Here is a workaround posted in SBS newsgroup by Chad A Gross [SBS-MVP] http://support.microsoft.com/?id=832749 that aparently fixes the problem.
There is another issue if you have Exchange 2003 + Sharepoint Services 2003 + Windows Server 2003 installed on the same machine. Aparently Kerberos auth protocol gets turned off on IIS. workaround is documented in http://support.microsoft.com/?id=832769 Regards Matjaz Ladava, MCSE, MCSA, MCT, MVP Microsoft MVP - Active Directory [EMAIL PROTECTED], [EMAIL PROTECTED] http://ladava.com ----- Original Message ----- From: "Steve Shaff" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 24, 2003 11:23 PM Subject: [ActiveDir] Microsoft investigates possible Exchange 2003 flaw I thought that the group might be interested in this. The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville, Tenn., provider of investment performance reporting tools found that users logging in to OWA could be logged in to another user's mailbox at random and have full access privileges. http://www.nwfusion.com/news/2003/1121microinves2.html?nl Sincerely, Steve ***************************************** Steve Shaff Active Directory / Exchange Administrator Corillian Corporation (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
