• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1039
  • Last Modified:

OWA /can't access OWA via https:from outside my firewall

Hi,

I am attempting to access OWA via https.  I am able to access it via http: from both inside and outside my firewall (Netscreen 5GT).  I'm able to access OWA via https: from inside the firewall, but not from outside the firewall.

I have enabled the following ports in a policy on the firewall:
80, 8443 (changed from 443), 135, 995, 25

I would appreciate some help on this, please.

Thanks,
Bostechie
0
bostechie
Asked:
bostechie
  • 3
  • 3
  • 2
3 Solutions
 
hcoltrainCommented:
What is your Public IP address?
0
 
bostechieAuthor Commented:
207.172.212.72
0
 
hcoltrainCommented:

I cannot make a telnet connection to that port. I would guess it is not forwarding correctly.

C:\Documents and Settings\Administrator>telnet 207.172.212.72 8443
Connecting To 207.172.212.72...Could not open a connection to host on port 8443
: Connect failed
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
OneHumpCommented:
I can get there with http port 80.  Seems like 443 isnt open.  You do have an SSL certificate installed and SSL is enabled on the virtual directory, right?

All you need is 443 from the Internet to that server.  You don't need 80 unless you want to host http, which is not recommended.  I would also put some sort of dual factor authentication solution in front of that site.

Now I just read that you changed your SSL port from 443.  Did you tell IIS that?  Why did you do it?  There really is no need unless you're trying to secure your server through obscurity.

OneHump
0
 
OneHumpCommented:
Wow, this is quite a thread.  :)

VERY detailed instructions on everything that needs to be done, including client configuration, to get RPC over HTTP are found here:

How to configure RPC over HTTP on a single server in Exchange Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401


OneHump
0
 
bostechieAuthor Commented:
The boss wanted to change 443 to 8443 for the reason you stated, I supppose.  
80 is open only while setting up/ testing and will be closed today.

I assume the cert is installed/enabled properly since I can access OWA via https internally.

I am running Exchange 2000 (failed to mention this). Does the RPC over HTTP still apply?
0
 
OneHumpCommented:
Sorry, my last post was intended for a different thread which I can no longer find.  Either EE messed up or I'm going crazy.  :)

No, RPC over HTTP does not apply to E2K.  :)

I might suggest that your boss pursues dual factor authentication over the obscurity method.  Hackers don't care about obscure ports when they run port scanners against your box.

If that server is fully functional on the inside using that port and HTTPS, then you definately have a firewall issue.  Try opening 443 on to the outside just for the heck of it.

OneHump

0
 
bostechieAuthor Commented:
I tried to discourage him from changing the port, but you know how it is with bosses sometimes.  Afeter lot's of time ($$$) and aggravation I convinced him to let me go back to 443 and what do you know we where able to open the port in the firewall and all is now well.  They never listen!

Thanks for all your feedback.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now