Hello: Have a customer running Exchange 2003 (Verison 6.5.7638.1 ) on Windows 2003 SP2. During the reboot of thier server, they got the error “Invalid Security Id” and it reset the security on the BackOfficeStorage. Users can access Exchange via Outlook, but the web users (about 200+) can't access thier mailbox via OWA. Microsoft remoted in when this happened last time and fixed the permisions on the \\.\BackOfficeStorage\MBX directories but didn't tell the customer what the ACLs should be. Domain Administrators can access the mailboxes via OWA and can list the directories via the command prompt. I dumped the permisions using xcacls for a mailbox, but unfortunatley, I don't have access to a E2K3 box to compare: C:\Program Files\Support Tools>xcacls \\.\backofficestorage\someschool.k12.xx.us\mbx\testacc | more \\.\backofficestorage\someschool.k12.xx.us\mbx\testacc someschool\testacc:(OI)(CI)F someschool\Exchange Domain Servers:(OI)(CI)F <Account domain not found>(OI)(CI)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)F <Account domain not found>(OI)(CI)(IO)F Someschool\TTCEMJ-84EF8E29A342:(OI)(CI)F SOmeschool\TTCEMJ-84EF8E29A342:(OI)(CI)(IO)F <Account domain not found>(OI)(CI)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)(IO)F <Account domain not found>(OI)(CI)(IO)F SOmeschool\Domain Admins:(OI)(CI)F SOmeschool\Enterprise Admins:(OI)(CI)N SOmeschool\Exchange Services:(OI)(CI)F SOmeschool\EXCHANGE$:(OI)(CI)F SOmeschool\ExMerge:(OI)(CI)F SOmeschool\BlackBerryServ:(OI)(CI)F NT AUTHORITY\ANONYMOUS LOGON:(OI)(IO)(DENY)(special access:) STANDARD_RIGHTS_ALL DELETE READ_CONTROL WRITE_DAC WRITE_OWNER SYNCHRONIZE STANDARD_RIGHTS_REQUIRED FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE FILE_READ_DATA FILE_WRITE_DATA FILE_APPEND_DATA FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES NT AUTHORITY\ANONYMOUS LOGON:(CI)(DENY)(special access:) STANDARD_RIGHTS_ALL DELETE READ_CONTROL WRITE_DAC WRITE_OWNER SYNCHRONIZE STANDARD_RIGHTS_REQUIRED FILE_GENERIC_READ FILE_GENERIC_WRITE FILE_GENERIC_EXECUTE FILE_READ_DATA FILE_WRITE_DATA FILE_APPEND_DATA FILE_READ_EA FILE_WRITE_EA FILE_EXECUTE FILE_READ_ATTRIBUTES FILE_WRITE_ATTRIBUTES C:\Program Files\Support Tools>

Spent about 80 minutes on the phone with a nice MS Engineer tonight. Thought I would update the posting in case anyone else runs into the problem. The fix -- fix a permsion on the \exchsrvr\bin\davex.dll file. The file security was only allowing Administrators and System. Added Authenticated Users with Read/Exec, Read and Write access and OWA started to work again. Hope that might help someone! Bill

Hi, Thanks for sharing. Best regards, Serena Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.