• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2424
  • Last Modified:

Why are we unable to open PDF attachments using OWA?

I setup redirection from http to https; started using Forms Based Authentication (set to HIGH); and forced our DOMAIN into the mix so users only have to type in username - password not DOMAIN\username - password to access OWA. Now, my users cannot open .PDF attachments without saving them to their desktop firts. All other attachments can open just by clicking on them.

Prior to doing this, *.PDF's opened by clicking on them, as all other attachments do.
0
ckd1191
Asked:
ckd1191
  • 10
  • 10
  • +2
1 Solution
 
SembeeCommented:
If you are on Exchange 2003 SP2, then you don't have to do anything with the default domain/realm as the FBA page already has the required setting. It was an undocumented change in that service pack.

Get hold of the OWA Admin tool from Microsoft. Read the readme carefully - especially the bit about installing it on your workstation, not the server. Check whether PDF is in the lists of restricted extensions.

Simon.
0
 
ckd1191Author Commented:
I have OWA Admin installed on my workstation. .PDF is not a part of the Level 1 or Level 2 File type lists, but great idea!

Also, Allow All Attachments (Default) (pending file type filter) is selected.

Any other suggestions?
0
 
ckd1191Author Commented:
Some other bits of information;

First: The users are NOT getting a dialog box stating they need to save the file to their local drive. The PDF attachments look as though they are going to open, the % bar gradually goes to 100%, page says DONE (bottom left of browser) at that point in time, but there is only a blank screen.

The 'save attachment to local drive' is my workaround for my users until I can figure out what the issue is.

Second: When on a machine inside the domain (authenticated), we can open any PDF attachment from OWA. This anomaly occurs ONLY when outside our network.

Sounds like a permissions issue to me; but I can't seem to find WHERE that setting is and WHY it only happens on PDF files.

0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
SembeeCommented:
If you take a machine that works internally, and take it externally, does it continue to work?

Authentication on the Exchange virtual folders is very simple...

/exchange: integrated and basic only
/exadmin: integrated and basic only
/exchweb: anonymous only
/public: integrated and basic only

Presuming that you are using SSL of course.

Simon.
0
 
ckd1191Author Commented:
I took the machine that works internally, out of the network, and the .PDF's fail to load.

I am using SSL, and the permissions appear to be set properly.
0
 
SembeeCommented:
Does OWA go through any type of firewall?

Simon.
0
 
ckd1191Author Commented:
Yes. The same firewall it went through prior to SSL ...and everything opened then.

Is there a specific port associated with opening a .PDF that differs when opening any other attachment?
0
 
SembeeCommented:
Nope. No additional ports are required. 80/443 only. The reason I asked about the firewall is that some of them have scanning features which maybe causing the problem.

As it works internally and not externally, plus it appears to download the attachment, I don't think it is an authentication issue. It sounds like something is interfering with the traffic.

Simon.
0
 
ckd1191Author Commented:
Since all attachments opened properly PRIOR to implementing SSL (& redirection from http to https, etc.) could the issue be IIS or browser related?

I mean, IIS is where MOST of the changes I made took place. The firewall is allowing the same traffic as before because I set it up originally in preparation for the change to SSL. It does appear that the file is opening, and all the settings in OWA Admin are correct.
0
 
SembeeCommented:
I am unable to replicate this issue.
I have an OWA fully patched, with SSL and can open PDF files quite happily.

What I don't do is any attempt to redirect SSL, or force SSL on the users. I simply don't open port 80 on the firewall.

Simon.
0
 
ckd1191Author Commented:
Well, my users are used to hitting an http (port 80) site ...for years actually. My redirection is done soley so I don't have to retrain old user habits.

After all I am in the customer service (IT) industry, so I need to make any changes as seamless as possible to my users.

Do you think it is the redirection that is causing the issue? Why then do all other 'allowed attachments' open without incident?
0
 
SembeeCommented:
I have no idea whether the redirection is causing the problem or not.
All I can tell you is that it works fine on the site I used to test. I cannot change that production environment to confirm if it is the redirection that is causing the problem. As that is the one of the differences, then it has to be something that is looked at.

While I agree that we are in a customer service environment, my first loyalty has to be to the security of the network. Allowing port 80 to be open to the world on production level kit is asking for problems. It is amazing how quickly users get used to something when it is changed and they get fed up with making the manual change.
Furthermore, if you decide to deploy OMA/EAS on Exchange 2003, you have to remove the requirement for SSL from /exchange virtual directory as it isn't supported. OMA/EAS makes an internal call on port 80 and having the requirement on (which is how you get the redirect to fire) breaks that feature.

Where there has been a howl from the users about having to put in https, I usually end up putting a redirect file on the public website, so that they can type www.domain.com/mail and it actually takes them to https://mail.domain.com 

Simon.
0
 
SembeeCommented:
This has now been raised on a closed list for Exchange MVPs, and it appears to be more widespread.

Apparently it works fine with Internet Explorer 7 and also works find if you go back to Acrobat 6. The issue seems to be Acrobat 7, but it is unclear what exactly.

It would explain why I cannot replicate, as I have the full version of Acrobat 6.0 on my workstation.

Simon.
0
 
ckd1191Author Commented:
Thanks for the update!

I may not belong on an closed Exchange MVP list, but I do know Exchange pretty well (I believe) and this one REALLY had me stumped.

I'd be interested in hearing the resolution, if Adobe ever releases it...

But....why can I open the PDF's INSIDE my domain and not outside it?
0
 
SembeeCommented:
Unfortunately I am on NDA. I have to wait to see if anything is found, and then for permission to publish (or Microsoft to publish it and then I can tell you where it is). Hands are tied at the moment.

Simon.
0
 
ckd1191Author Commented:
Fair enough.
0
 
SembeeCommented:
I can throw you a small bone.

The indication is that it has something to do with this KB article.
http://support.microsoft.com/default.aspx?kbid=903146

However the KB article is due to be revised and applies to Exchange 2003 SP1. If you have anything that can watch URLs, you might want to keep an eye on that one for changes.
Don't bother call for the hotfix as it isn't quite right.

That is about all I can say at the moment.

Simon.
0
 
ckd1191Author Commented:
Cool, I'll be watching the KB for changes!

Thanks for the bone...

Say, since you're on a closed Exchange MVP list, do you know anything about Exchange 2007?
0
 
SembeeCommented:
I know lots about Exchange 2007 - been using it for since last year. Heavy NDA I am afraid, so can't say much more.

Simon.
0
 
timbone101Commented:
Did either of you ever find a solution to this problem, other than downloading the attachemnts to the local hard drive?  I have some clients experiencing the same problem, all running SBS 2003 trying to open PDF's.
0
 
ckd1191Author Commented:
I have not seen a solution yet. I keep checking the KB mentioned (903146), but it hasn't changed yet.
0
 
madmacs2006Commented:
We have been having the same issue here as well. It seems to work fine after it loads in and you simply refresh the screen or click on the go button in IE. A little extra step but seems to work fine.
0
 
CetusMODCommented:
PAQed with points refunded (125)

CetusMOD
Community Support Moderator
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 10
  • 10
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now