Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Error message when you try to log on to Exchange 2007 by using Outlook Web Access: "440 Login Timeout"

Error message when you try to log on to Exchange 2007 by using Outlook Web Access: "440 Login Timeout"

View products that this article applies to.

Symptoms

When you try to log on to Microsoft Exchange Server 2007 or Exchange Server 2010 by using Microsoft Office Outlook Web Access, you receive the following error message:
440 Login Timeout

↑ Back to the top

Cause

This issue occurs if a permissions issue or an authentication issue exists in Internet Information Services (IIS) or in the IIS metabase.

↑ Back to the top

Resolution

To resolve this problem,follow these step for your version of Exchange Server. After each step, determine whether the problem is resolved. If the problem persists, continue to the next step.

Before you begin, we recommend that you run the following command in the Exchange Management shell:
 Get-OwaVirtualDirectory |fl >Owavdir.txt

This provides an output file that can be used as a reference when you re-create the OWA virtual directories
For Exchange Server 2007

Step 1: Delete and then re-create the Outlook Web Access-related virtual directories

To delete the Outlook Web Access-related virtual directories, follow these steps:
  1. Start the Exchange Management Shell.
  2. Type the following commands. Press ENTER after you type each command.
    Note These commands are case-sensitive.
    • Remove-OwaVirtualDirectory "exchange (default web site)"
    • Remove-OwaVirtualDirectory "public (default web site)"
    • Remove-OwaVirtualDirectory "exchweb (default web site)"
    • Remove-OwaVirtualDirectory "owa (default web site)"
To re-create the Outlook Web Access-related virtual directories, type the following commands at the Exchange Management Shell. Press ENTER after you type each command:
  • New-OwaVirtualDirectory "exchange" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Mailboxes -WebSiteName "Default Web Site"
  • New-OwaVirtualDirectory "public" -OwaVersion Exchange2003or2000 -VirtualDirectoryType PublicFolders -WebSiteName "Default Web Site"
  • New-OwaVirtualDirectory "exchweb" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Exchweb -WebSiteName "Default Web Site"
  • New-OwaVirtualDirectory -name "owa" -OwaVersion Exchange2007 -WebSiteName "Default Web Site" �InternalURL https://internalURL/owa -ExternalURL https://externalURL/owa

For Exchange Server 2010

Step 1: Delete and then re-create the Outlook Web Access-related virtual directories

To delete the Outlook Web Access-related virtual directories, follow these steps:
  1. Start the Exchange Management Shell.
  2. Type the following commands. Press ENTER after you type each command.
    Note These commands are case-sensitive
    • Remove-OwaVirtualDirectory �owa (default web site)"
    • Remove-ecpVirtualDirectory "ecp (default web site)"

    To re-create the Outlook Web Access-related virtual directories, type the following commands at the Exchange Management Shell. Press ENTER after you type each command:
    • New-OwaVirtualDirectory -name "owa" -WebSiteName "Default Web Site" �InternalURL https://internalURL/owa -ExternalURL https://externalURL/owa
    • New-EcpVirtualDirectory -name "ECP" -WebSiteName "Default Web Site"

    Note Where the �internalURL� signifies the internal Fully Qualified Domain Name of your Client Access Server (such as CAS1.contoso.com), and the �externalURL� signifies the external URL that your users connect to in order to access OWA (such as mail.consoso.com).

Step 2: Re-synchronize the passwords

Re-synchronize the passwords in the metabase and in the Active Directory directory service for the following accounts:
  • IUSR_ComputerName
  • IWAM_ComputerName
To do this, follow these steps:
  1. Start a command prompt, and then use the cd command to change to the following directory:
    c:\inetpub\adminscripts
  2. Type the following command, and then press ENTER:
    notepad adsutil.vbs
  3. Locate the following code. 
    If (Attribute = True) then
IsSecureProperty = True
Else
IsSecureProperty = False
End If
  4. In this code, change the value for IsSecureProperty from True to False, and then save the changes to the file.

    Important After you follow steps 1 through 4 to re-synchronize the passwords, you must change the first IsSecureProperty value back to True and then save the changes to the file.
  5. At the command prompt, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc1\anonymoususerpass
    Results that resemble the following are returned:
    Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft corporation 1996-2001. All rights reserved.

anonymoususerpass		: (STRING) "HtV9o2w.18)@SY"
    Note You may receive error code -2147024893 when you run this command. This issue occurs if the Anonymoususerpass property is set at the w3svc level for all Web sites and not at the particular Web site level (w3svc1). In this scenario, modify the get command to specify the w3svc level. To do this, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc\anonymoususerpass
  6. Copy the password that is displayed between the quotation marks in the returned results, and then use this password to reset the password for the IUSR_ComputerName account.
  7. At the command prompt, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc1\wamuserpass
    Results that resemble the following are returned:
    Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft corporation 1996-2001. All rights reserved.

wamsuserpass		        : (STRING) "Tl&b9^1n9`7g*9"
    Note If you receive error code -2147024893 when you run this command, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc\wamuserpass
  8. Copy the password that is displayed between the quotation marks in the results, and then use this password to reset the password for the IWAM_ComputerName account.
  9. Follow steps 1 through 3 to view the IsSecureProperty entry in the adsutil.vbs file. Revert the value of the first IsSecureProperty entry to True, and then save the changes to the file.

Step 3: Remove the Anonymoususerpass property from the ROOT container in the metabase

To remove the Anonymoususerpass property from the ROOT container in the metabase, follow these steps:
  1. Start a command prompt, and then use the cd command to change to the following directory:
    c:\inetpub\adminscripts
  2. Type the following command, and then press ENTER:
    cscript adsutil.vbs find w3svc/anonymoususerpass
    Results that resemble the following are returned:
    Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft corporation 1996-2001. All rights reserved.

Property anonymoususerpass found at:
  w3svc
  3. If the Anonymoususerpass property is set at w3svc and at w3svc/1/ROOT, remove the property from the ROOT level. To do this, type the following command, and then press ENTER:
    cscript adsutil.vbs delete w3svc/1/ROOT/anonymoususerpass
  4. Reset IIS. To do this, type iisreset, and then press ENTER.

    Note You may also have to restart the Client Access Server (CAS).

Step 4: Verify that Anonymous authentication is enabled for the controls virtual directory and for the auth virtual directory

Verify that Anonymous authentication is enabled for the controls virtual directory under the owa virtual directory in IIS. Also, verify that Anonymous authentication is enabled for the auth virtual directory under the owa virtual directory in IIS. To do this, follow these steps:
  1. Start the Internet Information Services (IIS) Manager Microsoft Management Console (MMC) snap-in.
  2. Expand the server name, expand Web Sites, expand Default Web Site, and then expand owa.
  3. Under owa, right-click 8.0.685.24, and then click Properties.

    Note The 8.0.685.24 virtual directory may have a different version number for a name. This depends on the version of Exchange 2007 that is installed.
  4. Click the Directory Security tab, and then click Edit under Authentication and access control.
  5. Click to select the Enable Anonymous access check box, and then click to clear all the check boxes under Authenticated access.
  6. Click OK two times.
  7. Under owa, right-click auth, and then click Properties.
  8. Follow steps 4 through 6 to enable anonymous authentication and to disable other authentication methods for the auth virtual directory.

Step 5: Verify the IUSR_ComputerName account properties

If a domain account is used for anonymous access, examine the account properties of the IUSR_ComputerName account to verify that this account is permitted to connect to the CAS server. To do this, follow these steps:

Note To determine the account that is used for anonymous access, follow the steps in "Step 4: Verify that Anonymous authentication is enabled for the controls virtual directory and the Auth virtual directory" to view the contents of the Authentication Methods dialog box.
  1. Start the Active Directory Users and Computers tool.
  2. Locate and right-click the IUSR_ComputerName account, and then click Properties.
  3. Click the Account tab, and then click Log On To.
  4. If the All computers option is selected, click Cancel, and then click OK to exit the IUSR_ComputerName Properties dialog box.
  5. If the The following computers option is selected, follow these steps:
    1. Verify that the CAS server appears in the Computer name list. If the CAS server does not appear in this list, you must add it.
    2. Click OK two times to save the changes and to exit the IUSR_ComputerName Properties dialog box.
    3. Start a command prompt on the CAS server.
    4. Type iisreset /noforce, and then press ENTER.

↑ Back to the top

Keywords: KB941201, kbprb, kbtshoot, kberrmsg

↑ Back to the top

Article Info
Article ID : 941201
Revision : 2
Created on : 1/26/2010
Published on : 1/26/2010
Exists online : False
Views : 374