SBS standard and OWA firewall issue

Try this: http://support.microsoft.com/default.aspx?scid=kb;en-us;326303
There is a document from Microsoft to download that might help.  It lists steps to troubleshoot OWA logins!  If the steps don't resolve it, follow the guidlines to help isolate the cause and post them here for further review.

What version of IE on the client? Have you tried more than one remote machine? I've had problems with OWA on 2003 woth older versions of IE and also where the security settings are too high.

I have tried a lot of the solutions that xxgenius pointed out in that white paper but they don't seem to be going down the right path. They mostly cover if it is not working at all and this works fine internally.
I also noticed it was for Exchange 2000 and there have been a lot of changes.
I have tried this with various versions of IE and Opera with no luck. I made it a trusted zone in IE...
I am still wondering about the sonicwall since it works fine from the internal network or maybe some new 2003 permission that can differentiate where the request is coming from?

Have you tried a laptop on and off the network? This would be a good way of ruling out the firewall.

that would be but unfotunately it's not real practical untill friday and I have to get this fixed
I did find an obscure reference to the problem here:
http://groups.yahoo.com/group/Exchange2000/message/6105?source=1
but it doesn't really provide an answer.
I have tried it on various DSL and cable modem lines, doesn't seem to make a difference

please post the exact error message, everything on the page.  

Here are links to screen shots, in the first I am using terminal services to access the server but it works exactly the same from a workstation.
The second is accessing from outside the network. Notice the print in the bottom left near the yellow triangle "error on page"

wwww.wdwinfo.com/alexmeetpics/jm1.htm
www.wdwinfo.com/alexmeetpics/jm2.htm

Hi alexssi

Few questions for you, no particular order:

1. Does the error (unable to open email) occur on all emails (including public folders) when you are using OWA remotely?

2. Do you have URLscan installed with the default configuration?

3. Does your firewall recognize the WebDAV extensions to HTTP?

4. Is the OWA and Exchange servers seperate?  If so, is the firewall in between them?

5. Do you have SP2 on the exchange server?

1. Yes it does

2.URL scan is not installed yet, this is a stock installation of SBS

3. It's a Sonicwall SOHO 3 with firmware 6.4.2, checking on that now

4. Same server, SBS has to be that way I believe

5. This is Exchange 2003 I didn't think there was service pack for that.... looking now!

Sorry, SP2 for Exchange 2000 - doesn't apply here.

You may want to review this KB:

XWEB: Troubleshooting Blank Message Bodies in Outlook Web Access
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314532

The information in this article applies to:
Microsoft Exchange Server 5.5
Microsoft Exchange Server 5.5 SP1
Microsoft Exchange Server 5.5 SP2
Microsoft Exchange Server 5.5 SP3
Microsoft Exchange Server 5.5 SP4

but it may be of some use.

I have played with permissions but I don't see how that would explain the working internally but not externally problem anyway

what information do you get when you click on the triangle, it should give a popup and discription.

also, did you try opening all ports to the exchange from the outside? then if it works you will know it is a firewall issue then immediately lock it down again.  from there you can troubleshoot which ports are blocking it.

OK..this just got totally bizarre!! I have tried this from about 10 different computers on different DSL and Cable lines. No luck at all.
On my desk at work I have an old PII, windows 98  hack job that only exists in case I want to check email without booting the laptop.
It works on that computer!!!
The problem is that one of things that is blown up on that computer is that all of the settings for security etc are greyed out, there is no way to check anything or see what some stuff says. It is the same version of IE as I have been trying everywhere else.
My laptop on the same network has the problem so it isn't the connection.
I'm just not getting this one

The error is
Line: 224
Char: 2
Error: 'g_flsMimeInstalled' is undefined
Code: 0
URL: https//mail.johnsonmcgill.com/exchange/Administrator/inbox/?cmd=contents

alexssi, you still need help on this? I just pulled up the link, and the forms based auth page showed up without errors. Is this different from what you're experiencing?


D

Nevermind, I re-read it and can see where your issue is. Can you reply or forward an email? Do you have Windows integrated auth turned on, for the exchange virtual directory?

D

Nope you can't get into anything without getting the same error
On the IIS Exchweb virtual directory "allow anonymous access" is checked and nothing else including windows integrated auth

How is the exchange directory security set? All3 of my virtual dirs are set with anon, basic, and windows integrated. i'm not advocating the windows integrated, but my exchange is also my DC/GC so ti works for me, and i don't have SSL yet. But i'm pretty sure for SSL to work, you have to select basic auth, with SSL, and i'd go ahead and specif a default domain as well. that way, no domain needs to be specified just the user account. First do this on the exchange dir....

D

I just tried changing that, doesn't seem to make a difference..
I'm getting the feeling it is a scripting error but I wish I could figure out what is different about that one 98 machine

what version of IE on the 98 box?

did you restart the default web site before you tested it? Second, has the exchange virtual directory been set up to accept only SSL connections?

D

version 6 of IE and I noticed it was exactly the same version all the way as my laptop which didn't work off the same line
I tried turning that off and doesn't seem to make a difference

tried turning what off, the SSL? Don't that's what you're trying to make work. I think maybe the virtual dirs need to be configured properly.

Tell me, any compression enabled with the forms-based auth?
Configure all the virtual dirs with the exchange in IIS to enable anon, then choose basic and windows integrated auth. Restart the webservices
You'll notice in the ESM, when you look under protocols, and the HTTP virtual server and subs, that anon is not enabled. this is by default, and should stay that way.

D

Ok tried that....didn't seem to make any difference
I do see what you mean in exchange manager...

The error is
Line: 224
Char: 2
Error: 'g_flsMimeInstalled' is undefined
Code: 0
URL: https//mail.johnsonmcgill.com/exchange/Administrator/inbox/?cmd=contents

Do you have a header in the default web site somewhere? the url that is posted in this message is missing the ':' after HTTPS. If it's trying to open a link with that path, that will fail every time, don't you think? then again, I could just be lost, I've never seen an error message like that with OWA :)

D

can I get a guest account on the server, so I can login to OWA and see this problem?

D

That was my typo, I couldn't cut and paste it, the : is there
try a username of test@johnsonmcgill.com with a password of password, I will leave it active for 1 hour

uh oh, it worked....no errors...think it's something we changed? can you try a diff mailbox than the administrator's? I opened an email, no error...just replied to it, no errors.

D

Still won't work!!  I have a few other people trying..
what OS are you running?

windows 2003 with IE 6 build 3790, 128 bit encryption.

D

Ok..so now we have 1 windows 2003 machine and one windows 98 machine that can get in...
I have XP.....

On your IE settings, do you have Windows Integrated auth turned on? (Advanced tab in IE). Second, you said this is a default install of SBS, have you changed any group perms or membership? It's very odd...I'm going upstairs and test this on an XP machine...I'll keep you posted...

D

I don't see that in advanced options..is it a 2003 thing???
and no I have not

Ok a friend of mine reports it works on her 98 machine but not on XP..same IE etc...

It doesn't matter, can't get it to work on my XP box either...very odd, but I'm sure we'll figure it out.

Is ISA server installed on this box too?

D

nope
it's the basic version of ISA
does doing this on NYE make us true geeks? :)

absolutely...my wife has been downstairs painting and making cookies, while the kids fell asleep watching the Ark.-Mizzou game....what a life :)

do you mean SBS, instead of ISA?
Anyway, here's what's odd...when I set my IE security to high on 2003 server, it still works, shows the view pane, everything...when I set it to high on the XP box, it won't even show me the forms page, gives me a message that my browser doesn't support server scripting...I'm trying to find out where to change that protion...

D

LOL DW was watching BC-Colorado...
Yes I meant SBS...
ok that's weird...

very weird...how is the default web site configured, not just Exchange virtual dirs...we're missing something basic....Since Win98 doesn't support NTLM or Kerberos, and it's succeeding, that tell me that something is very wrong.....you may actually want to restart the exchange services, but I don't think that will fix it...still looking, but may take a break to ring in the new year out here on the east coast....


D

I've restarted the services and the server a few times.. the configuration should be SBS stock! the ONLY thing I added was Symantec Antivirus for Exchange which adds a web site..

And I will probably take the same break...
wondering if I should just break down and call microsoft...

and what change did it make to the default website? the plot thickens...LOL

D

none that I can see... it makes it's own on a different port...

ok, what permissions on the default website dor Directory security?

D

Anonymous and integrated windows...

Put basic on it as well...you sure your cert is installed, and you're requiring SSL 128 bit?

D

Did that and restarted IIS admin... doesn't seem to have made a difference..
I'm pretty sure...

Works fine from here. Windows 2000 SP3 IE5 (5.00.3502.1000) 128 Bit.

but not XP... this is totally weird!!!!

ok, I'm starting to see this as an XP issue, I'll start looking there....

D

I have to admit that's a path I hadn't considered...
We did have a 98 machine at work that did have the problem though..

How about client-side anti-virus software? McAfee VirusScan can cause issues with scripting and ActiveX Controls when the Download Scan is enabled. Another thing to look at maybe.

this is SBS 2003, right?

d

Correct SBS 3000
WOO HOO!!!!!
That worked!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I'm in....
any clues what was going on? It was definitely turning off the windows auth, it was already set to force 128 bit encryption

Yes SBS 2003

Excellent!! I'm guessing since Win98 can't do windows auth in IE, no matter what, that it simply ignored it, and accepted basic auth. 2003 does either, but XP kept trying Windows auth, even when you disable it on IE at the client. Wish I could say for sure what the exact difference is, but hey at least you're up and running clean now. Happy New Year!

D

Sounds like a good guess to me.
Thank you again!!

I am having the asme issue with our server here at work with not being able to access masseges and attachments when I am working off XP machines.  It sounds like this fix works.  After reading through the posts I think I understand what's happening except I can't figure out where the settings are that will allow you to make these changes.

I use SBS 2003 and all clients are running XP PRO, does anyone remember this issue enough to help me out here?

The patch below resolved my problems with the very same issue

http://support.microsoft.com/?id=831464


According to MS the problem revolves around the ability to use gzip decompression

HTH
-jg-

I have a circumvention for this problem that is working.  I have SBS 2003 and external OWA users coming in over the internet.  The OWA user keys in my Exchange server URL using a secure session (httpS://www.mysite.com/exchange).  This brings up the OWA login screen with its two options.  If they take the two defaults, we get the the symptoms above, email showing, but not opening.

The first option is for "Client".  The choices are "Premium" or "Basic".  The default is "Premium".

The second option is for "Security".  The choices are "Public or shared computer" and "Private computer".  The default is "Public...".

I haven't researched to impact of these choices, but by choosing BOTH non-default options, "Basic" Client and "Private computer", the OWA access works for our users - circumvention achieved.  I understand from the one-liner help that we loose some features, but the mail is useable.  I'd like to hear some further research or knowledge on the impact of these choices from other sys admins.  Thanks, all.  -Craig

Hey Guys,

wondering how everyone went with this, I have installed SBS 2003, and it works on some win xp machines, but on 2 freshly formatted laptops it doesn't work i get the same issue mentioned above - does this mean it is on a client level that the issue is?  i have turned off the pass through authentication object and still the problem persists.

thanks all

James

Hey Guys,

actually i just worked out wat my issue was, i just installed the proxy client on both laptops and it worked, must be something about the natting on one of the levels, neway it is now all gud.

cheers
James