARCH /exadmin/admin/XIU.COM/mbx/Allen@xiu.com/non_ipm_subtree/ - 443 - 10.0.0.3 Exchange+Admin 401 2 5 0
2009-07-22 04:01:07 10.0.0.3 SEARCH /exadmin/admin/XIU.COM/mbx/Allen@xiu.com/non_ipm_subtree/ - 443 XIU\Administrator 10.0.0.3 Exchange+Admin 207 0 0 15
You can also refer to following article for authentication process:
IIS logging for Windows Integrated authentication
http://support.microsoft.com/kb/969060/en-us
Mike
July 22nd, 2009 9:00am
Hi, Any update regarding the issue?Mike
Free Windows Admin Tool Kit Click here and download it now
July 24th, 2009 11:12am
Hi sorry for the slow response, couple of days off along wiht a couple of fires to put out. I read through all of your articles and found that I did not ahve several authentication types even install on my stand alone mailbox role server. So I installed those. I tried again and was met wiht the same results. I installed some more web server role features like asp.net, asp etc, thinking that I was lacking the necessary modules for the program to work.After all of this I was wondering why I was not seeing pfdavadmin trying to authenticate a second teim like your logs show. I was only getting a single attempt as anonmyous and it never tried again wiht my credentials. I had tried before unchecking the use currently logged in user to authenticate and got the same error but this time when I unchecked the box and manually entered my password I was able to view mailboxes and edit permissions. While this is odd behavior and I am not sure why, the real need is just for the tool to work for propigating permissions.
July 29th, 2009 6:05pm
Install .Net framework 1.1 on Exchange 2007 on which you are getting the error message.
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2009 11:23pm
Install .Net framework 1.1 on Exchange 2007 on which you are getting the error message.
Welcome on TechNet forum Dominic... :)Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
August 29th, 2009 1:33pm
I ran PFDAVadmin form my XP 32bit VM with Net 1.1 and it worked fine.
It didn't work from my windows 7 x64 machine.
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2011 5:27am