I did a recent upgrade of a Windows 2000 Server with Exchange 2000 to Windows 2003 Server with Exchange 2003. It's working great except for one issue:
I'm sharing Word documents in a newly created public folder. This works fine locally in Outlook 2002, but I get the following error when I try to access the same documents in the same folder using the public folders in OWA:
You are not authorized to view this page
You might not have permission to view this directory or page using the credentials you supplied.
If you believe you should be able to view this directory or page, please try to contact the Web site by using any e-mail address or phone number that may be listed on the home page.
You can click Search to look for information on the Internet.
HTTP Error 403 - Forbidden
I've tried relaxing all the IIS, Exchange, and Windows Security I can find for this folder; putting the directory in the M: drive, putting it on a local drive, etc. but I keep getting the same result.
As we're using Volume licensing, Microsoft won't even discuss the issue with me. Any ideas?
Since you said you are sharing documents through the public folder system, and since this happened to OWA users after upgrading from Exchange 2000 to Exchange 2003, this is likely the result of some security changes made by Microsoft to make Exchange 2003 more secure. Specifically, this refers to OWA 2003 access to freedocs, documents that are shared as standalone items in a folder. The shared item is not an attachment to a post; rather, it is considered a "free document" or freedoc for short.
Freedocs are not new to Exchange 2003; they are present in all prior versions of Exchange. However, Exchange 2000 made them more useful by making them accessible via OWA URLs (e.g., http://server/public/exchange2003/intro_e2k3.doc).
As I mentioned previously, Microsoft made a security-related change to Exchange 2003 that is blocking OWA access to freedocs. There is a registry entry you can add to your OWA servers that re-enables OWA access to freedocs:
Value: 0, 1, 2 or 3 (dec)
If this value is not present or set to 0, freedocs are completely blocked in OWA. This entry is not present by default, so freedocs are blocked out-of-the-box in OWA 2003. When set to 1, freedocs are only accessible when accessed directly via a back-end server; freedocs will not accessible to OWA users connecting through a front-end server. If you set the value to 2, freedocs are accessible from back-end servers, and from any front-end server configured with a Host Header entry that matches the following registry on the back-end server:
Value: comma-delimited list of FE servers e.g., fesvr1.domain.com, fesvr2.domain.com, etc.
Finally, when EnableFreedocs is set to 3, they are accessible to all OWA users.