jhuntii
asked on
Outlook Web Access OWA not working in Exchange 2010
I brought a new server 2008 into our SBS 2003 environment. We finally have it up and running with message flowing for Outlook and cell phone users. When we go to the website https://<ourdomain.com>/owa the site comes up and we can enter our username and password. When we submit this, the next page that comes up is completely blank except for two words in the upper left corner saying: Bad Request. So there's obviously a disconnect between IIS and Exchange and it probably simple but I'm not that experienced in IIS/Exchange setup and troubleshooting.
ASKER
OK, I checked the headers for the Default Site (the only site I have) and there are no headers set for HTTP nor HTTPS. In looking at the basic settings of the Exchweb folder and owa folder, there is a test button. The test for both say that authentication is OK, but that Authorization is questionable with this info:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
and:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
I checked the physical location and Authenticated Users, System, and Administrators group all have right to the owa folder. Any other things to check? Could it still be trying to look at the 2003 owa site? I have the firewall forwarding everything to this new server. Thanks.
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
and:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
I checked the physical location and Authenticated Users, System, and Administrators group all have right to the owa folder. Any other things to check? Could it still be trying to look at the 2003 owa site? I have the firewall forwarding everything to this new server. Thanks.
Does owa working internally?
ASKER
No, it does not. It gives the same error 400 Bad Request.
Hi jhuntii,
At this point I think it would be eaiser for you to delete and recreate your Exchange virtual directories. Don't worry it's not difficult. Just follow the MS instructions provided below. Once the directories are recreated you will need to follow up and reset the security permissions on the virtual directories. All is explained int he KB article.
If there is any point in the KB you don't understand just ask.
http://support.microsoft.com/kb/883380
At this point I think it would be eaiser for you to delete and recreate your Exchange virtual directories. Don't worry it's not difficult. Just follow the MS instructions provided below. Once the directories are recreated you will need to follow up and reset the security permissions on the virtual directories. All is explained int he KB article.
If there is any point in the KB you don't understand just ask.
http://support.microsoft.com/kb/883380
Hi,
Refer this:
http://social.technet.microsoft.com/Forums/en/exchangesvrclients/thread/5c3b9041-a479-4979-a176-a11e8cbfc55f
Hope this helps,
Shree
Refer this:
http://social.technet.microsoft.com/Forums/en/exchangesvrclients/thread/5c3b9041-a479-4979-a176-a11e8cbfc55f
Hope this helps,
Shree
ASKER
OK, I know I been away for a while. If I need to open a new thread, I can.
Shreedhar, I was incorrect. OWA Does work internally, but not externally. Must be a firewall issue??
Shreedhar, I was incorrect. OWA Does work internally, but not externally. Must be a firewall issue??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As OWA working internally just check the firewall settings to see whether the external owa requests are getting forwarded to the server.
ASKER
Oztrodamus, followed your suggestions and also in the Application Development section, selected SMTP-Email in the OWA virtual directory in IIS and under the section of Deliver email to SMTP server, checked Localhost checkbox (was not checked), and selected Windows authentication. And, OWA is working! :) Yeah!!
I do have a question about the Authentication settings in the Security section that you mention. You said to set to Basic authentication and turn the rest off. Shouldn't this be Windows authentication to access OWA??
I do have a question about the Authentication settings in the Security section that you mention. You said to set to Basic authentication and turn the rest off. Shouldn't this be Windows authentication to access OWA??
Hi jhuntii,
Glad to hear it's working :)
The recommended setting is Basic Authentication. You don't have to worry about security, because even though the password is sent in clear text it's encrypted by virtue of the fact you're connected via an IPSec tunnel.
You can use Windows Authentication if you want to, but it severely restricts the flexibility of OWA. It would require that all PC's using OWA be members of your authentication domain. And the only benefit it would provide is transparent login, which in turn would prevent you from signing in with an alternate account. I think you give up too much with no real added benfit to use it.
Cheers,
Glad to hear it's working :)
The recommended setting is Basic Authentication. You don't have to worry about security, because even though the password is sent in clear text it's encrypted by virtue of the fact you're connected via an IPSec tunnel.
You can use Windows Authentication if you want to, but it severely restricts the flexibility of OWA. It would require that all PC's using OWA be members of your authentication domain. And the only benefit it would provide is transparent login, which in turn would prevent you from signing in with an alternate account. I think you give up too much with no real added benfit to use it.
Cheers,
ASKER
Thanks again very much. :)
Refer this:
https://www.experts-exchange.com/questions/22755908/OWA-Bad-Request-Invalid-Hostname-Owaauth-dll.html
Hope this helps,
Shree