?
Solved

Setting up OWA and Security

Posted on 2005-04-01
15
Medium Priority
?
1,005 Views
Last Modified: 2012-05-05
Hello Everyone,
Well the boss has asked that he be able to access his e-mail, public calendar and public contacts from home.
I have been researching for a few hours now about outlook web access. I have seen various concerns about security and setting up so I thought I would ask:

1) What is the safest (not the hardest ;P) way to setup OWA on Exchange Server 2003?

2)I  understand OWA gets installed when exchange is installed, however what steps do I need to do access and functionality?

3)The OWA would be on our server, how would this effect security?

Thanks!
Jason
0
Comment
Question by:JasonWinn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 3
  • 3
15 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 13684652
OWA is installed and enabled by default.

To secure it, purchase an SSL certificate. I usually get mine from RapidSSL. One of their StarterSSL certificates is fine. Make sure that the name on the certificate is the name that you want to use to access it over the Internet. If you already have an external DNS record pointing to the Exchange server - for SMTP delivery/MX records for example, then you can use the same name.

To access it, enter the URL for the server followed by /exchange:

https://mail.domain.com/exchange

Finally on Exchange 2003 I would enable Forms Based Authentication. This adds an additional layer of security providing a cookie based logout and a graphical front end.
Once you have SSL installed, enable FBA through ESM.
Admin Groups, <your admin group>, Servers, <your server>, Protocols, HTTP. Right click on the Default entry and choose Properties. On the second tab you will find the option to enable FBA.

Simon.
0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13684818
Hey Simon,
Currently we do have SSL, good to know that will be sufficient.
I have enabled FBA through ESM like you recommended.

I am having problems connecting at the moment though. Just for now I am typing in the internet ip address, 192.168.1.2/exchange and the SSL Certificate pops up and I said yes.
After this I try to login by:
domain\username
and password

I then recieve a 404 error.

One thing I did notice which is odd, i thought with FBA I would see the graphical front end.

Any idea's?

0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13684824
When I say the graphical front end I mean the first login in screen, instead of getting the outlook login screen it appears to just be a javascript type looking login screen.

Jason
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 3

Author Comment

by:JasonWinn
ID: 13684900
About the errors I am recieving,
if using firefox I recieve a 404 error after trying to login.
on Ie, I recieve:
http Error 401.1 - unauthorized: access is denied due to invalid credentials. IIS
0
 
LVL 4

Expert Comment

by:o0JoeCool0o
ID: 13685269
hmmm make sure the account isnt locked out in AD and that the user and pass are correct, also check the Authentication in the properties of the default site make sure under authentication that Anonymous access is disabled and authentication is set to integrated widnows authentication and basic authentication
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1000 total points
ID: 13685289
Check authentication on the Exchange virtual folders. Use IIS manager to check the following:

/exchange
/exchweb
/exadmin
/public

All should be integrated and basic ONLY.
/exchweb should also have anonymous permissions.

Simon.
0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13712068
Simon I will goa head and reward you the points.

On IIS, where is /exchange, /exchweb /exaadmin and /public located?

0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13712084
JoeCool-
If I disable anonymous login, then everytime someone would want to go to our webiste wouldnt they have to log in to the network just to visit the website?
There must be a way to disable anonymous login on /exchweb without disabling it on the default website right?

Jason
0
 
LVL 4

Expert Comment

by:o0JoeCool0o
ID: 13712295
You are absolutely right, disabling anonymous access will not let anyone external connect, you can set it individually on each site. but exchWeb Must have anonymous access, Im not sure why i said to disable it, I think I read over the question too fast.. my bad.. :)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13712331
The Exchange virtual directories are in IIS Manager - that is where you adjust them.

/exchweb needs to be anonymous as it holds then generic components of OWA. If you are using Forms Based Authentication then this is where the form and the images are held. If you don't have anonymous access to that folder then you will have to authenticate before using that form - which defeats the entire point of it.

Don't worry about it being a security risk, it doesn't hold any of your internal data.

Simon.
0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13712332
No problem joe :P
Where is exchweb located in IIS to give it anoymous access?
0
 
LVL 4

Expert Comment

by:o0JoeCool0o
ID: 13712346
Under the default Site there should be a virtual directory called ExchWeb then you just go to Directory security and click authentication
0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13712410
Very Odd,
I just checked all of the above features,
all are set to integrated and basic authentication.
0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13712538
The fact that i am still not getting the graphic log in screen, would this be a clue to anything?
Also, it does not load if i type in companywebsiteaddress.com/exchange, but it does work if i do 192.168.1.2/exchange
0
 
LVL 3

Author Comment

by:JasonWinn
ID: 13718960
UPDate:
tried going 192.168.1.2/exchange/logon.asp
and it says I am blocked by the administrator.

0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
New style of hardware planning for Microsoft Exchange server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question