[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

OWA 2003 Not working Externally

Posted on 2005-04-08
14
Medium Priority
?
669 Views
Last Modified: 2010-08-05
Hi All.
We are currently experiencing an issue accessing OWA Externally. The server
is running Win2k3SBS.It can be accessed using https:// but not using
http://. Can you please advise? The routes are set up in the firewall for
port 80,443 etc. Internally,OWA works fine on port 80. Any help would be much appreciated.
Exchange has been Service Packed/Updated, router is running latest firmware, .NET 1.1 is installed and yet still unable to access externally via http://External IP/Exchange only HTTPS.

Thanks in advance,

Paul
0
Comment
Question by:exedos
  • 4
  • 3
  • 2
  • +4
14 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 13734765
You only need port 443 open to OWA if you are running SSL.

Internally, can it be accessed by https://servername/exchange (you may get some security warnings, but these can be ignored for this test).

If so, you need to look at your firewall configuration.

Simon.
0
 

Author Comment

by:exedos
ID: 13734783
Hi Simon,

It can be accessed internally using both http and https.

Firewall has latest firmware applied and port fowards have been re-created.

Seems very bizarre!

Cheers,

Paul

0
 
LVL 3

Expert Comment

by:dvrdn
ID: 13735292
Simon,

My question is, why would you want to access it via http://? I personally would only connect via https://.

Doug
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 104

Expert Comment

by:Sembee
ID: 13735317
If it working internally then it isn't Exchange at fault.

You have to look at your firewall configuration again to see where the problem is. Unless the problem is your ISP blocking the ports!

Simon.
0
 

Author Comment

by:exedos
ID: 13735340
Doug - Just is easier for some of the users to type webmail.domainname/exchange instead of https://webmail.domainname/exchange, may sound simple enough but still causes problems for some! It seems to forward http to https anyhow.

Simon - Have been throught the router backwards, have set a few up using the same equipment and have had no issue until now, unless there is a possible fault with the router I guess or as you said, could be an ISP Issue, point taken about internally working so more than likely isnt exchange. Will contact ISP and update

Thanks
0
 
LVL 4

Expert Comment

by:srose6
ID: 13735699
Remove the check box to require SSL in Exchange and test from outside using external IP address from an External computer. Many times firewalls are not going to allow an internal connection to go out and right back in to an internal server what I call bouncing off the fire wall. Most the time what I will RDP to my home network and test from there or just have my wife check to see if she gets the first main page of the site.

Bottom line is if it works using the internal IP but fails from out side the firewall is the issue. I seriously doubt you are having an ISP issue unless they block the port which is easy to check. Even with a plain consumer DSL line it is not normal to block 443.

I would put a hub inline with the external interface of the firewall, plug in a laptop so you can run netmon to capture the traffic, and capture the traffic getting to the Exchange server while also running a capture on the outside traffic. If you see it coming into the firewall but not getting to the Exchange server then the problem in obvious. You should be able to capture then filter for 443.

If the traffic is making it to the Exchange server go to IIS properties for the Exchange Virtual directory > directory Security > authentication and access control, and leave only Basic Authentication.

0
 
LVL 1

Expert Comment

by:wlandymore
ID: 13736029
you may want to try going to IIS and making sure that the right port is set for HTTP on things like the default settings. Then you can also click on the 'directory security tab' on the properties of the default web site and then edit on the 'secure communications' section to see what the state of 'require secure channel' and '128 bit enryption is'.
It seems like there might be some setting here that is telling OWA that it has to be https or nothing
0
 
LVL 16

Expert Comment

by:robrandon
ID: 13736475
If you want users to be able to go type webmail.domainname.com/exchange without the https, you can change the error code for your 403-4 errors in your winnt\help\iishelp\common folder that redirects them to the appropriate page.  You would need to disable the http access for this to work.  This is what we do and it works great.  Here is a sample file:


<!doctype html public "-//IETF//DTD HTML//EN">
<HTML>

<HEAD>


<meta http-equiv="REFRESH" content="0;
URL=https://outlook.domainname.com/exchange">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">

<title></title>
</head>


<body link="#000000" vlink="#000000" bgcolor="#FFFFFF" text="#000080">

<p align="center"><strong>You will be taken to the web email
system in a few moments. </p>

<p align="center"><font size="-1"><em>If you are not automatically redirected, </em><a
href="https://outlook.domainname.com/exchange"> click here</a></font></strong></p>




<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
</BODY>

</HTML>
0
 
LVL 8

Expert Comment

by:maytrix
ID: 13748736
Here's Microsoft's article for doing the same thing:  http://support.microsoft.com/default.aspx?scid=kb;en-us;555126

Since you already have an SSL cert, there's no reason NOT to use SSL.  While the risks of anything happening due to not using it, it just makes sense to have the most security.
0
 
LVL 4

Expert Comment

by:srose6
ID: 13752475

 OK I don't mean this as sharp as it sounds but most of the above is way off track.
1.  OWA is working internally so we know it and IIS are setup correctly.
2.  The above concerning HTTP redirect is only to allow them to not type in HTTPS because it redirects them to HTTPS. This is no fix for blocked HTTPS port 443 on the firewall it just saves the user some hassle
3.  The cert works because you can get it Internally.

1. In ESM set the Authentication method for Exchange, and Public HTTP virtual servers to basic authentication only, as in clear everything Else.  Integrated does not work outside.
2. Capture the Network traffic coming into the Exchange server when if fails to see if the traffic is even getting to the Exchange server. (most likely not)
3. Fix the Firewall

At the end of the day you will find this to be your Firewall. What does work proves OWA / IIS is not the problem. OWA / IIS does not care if the traffic is internal or external as long as Basic Authintication is enabled.
0
 
LVL 16

Expert Comment

by:robrandon
ID: 13754015
No offense taken.  I was just adding it as a possible solution for the lazy users not wanting to type in https.
0
 
LVL 4

Expert Comment

by:srose6
ID: 13754399
I agree added perks are sweet, I have engineered many OWA solutions, I use Forms based Authentication, SSL redirect, and a Custom log on page with their company logo and colors, and and modify the script on the page to automatically set the default domain because the default domain does not work in Forms based.

That said I need more information from Paul.
What firewall are you using. Some firewalls will modify packets or drop packets even if settings in the GUI "Admin Tools" are set just pass the traffic.
How far does the client get, does he ever see a log on screen or does he get a HTTP 404 page not found. If the user is not getting a 404 error what error do they get.

I just noticed the wording in the Question states OWA only works on HTTS and can not be Accessed using HTTP. I would never sugest anyone setup OWA over the Internet. I have refused to do this for customers. If this is all about the endusers typiing in an S then redirect to SSL and be done with it.

0
 

Author Comment

by:exedos
ID: 13780973
Hi all, thanks very much for all your help. Id totally taken the ADSL modem out of the equasion, but on further investigation, it had a a 'Security section' with a dreaded tick box to 'Block WAN traffic to LAN'. So tick removed, access gained! Thanks for all your suggestions anyhow, much appreciated! Just for reference, the ADSL Modem was a Zywell, HS560 I believe! Cheers, Paul
0
 
LVL 4

Accepted Solution

by:
srose6 earned 750 total points
ID: 13783943
As I said in a previous post
"At the end of the day you will find this to be your Firewall"
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question