Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

OWA /can't access OWA via https:from outside my firewall

Posted on 2004-04-06
8
Medium Priority
?
1,031 Views
Last Modified: 2006-11-17
Hi,

I am attempting to access OWA via https.  I am able to access it via http: from both inside and outside my firewall (Netscreen 5GT).  I'm able to access OWA via https: from inside the firewall, but not from outside the firewall.

I have enabled the following ports in a policy on the firewall:
80, 8443 (changed from 443), 135, 995, 25

I would appreciate some help on this, please.

Thanks,
Bostechie
0
Comment
Question by:bostechie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:hcoltrain
ID: 10770132
What is your Public IP address?
0
 

Author Comment

by:bostechie
ID: 10770530
207.172.212.72
0
 
LVL 3

Assisted Solution

by:hcoltrain
hcoltrain earned 200 total points
ID: 10770641

I cannot make a telnet connection to that port. I would guess it is not forwarding correctly.

C:\Documents and Settings\Administrator>telnet 207.172.212.72 8443
Connecting To 207.172.212.72...Could not open a connection to host on port 8443
: Connect failed
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Assisted Solution

by:OneHump
OneHump earned 1800 total points
ID: 10771227
I can get there with http port 80.  Seems like 443 isnt open.  You do have an SSL certificate installed and SSL is enabled on the virtual directory, right?

All you need is 443 from the Internet to that server.  You don't need 80 unless you want to host http, which is not recommended.  I would also put some sort of dual factor authentication solution in front of that site.

Now I just read that you changed your SSL port from 443.  Did you tell IIS that?  Why did you do it?  There really is no need unless you're trying to secure your server through obscurity.

OneHump
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10771262
Wow, this is quite a thread.  :)

VERY detailed instructions on everything that needs to be done, including client configuration, to get RPC over HTTP are found here:

How to configure RPC over HTTP on a single server in Exchange Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401


OneHump
0
 

Author Comment

by:bostechie
ID: 10773890
The boss wanted to change 443 to 8443 for the reason you stated, I supppose.  
80 is open only while setting up/ testing and will be closed today.

I assume the cert is installed/enabled properly since I can access OWA via https internally.

I am running Exchange 2000 (failed to mention this). Does the RPC over HTTP still apply?
0
 
LVL 10

Accepted Solution

by:
OneHump earned 1800 total points
ID: 10779385
Sorry, my last post was intended for a different thread which I can no longer find.  Either EE messed up or I'm going crazy.  :)

No, RPC over HTTP does not apply to E2K.  :)

I might suggest that your boss pursues dual factor authentication over the obscurity method.  Hackers don't care about obscure ports when they run port scanners against your box.

If that server is fully functional on the inside using that port and HTTPS, then you definately have a firewall issue.  Try opening 443 on to the outside just for the heck of it.

OneHump

0
 

Author Comment

by:bostechie
ID: 10779784
I tried to discourage him from changing the port, but you know how it is with bosses sometimes.  Afeter lot's of time ($$$) and aggravation I convinced him to let me go back to 443 and what do you know we where able to open the port in the firewall and all is now well.  They never listen!

Thanks for all your feedback.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question