Migrated Mailbox from Exchange 2003 to Exchange 2007 Prevents User from Logon to Outlook Web Access 2007 (OWA) Post Mailbox Move.

Link to full PDF
“If your Exchange 2007 Outlook Web Access (OWA) is failing for a user after the mailbox is
migrated from Exchange 2003 to Exchange 2007, the user account should be checked on the
Security tab under Advanced to see if it has “Allow inheritable permissions from the parent to
propagate to this object and all child objects.”

So how does this get turned off? Well, if the account is an administrative account or was ever an
administrative account previously, it will be turned off automatically. Reference the following:”

XADM: Do Not Assign Mailboxes to Administrative Accounts

From Article ID: 328753
“To help guard against such security issues, the Administrator account and accounts that are
members of these security groups are not permitted to inherit permissions. On the Security tab of
the group or account’s properties page, you can see that the Allow inheritable permissions from
parent to propagate to this object check box is not selected. Moreover, if you click to select this
check box, a Microsoft Windows 2000 system task soon clears it automatically. Clearing the
check box is a function of Windows 2000 intended to prevent hackers from playing with security
and inappropriately increasing their permissions to the level of administrator.”
While the article applies to Windows 2000, a similar thing occurs in Windows 2003.

-Credit to Forrest McDuffie of Pointbridge Consulting