Users are not able to access OWA from external sites

Posted on 2006-05-19
Last Modified: 2011-09-20
Our users are not able to access their mail via OWA when connecting from an external site. Internally everything works ok. We have a load balancer and 2 front end servers. We checked the NATing and everything seeems to be ok. When the users connect from an external address, it seems that it is connecting because they see the unsecure (HTTP:// )address changing to a secure one( HTTPS:// )but as soon as it's changing to HTTPS:// the users receive a "page cannot be displayed" message. The SSL 443 port is enabled on the firewall.
Question by:smoga1968
    LVL 19

    Expert Comment

    Yes, it is connecting on port 80, then being redirected to 443. It sounds very much like the port is not correctly forwarded to your owa server. Can you get a connection by using telnet hostname 443 from the outside? If you can, then it's probably an exchange config error. If you can't, have another look at your firewall/router.
    LVL 2

    Expert Comment

    Can you connect by typing in the external URL (e.g. instead of http://exchange_server/exchange from within your network?

    Author Comment

    I found what the issue is. It was a bad certificate mising a private key on one of the OWA servers.

    Here is the Microsoft article about it:

    You receive a "Page cannot be displayed" error message when you try to access a site by using HTTPS
    View products that this article applies to.
    Article ID : 824035
    Last Review : November 24, 2005
    Revision : 1.1
    When you try to access a site that is hosted in Microsoft Internet Information Services (IIS) and that is configured to use Secure Sockets Layer (SSL) by using the HTTPS protocol, you may receive the following error message:
    Page cannot be displayed
    The following error message is logged in the Web server event logs:
    Event Type: Error
    Event Source: Schannel
    Event Category: None
    Event ID: 36869
    Date: 12/18/2000
    Time: 9:12:46 AM
    User: N/A
    Computer: <ServerName>
    Description: The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.
     Back to the top

    This problem occurs because the Web site has been bound to a certificate that does not have a matching private key. If you try to export this certificate from the Certificates Microsoft Management Console (MMC), you do not have the option to export the private key. When you try to export the certificate, you receive the following warning message:
    #You DON'T have a private key that corresponds to this certificate.
    To troubleshoot SSL issues, use the new SSL Diagnostics tool. For more information, visit the following Microsoft Web site: (
     Back to the top

    To resolve the problem, create a new certificate with a private key. To do this, follow these steps:1. Remove the current certificate that does not have a private key. For more information about how to remove the current certificate, click the following article number to view the article in the Microsoft Knowledge Base:
    232167 ( How to remove a server certificate from an Internet Information Services 5.0 Web site  
    2. Obtain and install the new certificate with private key. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    290625 ( How to configure SSL in a Windows 2000 IIS 5.0 test environment by using Certificate Server 2.0  
    LVL 1

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now