Solved

OWA /can't access OWA via https:from outside my firewall

Posted on 2004-04-06
8
989 Views
Last Modified: 2006-11-17
Hi,

I am attempting to access OWA via https.  I am able to access it via http: from both inside and outside my firewall (Netscreen 5GT).  I'm able to access OWA via https: from inside the firewall, but not from outside the firewall.

I have enabled the following ports in a policy on the firewall:
80, 8443 (changed from 443), 135, 995, 25

I would appreciate some help on this, please.

Thanks,
Bostechie
0
Comment
Question by:bostechie
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:hcoltrain
ID: 10770132
What is your Public IP address?
0
 

Author Comment

by:bostechie
ID: 10770530
207.172.212.72
0
 
LVL 3

Assisted Solution

by:hcoltrain
hcoltrain earned 50 total points
ID: 10770641

I cannot make a telnet connection to that port. I would guess it is not forwarding correctly.

C:\Documents and Settings\Administrator>telnet 207.172.212.72 8443
Connecting To 207.172.212.72...Could not open a connection to host on port 8443
: Connect failed
0
 
LVL 10

Assisted Solution

by:OneHump
OneHump earned 450 total points
ID: 10771227
I can get there with http port 80.  Seems like 443 isnt open.  You do have an SSL certificate installed and SSL is enabled on the virtual directory, right?

All you need is 443 from the Internet to that server.  You don't need 80 unless you want to host http, which is not recommended.  I would also put some sort of dual factor authentication solution in front of that site.

Now I just read that you changed your SSL port from 443.  Did you tell IIS that?  Why did you do it?  There really is no need unless you're trying to secure your server through obscurity.

OneHump
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 10

Expert Comment

by:OneHump
ID: 10771262
Wow, this is quite a thread.  :)

VERY detailed instructions on everything that needs to be done, including client configuration, to get RPC over HTTP are found here:

How to configure RPC over HTTP on a single server in Exchange Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401


OneHump
0
 

Author Comment

by:bostechie
ID: 10773890
The boss wanted to change 443 to 8443 for the reason you stated, I supppose.  
80 is open only while setting up/ testing and will be closed today.

I assume the cert is installed/enabled properly since I can access OWA via https internally.

I am running Exchange 2000 (failed to mention this). Does the RPC over HTTP still apply?
0
 
LVL 10

Accepted Solution

by:
OneHump earned 450 total points
ID: 10779385
Sorry, my last post was intended for a different thread which I can no longer find.  Either EE messed up or I'm going crazy.  :)

No, RPC over HTTP does not apply to E2K.  :)

I might suggest that your boss pursues dual factor authentication over the obscurity method.  Hackers don't care about obscure ports when they run port scanners against your box.

If that server is fully functional on the inside using that port and HTTPS, then you definately have a firewall issue.  Try opening 443 on to the outside just for the heck of it.

OneHump

0
 

Author Comment

by:bostechie
ID: 10779784
I tried to discourage him from changing the port, but you know how it is with bosses sometimes.  Afeter lot's of time ($$$) and aggravation I convinced him to let me go back to 443 and what do you know we where able to open the port in the firewall and all is now well.  They never listen!

Thanks for all your feedback.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
This video discusses moving either the default database or any database to a new volume.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now