Article ID: 325965 - View products that this article applies to.
This article was previously published under Q325965
When you use Microsoft Outlook Web Access (OWA), you may experience one or more of the following symptoms:
These symptoms occur if you have installed the URLScan tool on the Web server where OWA is installed, and you have not changed the default settings.
For more information about the URLScan tool, visit the following Microsoft Web site:
URLScan Security Tool version 2.0
To resolve this issue, use one of the following methods.
Method 1: Modify URLScan settingsTo modify the URLScan settings to permit additional Web Distributed Authoring and Versioning (WebDAV) verbs and Hypertext Transfer Protocol (HTTP) verbs through URLScan, modify the Urlscan.ini file. For additional information about how to modify the Urlscan.ini file, click the following article number to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/309508/ )IIS Lockdown and URLScan configurations in an Exchange environment
Method 2: Remove the URLScan toolTo remove the URLScan tool, follow these steps:
By default, the URLScan utility blocks access to messages that contain the following characters in the Subject box for the following reasons:
Note If you change " .." to " ../", requests are protected from the traversal, and e-mail messages that have ellipsis (...) in the subject are allowed. For additional information about the URLScan utility, click the following article number to view the article in the Microsoft Knowledge Base:
.. ; Does not allow directory traversals ./ ; Does not allow trailing dot on a directory name \ ; Does not allow backslashes in URL : ; Does not allow alternate stream access % ; Does not allow escaping after normalization & ; Does not allow multiple CGI processes to run on a single request
(https://support.microsoft.com/kb/309508/ )IIS lockdown and URLscan configurations in an Exchange environment
Article ID: 325965 - Last Review: October 25, 2007 - Revision: 4.8