OWA and Isa-server on same SBS200-computer

I have a server running SBS2000. On this same server I am running ISA2000 and Exchange2000. ISA is listening on port 80, IIS on a different port. All my websites are redirected through ISA through Destionation-sets and Web Publishing Rules. This all works fine.

Now I have done the same for Exchange (which is in the Default Web Site), so I could use OWA (only HTTP, no HTTPS/SSL etc., just to be able to get it working). When I try to connect to it through my internal network, it is running fine, no problems.

However, trying to connect from outside always gives me the same error. I type in "http://myexchange.mydomain.com/exchange/username" (exactly the same URL as on my local network), an authentication-popup appears. After filling in my credentials the browser clears, then the vertical bar appears, which separates the boxes on the left side from whats in the boxes on the right. Then for about 15 secs. the browser says "connecting to site MyIP". Then it displays the message "The page cannot be displayed" I tried all kind of solutions I found on the Internet, playing with Anonymous/Basic authentication, nothing.

When I leave out the Web publising Rule, and set IIS to listen on port 80 again, I can access OWA also from external. But of course I don't wan't IIS to listen on port 80!!!

Any clues ??
vanmilpAsked:
Who is Participating?
 
SKULLS_HawkConnect With a Mentor Commented:
DNS is possible, but unlikely since it works internally.  Strange that you need to put password in twice but is it Netscape both internally and externally?  Might be a netscape peculirarity.

The other reason I'm less inclined to think it is DNS, is that you get a partial window, first and it seems to find the site. I think if it was DNS related, you would get page not found from the start.  Difficult to say for sure though.

0
 
SKULLS_HawkCommented:
Can you not set a forward in ISA that points to the exchange site? (don't think so)

http://www.kbalertz.com/kb_325097.aspx  This sounds like your problem.

0
 
SKULLS_HawkCommented:
Sorry forgot to post this link.  Discuss's configuring ISA for OWA.

http://support.microsoft.com/default.aspx?scid=kb;en-us;290113
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
vanmilpAuthor Commented:
All these links use port 80 on IIS to access Echange-web (with SocketPooling disabled), but I don't want to use port 80, I want to use a different port, say 8085. I think the main problem is in the fact that Exchange virtual. dirs. are placed in the Default Web Site. When I can place them in a different Web-site, I think the problem could be solved. Is that possible, and if so, how do I do it?
0
 
SKULLS_HawkCommented:
Hi there,

Well in internet services manager you can change the default path of the web site?  That might work. If you open IIS manager, and then right click on the default web site (or which ever is your exchange) you can specify the port you would like it to be on.  IE 8085.

Don't forget when testing to add the :8085 to the end of the address.

ISA may cause an issue with this so using the above articles confirm that ISA is configured to understart 8085.

Otherwise see if you can set up a redirect within ISA that listens on port 8085 but forwards to port 80.
0
 
vanmilpAuthor Commented:
Skulls_hawk, that's just what I am doing, and that's also the problem (specifying another port than 80 on the Default Web Site). When using port 80, no problem. However, when using a different port, I can't get connected from external, whether I specify the port # or not. Internal is no problem, I can connect without problems, as long as I don't add a port #. As told before, when connecting from external, I get the vertical division-bar from OWA, then on both sides "The page cannot be displayed".
I must add to this that, in order to get it working on the internal net, I had to add 2 forwarders in DNS pointing to my mail-site, but I don't think this can be a reason for the problem.
0
 
SKULLS_HawkCommented:
Interestingly enough, I had a client that wanted to use OWA, so I talked him through various settings on the firewall to set the public port to something other than 8081.  On his site even if on port 80 you couldn't specify a port.  OWA seems to be very fussy about that.

We have another client, where the internal port is still on 80 but the external on something else.  The router does a port forward and that works.

I remember seeing an article yesterday that was similar to your problem.  Let me see if I can find it.

Sorry for the misunderstanding, it seems I'm not reading properly at the moment, must be old age. :-)
0
 
SKULLS_HawkCommented:
http://www.kbalertz.com/kb_325097.aspx

Not sure if your setup things ISA is a front end server or if  this is similar to yours, but it may be a problem.

http://www.mcse.ms/archive73-2004-3-446442.html

This has info and help on Moving/recreating the OWA virtual dir.  
0
 
vanmilpAuthor Commented:
Tried all suggestion, still no luck.

AdamDrayer, I could only access the first part on BrainBuzz.com, even after registrering. Do you have the full article ?

I also noticed that, when accessing OWA from inside the LAN, I have to type in name/password twice, but when trying to access it from outside only once, so could it be an authentication-problem ??
0
 
SKULLS_HawkCommented:
So when you access from outside you actually get a username prompt?  if so then it sounds like the server is responding to requests.  Hmmmm... Have you tried several usernames?  Authentication problems normally generate their own errors, but if you are getting a login request, then possibly it is a minor port issue?
0
 
vanmilpAuthor Commented:
Yes, after logging-in (once) I even get the vertical split-bar which should appear between the folders (Inbox, Send etc.) on the left and their content (Messages etc.) on the right, however, it's only a thin vertical line, not the line you see when everything is working well (which is wider). Then, after about 10/15 seconds I get the "The page cannot be displayed" on both sides of the vertical split-bar.

I tried creating a new website with Exchange-folders in it as stated in the MS-article (recreating OWA virtual dir), but no luck. But, as soon as I set the default web-site port to 80, and do not use a web-publishing-rule and destination-set, OWA is running fine. So it looks like either OWA can't run on a port different than 80, or credentials are not forwarded ??
0
 
SKULLS_HawkCommented:
I've seen articles describing how to change the default port in IIS, so exchange must be able to run on another.  It does sound like there is an issue with rules in ISA possibly.

Is there any way you can disable ISA, and test that way?  IE eliminate ISA as a cause.  
0
 
vanmilpAuthor Commented:
I can't disable ISA, because then the port-mapping and web-publishing rules wouldn't work anymore.

I saw that, when trying to connect over a slow line, after logging in (DomainName\UserName and Password), the statusbar on the bottom of IE says:
Opening page: http://MyExchangeSite:AssignedPortNr/Exchange/MyName/Inbox/?Cmd=contents. . .

It looks as if IE can see the directory-structure, but can't proceed loading. Can this have anything to do with the fact that my server is a FAT-32 instead of NTFS (don't think so)?
0
 
SKULLS_HawkCommented:
I guess it's possible.  Any particular reason you are on Fat32?  Strange problem, it seems to be a performance issue of some kind then.  Possibly ISA is taking to long to route requests, or is not allowing portions of data through.  I doubt it is related to Fat32, although from a security point of view you definately want to convert it to NTFS.

The only thing I can suggest, and without really seeing this server it's difficult, but you need to eliminate ISA as a cause of this problem.  The only way I can think of is to disable it, but that would mean reconfiguring your net access etc which is a nightmare.

The other way possibly is to make sure access through the ISA is unrestricted.  Obviously which ever route you can manage (if possible) it is only temporary to eliminate ISA from the equation.  ISA is more a suspect than Exchange since OWA works internally.
0
 
vanmilpAuthor Commented:
Can it have anything to do with DNS? I had to add Hosts in DNS for my websites, because they couldn't be access from inside the LAN, and I did the same for the Exchange Virtual Directory.
Strange thing is that, when I leave the OWA-site in DNS, with Netscape I have to put in my password twice (on local LAN), but when accessing it from external I only have to put it in once.
0
 
vanmilpAuthor Commented:
Well, I succeeded partially.

I got it working on a new virtual website, so the default website can be used for other things. However, also this new virtual website will only work on port 80!! As long as I use port 80, I can access without problems. As soon as I use a different port (in both the website as the web-publishing rule), the browser says: connecting to site <MyIPAddress>.

So the browser does resolve the name, and I can login (on port 80) through ISA, but only on port 80. Could this be a flaw in Exchange where Exchange will only allow port 80 for OWA ??
0
All Courses

From novice to tech pro — start learning today.