Solved

OWA and Isa-server on same SBS200-computer

Posted on 2004-10-22
438 Views
Last Modified: 2009-12-16
I have a server running SBS2000. On this same server I am running ISA2000 and Exchange2000. ISA is listening on port 80, IIS on a different port. All my websites are redirected through ISA through Destionation-sets and Web Publishing Rules. This all works fine.

Now I have done the same for Exchange (which is in the Default Web Site), so I could use OWA (only HTTP, no HTTPS/SSL etc., just to be able to get it working). When I try to connect to it through my internal network, it is running fine, no problems.

However, trying to connect from outside always gives me the same error. I type in "http://myexchange.mydomain.com/exchange/username" (exactly the same URL as on my local network), an authentication-popup appears. After filling in my credentials the browser clears, then the vertical bar appears, which separates the boxes on the left side from whats in the boxes on the right. Then for about 15 secs. the browser says "connecting to site MyIP". Then it displays the message "The page cannot be displayed" I tried all kind of solutions I found on the Internet, playing with Anonymous/Basic authentication, nothing.

When I leave out the Web publising Rule, and set IIS to listen on port 80 again, I can access OWA also from external. But of course I don't wan't IIS to listen on port 80!!!

Any clues ??
0
Question by:vanmilp
    17 Comments
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    Can you not set a forward in ISA that points to the exchange site? (don't think so)

    http://www.kbalertz.com/kb_325097.aspx  This sounds like your problem.

    0
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    Sorry forgot to post this link.  Discuss's configuring ISA for OWA.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;290113
    0
     
    LVL 15

    Expert Comment

    by:adamdrayer
    0
     

    Author Comment

    by:vanmilp
    All these links use port 80 on IIS to access Echange-web (with SocketPooling disabled), but I don't want to use port 80, I want to use a different port, say 8085. I think the main problem is in the fact that Exchange virtual. dirs. are placed in the Default Web Site. When I can place them in a different Web-site, I think the problem could be solved. Is that possible, and if so, how do I do it?
    0
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    Hi there,

    Well in internet services manager you can change the default path of the web site?  That might work. If you open IIS manager, and then right click on the default web site (or which ever is your exchange) you can specify the port you would like it to be on.  IE 8085.

    Don't forget when testing to add the :8085 to the end of the address.

    ISA may cause an issue with this so using the above articles confirm that ISA is configured to understart 8085.

    Otherwise see if you can set up a redirect within ISA that listens on port 8085 but forwards to port 80.
    0
     

    Author Comment

    by:vanmilp
    Skulls_hawk, that's just what I am doing, and that's also the problem (specifying another port than 80 on the Default Web Site). When using port 80, no problem. However, when using a different port, I can't get connected from external, whether I specify the port # or not. Internal is no problem, I can connect without problems, as long as I don't add a port #. As told before, when connecting from external, I get the vertical division-bar from OWA, then on both sides "The page cannot be displayed".
    I must add to this that, in order to get it working on the internal net, I had to add 2 forwarders in DNS pointing to my mail-site, but I don't think this can be a reason for the problem.
    0
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    Interestingly enough, I had a client that wanted to use OWA, so I talked him through various settings on the firewall to set the public port to something other than 8081.  On his site even if on port 80 you couldn't specify a port.  OWA seems to be very fussy about that.

    We have another client, where the internal port is still on 80 but the external on something else.  The router does a port forward and that works.

    I remember seeing an article yesterday that was similar to your problem.  Let me see if I can find it.

    Sorry for the misunderstanding, it seems I'm not reading properly at the moment, must be old age. :-)
    0
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    http://www.kbalertz.com/kb_325097.aspx

    Not sure if your setup things ISA is a front end server or if  this is similar to yours, but it may be a problem.

    http://www.mcse.ms/archive73-2004-3-446442.html

    This has info and help on Moving/recreating the OWA virtual dir.  
    0
     

    Author Comment

    by:vanmilp
    Tried all suggestion, still no luck.

    AdamDrayer, I could only access the first part on BrainBuzz.com, even after registrering. Do you have the full article ?

    I also noticed that, when accessing OWA from inside the LAN, I have to type in name/password twice, but when trying to access it from outside only once, so could it be an authentication-problem ??
    0
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    So when you access from outside you actually get a username prompt?  if so then it sounds like the server is responding to requests.  Hmmmm... Have you tried several usernames?  Authentication problems normally generate their own errors, but if you are getting a login request, then possibly it is a minor port issue?
    0
     

    Author Comment

    by:vanmilp
    Yes, after logging-in (once) I even get the vertical split-bar which should appear between the folders (Inbox, Send etc.) on the left and their content (Messages etc.) on the right, however, it's only a thin vertical line, not the line you see when everything is working well (which is wider). Then, after about 10/15 seconds I get the "The page cannot be displayed" on both sides of the vertical split-bar.

    I tried creating a new website with Exchange-folders in it as stated in the MS-article (recreating OWA virtual dir), but no luck. But, as soon as I set the default web-site port to 80, and do not use a web-publishing-rule and destination-set, OWA is running fine. So it looks like either OWA can't run on a port different than 80, or credentials are not forwarded ??
    0
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    I've seen articles describing how to change the default port in IIS, so exchange must be able to run on another.  It does sound like there is an issue with rules in ISA possibly.

    Is there any way you can disable ISA, and test that way?  IE eliminate ISA as a cause.  
    0
     

    Author Comment

    by:vanmilp
    I can't disable ISA, because then the port-mapping and web-publishing rules wouldn't work anymore.

    I saw that, when trying to connect over a slow line, after logging in (DomainName\UserName and Password), the statusbar on the bottom of IE says:
    Opening page: http://MyExchangeSite:AssignedPortNr/Exchange/MyName/Inbox/?Cmd=contents. . .

    It looks as if IE can see the directory-structure, but can't proceed loading. Can this have anything to do with the fact that my server is a FAT-32 instead of NTFS (don't think so)?
    0
     
    LVL 5

    Expert Comment

    by:SKULLS_Hawk
    I guess it's possible.  Any particular reason you are on Fat32?  Strange problem, it seems to be a performance issue of some kind then.  Possibly ISA is taking to long to route requests, or is not allowing portions of data through.  I doubt it is related to Fat32, although from a security point of view you definately want to convert it to NTFS.

    The only thing I can suggest, and without really seeing this server it's difficult, but you need to eliminate ISA as a cause of this problem.  The only way I can think of is to disable it, but that would mean reconfiguring your net access etc which is a nightmare.

    The other way possibly is to make sure access through the ISA is unrestricted.  Obviously which ever route you can manage (if possible) it is only temporary to eliminate ISA from the equation.  ISA is more a suspect than Exchange since OWA works internally.
    0
     

    Author Comment

    by:vanmilp
    Can it have anything to do with DNS? I had to add Hosts in DNS for my websites, because they couldn't be access from inside the LAN, and I did the same for the Exchange Virtual Directory.
    Strange thing is that, when I leave the OWA-site in DNS, with Netscape I have to put in my password twice (on local LAN), but when accessing it from external I only have to put it in once.
    0
     
    LVL 5

    Accepted Solution

    by:
    DNS is possible, but unlikely since it works internally.  Strange that you need to put password in twice but is it Netscape both internally and externally?  Might be a netscape peculirarity.

    The other reason I'm less inclined to think it is DNS, is that you get a partial window, first and it seems to find the site. I think if it was DNS related, you would get page not found from the start.  Difficult to say for sure though.

    0
     

    Author Comment

    by:vanmilp
    Well, I succeeded partially.

    I got it working on a new virtual website, so the default website can be used for other things. However, also this new virtual website will only work on port 80!! As long as I use port 80, I can access without problems. As soon as I use a different port (in both the website as the web-publishing rule), the browser says: connecting to site <MyIPAddress>.

    So the browser does resolve the name, and I can login (on port 80) through ISA, but only on port 80. Could this be a flaw in Exchange where Exchange will only allow port 80 for OWA ??
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

     Java Android Coding Bundle

    Whether you're an Apple user or Android addict, learning to code for the Android platform is an extremely valuable, in-demand skill. It all starts with Java, the language behind the apps and games that make Android the top platform it is today.

    Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
    So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
    This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
    This video discusses moving either the default database or any database to a new volume.

    934 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now