When adding new users to an Active Directory Security Group, the users do not see Messageware functionality immediately

 

This article applies to the following products:
     Messageware OWA Suite 2003

     Messageware OWA Suite 2007

 

SYMPTOM

 

When custom rules are created in the AttachView Administrative Console, using Membership lists of Security Groups in Active Directory, users that are added or removed do not see Messageware products functionality in their OWA session.

 

CAUSE

 

This behavior is caused due to the user’s security token not being refreshed after the changes have been made in Active Directory. When a user logs into the OWA session, the updated security permissions are not read from Active Directory immediately and instead are acquired from the IIS cached settings.

 

RESOLUTION

 

To correct this behavior and have the changes applied immediately for the newly added or removed user/s, a restart of the World Wide Web Publishing Service is required.

 

For critical environments where a restart for the World Wide Web Publishing Service is not feasible, apply the steps below:

 

1.     Start Registry Editor (Click on Start > Run and type in regedit)

2.     Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters

3.     Create the following entry:

Value Name: UserTokenTTL
Data Type: REG_DWORD
Data: (Number of seconds for token to be cached - 30 second min)

4.     Close the Registry Editor

 

Note: After applying the above settings, the applied changes to the Security Group will take effect after 30 seconds when users are added or removed from the Membership List.

 

 

REFERENCES

 

XWEB: Mailbox Access via OWA Depends on IIS Token Cache

http://support.microsoft.com/kb/173658

 

This article applies to the following products:
     Messageware OWA Suite 2003

     Messageware OWA Suite 2007