You receive an "HTTP Error 403" error message when you try to log on to your mailbox in Outlook Web Access (899384)

Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

When you try to log on to your mailbox in Microsoft Outlook Web Access (OWA), you receive an error message that is similar to the following:

You are not authorized to view this page.
You do not have permission to view this directory or page using the credentials that you supplied.
Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page.
Click the Refresh button to try again with different credentials.
HTTP Error 403 - Forbidden: Access is denied.
Internet Information Services (IIS).

CAUSE

This issue occurs if one or more of the following conditions are true:

There are front-end Microsoft Exchange computers and back-end Exchange computers in your organization. Additionally, there is a firewall or another network device that does not permit a Kerberos session to the back-end Exchange computers.
There is a time difference among the following components:
- The front-end Exchange computers
- The back-end Exchange computers
- The global catalog servers
- The domain controllers
By default, the permitted time difference is five minutes. Authentication fails if the time difference exceeds five minutes.

RESOLUTION

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To resolve this issue, synchronize the clocks among the front-end Exchange computers, the back-end Exchange computers, the global catalog servers, and the domain controllers.

If you still receive the error message that is mentioned in the "Symptoms" section, follow these steps to change the front-end-to-back-end authentication method to basic authentication:

Click Start, click Run, type regedit in the Open box, and then click OK.
Expand the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Service\MSExchangeWeb
Right-click MSExchangeWeb, point to New, and then click Key.
Type Dav to name the new key, and then press ENTER.
Right-click Dav, and then create the following registry entry:

Registry entry name: UseBasicAuthToBE
Value type: DWORD
Value data: 1
Quit Registry Editor.

MORE INFORMATION

When the following conditions are true, there is an authentication issue in Exchange 2003:

There are more than 1,000 mailbox databases in an organization.

Note To work around the authentication issue, install the hotfix in the following Knowledge Base article:
899902 Users receive a 401 error message when they try to access a mailbox that is in an Exchange Server 2003 front-end server by using Outlook Web Access
After you install this hotfix, the new limit is 1,000 Exchange servers instead of 1,000 databases.
Users access their mailboxes in OWA through front-end Exchange computers.

For more information about this issue, visit the following Microsoft Web sites:

http://www.microsoft.com/technet/prodtechnol/exchange/EXBPA/4ad97f04-8d5c-413b-8d62-24f65d0a29a2.mspx

http://www.microsoft.com/technet/prodtechnol/exchange/EXBPA/9798effd-2096-4175-bc2b-68f2074a5075.mspx