Error message when you try to log on to Exchange 2007 by using Outlook Web Access: "440 Login Timeout"

Article translations Article translations
Article ID: 941201 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When you try to log on to Microsoft Exchange Server 2007 or Exchange Server 2010 by using Microsoft Office Outlook Web Access, you receive the following error message:
440 Login Timeout

CAUSE

This issue occurs if a permissions issue or an authentication issue exists in Internet Information Services (IIS) or in the IIS metabase.

RESOLUTION

To resolve this problem,follow these step for your version of Exchange Server. After each step, determine whether the problem is resolved. If the problem persists, continue to the next step.

Before you begin, we recommend that you run the following command in the Exchange Management shell:
 Get-OwaVirtualDirectory |fl >Owavdir.txt

This provides an output file that can be used as a reference when you re-create the OWA virtual directories
For Exchange Server 2007

Step 1: Delete and then re-create the Outlook Web Access-related virtual directories

To delete the Outlook Web Access-related virtual directories, follow these steps:
  1. Start the Exchange Management Shell.
  2. Type the following commands. Press ENTER after you type each command.
    Note These commands are case-sensitive.
    • Remove-OwaVirtualDirectory "exchange (default web site)"
    • Remove-OwaVirtualDirectory "public (default web site)"
    • Remove-OwaVirtualDirectory "exchweb (default web site)"
    • Remove-OwaVirtualDirectory "owa (default web site)"
To re-create the Outlook Web Access-related virtual directories, type the following commands at the Exchange Management Shell. Press ENTER after you type each command:
  • New-OwaVirtualDirectory "exchange" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Mailboxes -WebSiteName "Default Web Site"
  • New-OwaVirtualDirectory "public" -OwaVersion Exchange2003or2000 -VirtualDirectoryType PublicFolders -WebSiteName "Default Web Site"
  • New-OwaVirtualDirectory "exchweb" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Exchweb -WebSiteName "Default Web Site"
  • New-OwaVirtualDirectory -name "owa" -OwaVersion Exchange2007 -WebSiteName "Default Web Site" –InternalURL https://internalURL/owa -ExternalURL https://externalURL/owa

For Exchange Server 2010

Step 1: Delete and then re-create the Outlook Web Access-related virtual directories

To delete the Outlook Web Access-related virtual directories, follow these steps:
  1. Start the Exchange Management Shell.
  2. Type the following commands. Press ENTER after you type each command.
    Note These commands are case-sensitive
    • Remove-OwaVirtualDirectory “owa (default web site)"
    • Remove-ecpVirtualDirectory "ecp (default web site)"

    To re-create the Outlook Web Access-related virtual directories, type the following commands at the Exchange Management Shell. Press ENTER after you type each command:
    • New-OwaVirtualDirectory -name "owa" -WebSiteName "Default Web Site" –InternalURL https://internalURL/owa -ExternalURL https://externalURL/owa
    • New-EcpVirtualDirectory -name "ECP" -WebSiteName "Default Web Site"

    Note Where the “internalURL” signifies the internal Fully Qualified Domain Name of your Client Access Server (such as CAS1.contoso.com), and the “externalURL” signifies the external URL that your users connect to in order to access OWA (such as mail.consoso.com).

Step 2: Re-synchronize the passwords

Re-synchronize the passwords in the metabase and in the Active Directory directory service for the following accounts:
  • IUSR_ComputerName
  • IWAM_ComputerName
To do this, follow these steps:
  1. Start a command prompt, and then use the cd command to change to the following directory:
    c:\inetpub\adminscripts
  2. Type the following command, and then press ENTER:
    notepad adsutil.vbs
  3. Locate the following code.
    If (Attribute = True) then
    IsSecureProperty = True
    Else
    IsSecureProperty = False
    End If
  4. In this code, change the value for IsSecureProperty from True to False, and then save the changes to the file.

    Important After you follow steps 1 through 4 to re-synchronize the passwords, you must change the first IsSecureProperty value back to True and then save the changes to the file.
  5. At the command prompt, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc1\anonymoususerpass
    Results that resemble the following are returned:
    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft corporation 1996-2001. All rights reserved.
    
    anonymoususerpass		: (STRING) "HtV9o2w.18)@SY"
    Note You may receive error code -2147024893 when you run this command. This issue occurs if the Anonymoususerpass property is set at the w3svc level for all Web sites and not at the particular Web site level (w3svc1). In this scenario, modify the get command to specify the w3svc level. To do this, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc\anonymoususerpass
  6. Copy the password that is displayed between the quotation marks in the returned results, and then use this password to reset the password for the IUSR_ComputerName account.
  7. At the command prompt, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc1\wamuserpass
    Results that resemble the following are returned:
    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft corporation 1996-2001. All rights reserved.
    
    wamsuserpass		        : (STRING) "Tl&b9^1n9`7g*9"
    Note If you receive error code -2147024893 when you run this command, type the following command, and then press ENTER:
    cscript adsutil.vbs get w3svc\wamuserpass
  8. Copy the password that is displayed between the quotation marks in the results, and then use this password to reset the password for the IWAM_ComputerName account.
  9. Follow steps 1 through 3 to view the IsSecureProperty entry in the adsutil.vbs file. Revert the value of the first IsSecureProperty entry to True, and then save the changes to the file.

Step 3: Remove the Anonymoususerpass property from the ROOT container in the metabase

To remove the Anonymoususerpass property from the ROOT container in the metabase, follow these steps:
  1. Start a command prompt, and then use the cd command to change to the following directory:
    c:\inetpub\adminscripts
  2. Type the following command, and then press ENTER:
    cscript adsutil.vbs find w3svc/anonymoususerpass
    Results that resemble the following are returned:
    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft corporation 1996-2001. All rights reserved.
    
    Property anonymoususerpass found at:
      w3svc
  3. If the Anonymoususerpass property is set at w3svc and at w3svc/1/ROOT, remove the property from the ROOT level. To do this, type the following command, and then press ENTER:
    cscript adsutil.vbs delete w3svc/1/ROOT/anonymoususerpass
  4. Reset IIS. To do this, type iisreset, and then press ENTER.

    Note You may also have to restart the Client Access Server (CAS).

Step 4: Verify that Anonymous authentication is enabled for the controls virtual directory and for the auth virtual directory

Verify that Anonymous authentication is enabled for the controls virtual directory under the owa virtual directory in IIS. Also, verify that Anonymous authentication is enabled for the auth virtual directory under the owa virtual directory in IIS. To do this, follow these steps:
  1. Start the Internet Information Services (IIS) Manager Microsoft Management Console (MMC) snap-in.
  2. Expand the server name, expand Web Sites, expand Default Web Site, and then expand owa.
  3. Under owa, right-click 8.0.685.24, and then click Properties.

    Note The 8.0.685.24 virtual directory may have a different version number for a name. This depends on the version of Exchange 2007 that is installed.
  4. Click the Directory Security tab, and then click Edit under Authentication and access control.
  5. Click to select the Enable Anonymous access check box, and then click to clear all the check boxes under Authenticated access.
  6. Click OK two times.
  7. Under owa, right-click auth, and then click Properties.
  8. Follow steps 4 through 6 to enable anonymous authentication and to disable other authentication methods for the auth virtual directory.

Step 5: Verify the IUSR_ComputerName account properties

If a domain account is used for anonymous access, examine the account properties of the IUSR_ComputerName account to verify that this account is permitted to connect to the CAS server. To do this, follow these steps:

Note To determine the account that is used for anonymous access, follow the steps in "Step 4: Verify that Anonymous authentication is enabled for the controls virtual directory and the Auth virtual directory" to view the contents of the Authentication Methods dialog box.
  1. Start the Active Directory Users and Computers tool.
  2. Locate and right-click the IUSR_ComputerName account, and then click Properties.
  3. Click the Account tab, and then click Log On To.
  4. If the All computers option is selected, click Cancel, and then click OK to exit the IUSR_ComputerName Properties dialog box.
  5. If the The following computers option is selected, follow these steps:
    1. Verify that the CAS server appears in the Computer name list. If the CAS server does not appear in this list, you must add it.
    2. Click OK two times to save the changes and to exit the IUSR_ComputerName Properties dialog box.
    3. Start a command prompt on the CAS server.
    4. Type iisreset /noforce, and then press ENTER.

Properties

Article ID: 941201 - Last Review: January 26, 2010 - Revision: 2.0
APPLIES TO
  • Microsoft Exchange Server 2007 Standard Edition
  • Microsoft Exchange Server 2007 Enterprise Edition
Keywords: 
kberrmsg kbtshoot kbprb KB941201

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com