As I mentioned in my earlier post today, I migrated my server here at home this weekend. Well, once the new server was online, the only hiccup I discovered was that I couln’t access OWA. I kept getting this bloody ‘440 Authentication Timeout’ page in IE. And I would get it instantly, so there was no way it was actually timing out. A quick google on this error returned a half dozen pages of threads, with no resolutions. As a result, I figured I’d better blog this for future reference . . .
The root cause of this is the IUSR_<servername> and IWAM_<servername> accounts’ passwords being out of sync (between AD & IIS). Here’s the steps necessary to fix this. (And make sure to verify that neither of these accounts are locked out in AD! I missed that the first time around and spent an extra hour and a half trying to figure out why it wasn’t working! :^)
1) Open AD Users & Computers. Expand the Users OU, right-click on the IUSR_<servername> account and select ‘Reset password’ Reset the password to anything you want (however, it can’t be blank).
2) Open this User Account’s properties and verify that the account is not locked out :^) Also, make sure that ‘Password never expires’ and ‘User cannot change password’ are selected.
3) Repeat steps 1 & 2 for the IWAM_<servername> account. Close AD Users & Computers.
4) Open Internet Information Services (Start | Administrative Tools)
5) Expand <servername> | Web Sites
6) Right-click on ‘Default Web Site’ and select Properties.
7) Go to the ‘Directory Security’ tab and click the Edit button under ‘Authentication & Access Control’
8) Enter the new password for the IUSR_<servername> account and click OK.
9) Enter the password again to confirm and click OK.
10) Click OK.
11) Open a command prompt and enter iisreset
12) At the command prompt, enter the following commands:
adsutil SET w3svc/WAMUserPass <password> (Where <password> = the password you entered for the IWAM_<servername> account in AD Users & Computers)
c:\windows\system32\cscript.exe “c:\inetpub\adminscripts\synciwam.vbs” -v
Voila! That should fix you right up . . . :^)