Solved

What ports need to be open at the remote site to access OWA?

Posted on 2004-04-21
8
384 Views
Last Modified: 2008-02-26
I know that port 80 needs to be open on my local firewall, but what ports need to be open on a remote site firewall for someone to be able to access OWA from there?

I was always under the impression that as long as the remote site had web access (and of course my firewall allowed it), then anyone at that remote site should be able to access OWA remotely.
0
Comment
Question by:piersk
  • 4
  • 3
8 Comments
 
LVL 6

Expert Comment

by:bwinzenz
ID: 10879763
You are correct.  As long as the remote site can access the Internet (all http traffic uses port 80), then as long as your firewall has port 80 inbound open to the OWA server, they should be able to access it.  There really isn't much more to it than that.  If you think about it, OWA is just another website.

If you want to secure OWA, you would want to use SSL (https) and obtain a certificate from an online certificate authority (such as Thawte).

Ben
0
 
LVL 1

Author Comment

by:piersk
ID: 10879803
Apparently (having spoken to the support team at the remote location) there are other ports that need to be opened.

I probably should have explained myself a bit better. My colleague can access the site. He can log in and gets the icons on the left and the top, but nothing in the central, main part of the screen. I need to know the ports that need to be unblocked for this to work.
0
 
LVL 6

Expert Comment

by:bwinzenz
ID: 10880444
After looking at this again, it appears that the remote client will use a high port locally (1024+) and it connects to port 80 of the OWA server.  However, the outbound connection on the client should occur over port 80.  The local port that the client uses should not matter one bit.

Have you tested logging on to OWA locally on your LAN?  Does that produce different results?  Have you installed URLScan or the IIS Lockdown Tool on the OWA server?  Both of those are known to cause problems with OWA unless they have been specifically tuned for Exchange/OWA.

Ben
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 1

Author Comment

by:piersk
ID: 10880480
I havent installed URLScan or IIS Lockdown.

My colleague can access OWA when on dial up from the same workstation, just not when he is on the network (please bear in mind that he is doing some consultancy for another company and is at their offices), so I am trying to fix his for THEIR network guys. I know for a fact that its something to do with their firewall, but they have no idea what port needs to be unblocked, so I am doing the work for them...

I'm not bitter ;-)
0
 
LVL 6

Expert Comment

by:bwinzenz
ID: 10880549
Tell ya what.  I'm gonna set up my laptop in our DMZ (to simulate being on the Internet coming in), and I'll run a packet sniffer showing me all traffic from my laptop to my OWA server.  I'll post back the results in a few.  I honestly don't think it is a port issue.  It could be something *else* causing the problem, but it shouldn't be a port issue.

Ben
0
 
LVL 6

Accepted Solution

by:
bwinzenz earned 250 total points
ID: 10880764
OK - I just tested this.  Every single packet that was sent from my laptop to my OWA server was sent out on either port 80 or 443 (I have SSL set up).  There were no other ports involved.

I'd suggest that you test this as well.  The tool that I use is called NetworkActivSniffer.  It was a free download.  Do a Google search for it and I'm sure that you will find it.  I agree with you here that something is funky with their end of things, but it is not the ports.  Do they perhaps have some other type of device between your colleague's computer and the Internet?  Have him run a tracert to your OWA server and find all the hops that are on their network.  Make sure there isn't some sort of QoS device that could be blocking the content (Packetshaper, Sitara, etc.).  Is there a Proxy server on their end?

Ben
0
 
LVL 1

Author Comment

by:piersk
ID: 11105836
Not abandoned, just forgotten (sorry).

Spoke to the IT people their end (having seen bwinzenz's answer) and they have their network set up so that it would allow use of OWA 2k3, but I don't think they really had much of a clue since they didn't know how to change it to allow access for OWA2000. Such is life
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question