Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

OWA /can't access OWA via https:from outside my firewall

Posted on 2004-04-06
8
1,004 Views
Last Modified: 2006-11-17
Hi,

I am attempting to access OWA via https.  I am able to access it via http: from both inside and outside my firewall (Netscreen 5GT).  I'm able to access OWA via https: from inside the firewall, but not from outside the firewall.

I have enabled the following ports in a policy on the firewall:
80, 8443 (changed from 443), 135, 995, 25

I would appreciate some help on this, please.

Thanks,
Bostechie
0
Comment
Question by:bostechie
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:hcoltrain
ID: 10770132
What is your Public IP address?
0
 

Author Comment

by:bostechie
ID: 10770530
207.172.212.72
0
 
LVL 3

Assisted Solution

by:hcoltrain
hcoltrain earned 50 total points
ID: 10770641

I cannot make a telnet connection to that port. I would guess it is not forwarding correctly.

C:\Documents and Settings\Administrator>telnet 207.172.212.72 8443
Connecting To 207.172.212.72...Could not open a connection to host on port 8443
: Connect failed
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 10

Assisted Solution

by:OneHump
OneHump earned 450 total points
ID: 10771227
I can get there with http port 80.  Seems like 443 isnt open.  You do have an SSL certificate installed and SSL is enabled on the virtual directory, right?

All you need is 443 from the Internet to that server.  You don't need 80 unless you want to host http, which is not recommended.  I would also put some sort of dual factor authentication solution in front of that site.

Now I just read that you changed your SSL port from 443.  Did you tell IIS that?  Why did you do it?  There really is no need unless you're trying to secure your server through obscurity.

OneHump
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10771262
Wow, this is quite a thread.  :)

VERY detailed instructions on everything that needs to be done, including client configuration, to get RPC over HTTP are found here:

How to configure RPC over HTTP on a single server in Exchange Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401


OneHump
0
 

Author Comment

by:bostechie
ID: 10773890
The boss wanted to change 443 to 8443 for the reason you stated, I supppose.  
80 is open only while setting up/ testing and will be closed today.

I assume the cert is installed/enabled properly since I can access OWA via https internally.

I am running Exchange 2000 (failed to mention this). Does the RPC over HTTP still apply?
0
 
LVL 10

Accepted Solution

by:
OneHump earned 450 total points
ID: 10779385
Sorry, my last post was intended for a different thread which I can no longer find.  Either EE messed up or I'm going crazy.  :)

No, RPC over HTTP does not apply to E2K.  :)

I might suggest that your boss pursues dual factor authentication over the obscurity method.  Hackers don't care about obscure ports when they run port scanners against your box.

If that server is fully functional on the inside using that port and HTTPS, then you definately have a firewall issue.  Try opening 443 on to the outside just for the heck of it.

OneHump

0
 

Author Comment

by:bostechie
ID: 10779784
I tried to discourage him from changing the port, but you know how it is with bosses sometimes.  Afeter lot's of time ($$$) and aggravation I convinced him to let me go back to 443 and what do you know we where able to open the port in the firewall and all is now well.  They never listen!

Thanks for all your feedback.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question