Yeah by the time I got to your third bullet point I was thinking "reimage!". It fixes all!
On Thu, May 8, 2014 at 6:52 PM, Michael B. Smith <[email protected]>wrote: > Very thorough. I have to admit - you spent far more time on it than I > would have. After about 15 minutes, I would've reimaged. J > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Miller Bonnie L. > *Sent:* Thursday, May 8, 2014 1:13 PM > > *To:* [email protected] > *Subject:* RE: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > Quick follow up--I spent a while on the machine this morning. My test > account (which had never logged on there) immediately had the same > problem. I did a lot of stuff with no fix: > > > > -Event logs mostly ok (normal stuff) > > -AV working, updated, scan ok > > -sfc /scannow no issues > > -Chkdsk no issues > > -Windows updates, no changes > > -path variable ok > > -imaged in spring 2012 (we had a bad image issue from 2011) > > -Reset IE to defaults > > -Logged on as an admin and tried to access the test mailbox that way > > -Manually toggled various IE zone settings to low > > -Made sure Excel 2010 was running correctly > > -Verified file association for *.xlsb > > -Scoured through the hard drive, programs, services, registry, etc, > looking for signs of crumware (nothing obvious) > > > > Then, I deleted the GPP History cache from > c:\programdata\microsoft\grouppolicy\history and reran gpupdate /force. It > wanted me to log off/on, but I didn't. Suddenly at this next logon of OWA, > the *.xlsb file was accessible. Interesting, this reapplies our default IE > 10 preferences, among other things. > > > > Restarted the machine, logged back on the test account, problem is back. > > Cleared GPP history again, problem goes away. > > Checked which DC the machine was getting info from, verified no > replication/policy issues that I can see (maybe one is out of sync, > applying an outdated gpp). Ran repadmin /syncall with no errors. > > Logged off/on, problem still gone. > > Restart, problem comes back. > > > > Domain policies that SHOULD apply to this machine are *identical* to > working machines in her area. I'm pretty convinced this computer has > something on it that we can't easily see, so we're getting a loaner and the > tech is going to reimage it. Will send the IP to our network admin to see > if it's been trying to "phone home" out our firewall for anything (should > be blocked but those are logged). > > > > -Bonnie > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Miller Bonnie L. > *Sent:* Wednesday, May 07, 2014 12:43 PM > *To:* [email protected] > *Subject:* RE: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > That's what I'm worried about--our staff and students are not admins on > their machines, and she isn't the type to go installing thigns, but > malware/grayware find ways to get in sometimes. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Michael B. Smith > *Sent:* Wednesday, May 07, 2014 12:38 PM > *To:* [email protected] > *Subject:* RE: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > No. it doesn't sound server-side to me, at all. > > > > If EP is configured properly on her workstation, then I don't know. But I > SUSPECT she has a rogue installation of something. J > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Miller Bonnie L. > *Sent:* Wednesday, May 7, 2014 3:30 PM > *To:* [email protected] > *Subject:* RE: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > If you mean on the client, I'll check that tomorrow when I get the > machine--We have SCEP, but I've not seen anything like this (yet). > > > > Just curious, but if she hadn't tested yet from another machine, would you > see a reason to try disabling AV/malware filtering on the server if it's > just the one person's mailbox not working in the same database as working > mailboxes, same e-mail sent to both? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Michael B. Smith > *Sent:* Wednesday, May 07, 2014 11:19 AM > *To:* [email protected] > *Subject:* RE: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > What about AV? > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Miller Bonnie L. > *Sent:* Wednesday, May 7, 2014 2:10 PM > *To:* [email protected] > *Subject:* RE: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > No problems with my test account on the same server and DB from here, and > there is only one Malware filter defined, so it should now be using the > same one that she has. Honestly, it feels more like a public/private > computer issue as the malware filter is actually set to delete infected > messages, and this is just blocking from opening (but not under my admin > account from here)--nothing is removed. > > > > Unless there are additional ideas, I'll probably have to wait until I can > have more time with her machine/account. > > > > Thanks, > > Bonnie > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Miller Bonnie L. > *Sent:* Wednesday, May 07, 2014 10:53 AM > *To:* [email protected] > *Subject:* RE: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > Sorry--I didn't mention this is two servers in a DAG, all roles, with > Barracuda hardware LBs in front. > > > > I hadn't checked that--can see her mailbox database is on the other > server. I'm moving my test account to her DB right now to try. > > > > Still haven't heard back from her just yet to check some other things. > She's a librarian, so pretty busy during the school day, and the > workstation is also used for checking out books (hence the OWA logon as she > needs it). > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *ccollins9 > *Sent:* Wednesday, May 07, 2014 10:09 AM > *To:* [email protected] > *Subject:* Re: [Exchange] OWA Cannot download attachments - This content > is blocked > > > > Are your test account and the user account on the same mailbox server and > database? Just for S&G, have you tried temporarily disabling the built-in > Exchange malware detection and tried it? This is a per-server setting on > Mailbox servers. > > > > On Wed, May 7, 2014 at 12:59 PM, Miller Bonnie L. < > [email protected]> wrote: > > Exchange 2013 cu3 (not SP1), I have one user reporting this issue with a > file that is *.xlsb. I have not heard of this, so connected remotely to > verify the issue and take screenshots: > > > > If I use an admin account to open her mailbox via OWA from another > machine, I do not have this problem with the attachment. I also had the > original sender forward the same message (with attachment) to my test > account and don't have problems there either. > > > > Doing some reading, I verified that her OWA mailbox policy is set to our > "Default" (the only one defined, so same as my test account). I also can > see that *.xlsb is allowed via these PS commands: > > Get-OwaMailboxPolicy Default | select -ExpandProperty > BlockedFileTypes (is not listed) > > And > > Get-OwaMailboxPolicy Default | select -ExpandProperty > AllowedFileTypes (is listed) > > > > Office 2010 appears to be correctly installed and otherwise working on the > Windows 7 SP1 workstation. > > > > I checked both the OWA policy and individual server virtual directory > "file access" settings via EAC and boxes are correctly checked to allow > Direct File access from both public and private devices. > > > > I'm trying to get the person to test on another machine under her account > and get access to that machine to log on my test account, but is there > anything else I can be looking at? Could *.xlsb be blocked on her account > individually somewhere (and where to look for that)? > > > > Thanks, > Bonnie > > > > >
