Solved

OWA /can't access OWA via https:from outside my firewall

Posted on 2004-04-06
8
997 Views
Last Modified: 2006-11-17
Hi,

I am attempting to access OWA via https.  I am able to access it via http: from both inside and outside my firewall (Netscreen 5GT).  I'm able to access OWA via https: from inside the firewall, but not from outside the firewall.

I have enabled the following ports in a policy on the firewall:
80, 8443 (changed from 443), 135, 995, 25

I would appreciate some help on this, please.

Thanks,
Bostechie
0
Comment
Question by:bostechie
  • 3
  • 3
  • 2
8 Comments
 
LVL 3

Expert Comment

by:hcoltrain
ID: 10770132
What is your Public IP address?
0
 

Author Comment

by:bostechie
ID: 10770530
207.172.212.72
0
 
LVL 3

Assisted Solution

by:hcoltrain
hcoltrain earned 50 total points
ID: 10770641

I cannot make a telnet connection to that port. I would guess it is not forwarding correctly.

C:\Documents and Settings\Administrator>telnet 207.172.212.72 8443
Connecting To 207.172.212.72...Could not open a connection to host on port 8443
: Connect failed
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 10

Assisted Solution

by:OneHump
OneHump earned 450 total points
ID: 10771227
I can get there with http port 80.  Seems like 443 isnt open.  You do have an SSL certificate installed and SSL is enabled on the virtual directory, right?

All you need is 443 from the Internet to that server.  You don't need 80 unless you want to host http, which is not recommended.  I would also put some sort of dual factor authentication solution in front of that site.

Now I just read that you changed your SSL port from 443.  Did you tell IIS that?  Why did you do it?  There really is no need unless you're trying to secure your server through obscurity.

OneHump
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10771262
Wow, this is quite a thread.  :)

VERY detailed instructions on everything that needs to be done, including client configuration, to get RPC over HTTP are found here:

How to configure RPC over HTTP on a single server in Exchange Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;833401


OneHump
0
 

Author Comment

by:bostechie
ID: 10773890
The boss wanted to change 443 to 8443 for the reason you stated, I supppose.  
80 is open only while setting up/ testing and will be closed today.

I assume the cert is installed/enabled properly since I can access OWA via https internally.

I am running Exchange 2000 (failed to mention this). Does the RPC over HTTP still apply?
0
 
LVL 10

Accepted Solution

by:
OneHump earned 450 total points
ID: 10779385
Sorry, my last post was intended for a different thread which I can no longer find.  Either EE messed up or I'm going crazy.  :)

No, RPC over HTTP does not apply to E2K.  :)

I might suggest that your boss pursues dual factor authentication over the obscurity method.  Hackers don't care about obscure ports when they run port scanners against your box.

If that server is fully functional on the inside using that port and HTTPS, then you definately have a firewall issue.  Try opening 443 on to the outside just for the heck of it.

OneHump

0
 

Author Comment

by:bostechie
ID: 10779784
I tried to discourage him from changing the port, but you know how it is with bosses sometimes.  Afeter lot's of time ($$$) and aggravation I convinced him to let me go back to 443 and what do you know we where able to open the port in the firewall and all is now well.  They never listen!

Thanks for all your feedback.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question