[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 644
  • Last Modified:

OWA login Problem "The page cannot be displayed" Not getting a log in screen



When I try typing in the url to my company's Outlook Web Access I am getting "The page cannot be displayed".  I am not getting the login screen or anything. I can get into OWA internally no problem. I have Exchange 5.5 running on Windows 2000 server. It is behind an ISA firewall. OWA has been running fine for months and just recently stopped working. We have not recently made any changes to Exchange or my firewall that I know of.

I am not sure but I am guessing it could have something to do with the ISA server. I have tried restarting both the Exchange and ISA servers.

I am not really a network admin... I am a developer at a small company and our network guy left... Making me the temporary network administrator.

So I might need more explaining for things that might seem simple (for an actual network admin) to do.

TIA

Geof
0
slowjoe34
Asked:
slowjoe34
  • 6
  • 6
1 Solution
 
drnacboozwayCommented:
What version of ISA FW are you using? And are you using ISA to Proxy OWA?

If you are using ISA to Proxy try disabling IIS. This will confilt with ISA port 80. Also check the IIS on the exchange server. Go to the Exchange directory under Default website for IIS, right click and properties. Click on the Directory Securtiy tab, and then click the edit IP address and domain name restrictions: you should have granted access selected there.

Try to telnet from the internet on port 80 or 443, and post the respons.
0
 
slowjoe34Author Commented:

OK...  I figured I'd give you my disclaimer again that I am not a network guy. I'm temporarily forced into it being the ONLY IT guy at  my company currently. And I have some questions on some of the things you asked about...

1.) <<< What version of ISA FW are you using >>>
- I am running ISA server 2000 .   And I am actually running Exchange Server 2000 v6.0  (I said 5.5 by mistake)

2.) <<< And are you using ISA to Proxy OWA? >>>
-  I don't know how everything is setup... Where would I go to see if it is setup to proxy OWA ?

3.) <<< Also check the IIS on the exchange server. Go to the Exchange directory under Default website for IIS, right click and properties. Click on the Directory Securtiy tab, and then click the edit IP address and domain name restrictions: you should have granted access selected there. >>>
- I checked this out and "granted access" was selected

4.) <<< Try to telnet from the internet on port 80 or 443, and post the respons. >>>
- I have never done this. I looked up directions real quick and it looks easy enough but I am a little confused about what your suggesting. Do you want me to telnet to the Exchange server or ISA server? And do I have to do it from an outside internet connection or can I do it from within the LAN? I am guessing that you want me to Telnet from an outside internet account to the exchange server. Once I am in, are there any specific commands you want me to execute, or are you just trying to see if I can make the connection ?

Sorry, I know this is probably basic stuff for you... It's all new to me.

0
 
drnacboozwayCommented:
Let try this,

first, Go to dnsstuff.com -> toward the bottom of the page goto e-mail test, and enter the mail record of your domain (ex. mail.domainname.com) This is just to check that the mail record still exists.

Then from outside the network open command prompt on the your computer, (start -> run -> cmd -> [enter]). In the command promt type telent "ip address or mail record" 25. (in the last email i said port 80 and 443, that was my mistake smtp runs on port 25). An example of the command will look like 'telnet mail.domainname.com 25'.

I am more intrested in seeing what the reponse is than entering any command
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
drnacboozwayCommented:
btw your server may not be mail, to find out what it is go to dnsstuff.com and enter you domain name under 'dns lookup' at the upper right corner. Set the type to mx and click on 'lookup'.
0
 
slowjoe34Author Commented:
1.) <<< first, Go to dnsstuff.com -> toward the bottom of the page goto e-mail test, and enter the mail record of your domain (ex. mail.domainname.com) This is just to check that the mail record still exists. >>>
- Response was  "Getting MX record for mail.drexelinc.com... Got it!"


2.) <<< Then from outside the network open command prompt on the your computer, (start -> run -> cmd -> [enter]). In the command promt type telent "ip address or mail record" 25. (in the last email i said port 80 and 443, that was my mistake smtp runs on port 25). An example of the command will look like 'telnet mail.domainname.com 25'.  >>>
- I typed in "telnet mail.drexelinc.com 25"
The response was 220 exchange.NetworkDomain.medstaffinc.com - ready at Tue, 19 Apr 2005 10:04:37 - 0400
The cursor blinked for a little bit. then I got a "Connection to host lost. "  Message

FYI
Medstaffinc.com and Drexelinc.com we're two companys owned by the same person. My owner sold Medstaffinc.com last October.
My companys's domain is really drexelinc.com  We shared a network and resources with medstaffinc.com when we we're owned by the same person.
OWA has been working fine until about a week ago. I used mail.drexelinc.com for the test
0
 
drnacboozwayCommented:
OK, 1st let me appoligise for giving you the wrong port. Its not port 25, I was right the 1st time, its port 80 for http and 443 for https. I went ahead and did the telnet  on port 80 and 443 so you wont have to. here are the responses.


telnet mail.drexelinc.com 80
Connecting To mail.drexelinc.com...Could not open connection to the host, on por
t 80: Connect failed

>telnet mail.drexelinc.com 443
Connecting To mail.drexelinc.com...Could not open connection to the host, on por
t 443: Connect failed

So here is what I see happening, the firewall is allowing SMTP (port 25) through the FW, Port 80 or 443 are not open on the FW and not allowed in.

NOTE: If you access OWA over https://mail.drexelinc.com then the FW should have port 443 open. If you access OWA over http://mail.drexelinc.com then the FW should have port 80 open

Here's a link on how to publish OWA
http://support.microsoft.com/default.aspx?scid=kb;en-us;290113


This is a link on how to allow prot 80 or 443 through the FW
http://support.microsoft.com/?kbid=295667


For more security it is best to publish OWA.
0
 
slowjoe34Author Commented:


Thanks for the reply.
I will give this a try tomorrow and report back how everything goes.
Thanks
0
 
slowjoe34Author Commented:

Update.

I went through both support articles and it appears that it is configured properly.
I went throught the articles and checked the settings. I do believe you are correct that it is a firewall issue. I'll go through the settings one more time to see if I missed something.

OWA was setup and working correctly for months before it stopped working. I have not changed any settings on the firewall recently.

There are a few other things I might need to look into. Before our network admin left he was working on setting up a VPN with one of our outside offices. He was going to set up another ISA server at the remote office and do a VPN to our ISA at the main office. I am not sure how far he got, but this is the ONLY project that we were working on the last couple of months that would require any ISA interaction/configuration with the ISA server. What I am trying to figure out is why OWA was working fine one day then all of the sudden stopped working. It works fine internally using http:\\exchange\exchange so that means OWA is working. Just not through the firewall.

Also, I did notice a problem on the ISA server. There was a rogue antivirus process that was hogging 99% of the cpu on the ISA server. Innoculate inotask.exe had some bug with day lights saving time. I downloaded a patch and it fixed that problem. I was hoping that the process was just hogging up the resources and the server was too busy to connect to OWA, but that does not seem to be the case.

I'll recheck the settings one more time and see where that leads.

Also, thanks for your help again.

I'll report back anything I find out.






0
 
drnacboozwayCommented:
Well I dont know if it was the INOTASK.EXE process or not, but I am able to get to http://mail.drexelinc.com/exchange from outsite. :) No I did not even try to login... Just wanted to make sure it works. :D

I know that I want able to yesterday. It looks like you have the exchange running on port 80 (http) so you should beable to get to OWA using this url http://mail.drexelinc.com/exchange from outside the network. This will not work from inside.

I greatly recommend that you secure your server using https (port 443). And if the ISA server is just passing the web traffic to the exchange server, I would recommend seting up the exchage to Publish OWA.

Glad to help
0
 
slowjoe34Author Commented:


Now I am really confused.
I did not even know it was back up !!!   Thanks for your help...

I am not sure what got it back up. That's going to bug me. I tested it after I fixed the INOTASK.exe problem and it still was not working.  I did restart the ISA server later in the day. I don't remember if I checked Web Outlook after the restart. I did go through all the settings like the 2 articles said but I did not have to change any settings, they we're already setup correctly. I can actually log into OWA from within the network using  http://mail.drexelinc.com/exchange   or    http://exchange/exchange .

I'll have to find out more about https port 443.     How does this make things more secure? Are there any drawbacks ?

I think we are set up for ISA to publish OWA.
we are set up like this article you posted here suggests   http://support.microsoft.com/default.aspx?scid=kb;en-us;290113

Thanks Again for your help.   Since I am not sure what the solution was I am going to try to do the assissted answer to your post with the documentation and my post with the INOTASK.exe.  But give you all the points...

I think this is the first time I posted a question on the website. I can usually find my answer by searching the archives. So I don't really know how this points stuff works. But I want to make sure you get the points for all your help. Especially walking me through everything.

Thanks.






0
 
slowjoe34Author Commented:


I was not sure how to give an "assisted answer"  to you and to myself and give you all the points,  so I just accepted your post with the OWA articles as the accepted answer.
It was definently a firewall problem, like you said.

Thanks again
0
 
drnacboozwayCommented:
Anytime, Just to follow up with the 443 https question.

Https runs on port 443 and is 128bit encrypted, (Depending on the ssl certificat. it can be from 40bit to 256). Standard http is not encrypted and can be hacked or sniffed.

Your best bet to get a secure strong ssl certificate is at www.verisign.com and there are other sites for cheaper ssl certificates like www.freessl.com
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now