CHILINVLN
asked on
OWA was working, just suddenly stopped
It has been working fine for months and it just now suddenly stopped. We are running Exchange 2003 on a Windows Server 2003. I already checked out to make sure OWA was running in ESM and it is. Nothing in the event logs are giving me a clue. Since I noticed this at 5am, I went ahead and did a reboot on the server since I was running out of options knowing that would probably do it.
Well, to my surprise, the reboot did nothing to help. The syntax for the link is correct (considering it's always worked before).
https://emailserver.mydomain.org
Any advice on what to check or how to fix this?
Well, to my surprise, the reboot did nothing to help. The syntax for the link is correct (considering it's always worked before).
https://emailserver.mydomain.org
Any advice on what to check or how to fix this?
What errors do you recieve when trying to connect to the OWA site or what happens when you access the link above? Do the issues occur internally and externally?
ASKER
Very quickly Internet Explorer will give you a "Page cannot be displayed", and yes, the problem is both internal and external. (Sorry, forgot to mention that)
Try turning off "Show friendly HTTP errors" under the IE Tools > Options > Advanced tab and then try to connect to the OWA site again and let us know what errors you see.
ASKER
I turned that off and I still get the same exact error page, no difference...
What's the full message. If there is nothing else and no errors in the event logs etc then I'm not sure what to look at. Normally you'll get some more information that is a little descriptive such as a HTTP error and code. Can you see anything like that?
ASKER
This is the full message... (and yes, Show Friendly HTTP errors" is NOT checked.
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Please try the following:
Click the Refresh button, or try again later.
If you typed the page address in the Address bar, make sure that it is spelled correctly.
To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP).
See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting).
Click the Tools menu, and then click Internet Options.
On the Connections tab, click LAN Settings.
Select Automatically detect settings, and then click OK.
Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed.
If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
Click the Back button to try another link.
Cannot find server or DNS Error
Internet Explorer
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
--------------------------
Please try the following:
Click the Refresh button, or try again later.
If you typed the page address in the Address bar, make sure that it is spelled correctly.
To check your connection settings, click the Tools menu, and then click Internet Options. On the Connections tab, click Settings. The settings should match those provided by your local area network (LAN) administrator or Internet service provider (ISP).
See if your Internet connection settings are being detected. You can set Microsoft Windows to examine your network and automatically discover network connection settings (if your network administrator has enabled this setting).
Click the Tools menu, and then click Internet Options.
On the Connections tab, click LAN Settings.
Select Automatically detect settings, and then click OK.
Some sites require 128-bit connection security. Click the Help menu and then click About Internet Explorer to determine what strength security you have installed.
If you are trying to reach a secure site, make sure your Security settings can support it. Click the Tools menu, and then click Internet Options. On the Advanced tab, scroll to the Security section and check settings for SSL 2.0, SSL 3.0, TLS 1.0, PCT 1.0.
Click the Back button to try another link.
Cannot find server or DNS Error
Internet Explorer
ASKER
I did just get word its affecting the users who access email on their BlackBerry phones, so, that does clue me in that its something affecting POP3 as well.
Mmm. Is this a single server setup with the mailboxes being hosted on this server or is there a front end/back end setup?
ASKER
Yes, this is a single server setup for email.
Actually, I just found this one in the event logs, and I think it's related to this:
Source = MSExhangeTransport
Event ID = 7004
This is an SMTP protocol error log for virtual server ID 1, connection #41. The remote host "my IP address here", responded to the SMTP command "xexch50" with "504 need to authenticate first". The full command sent was "XEXCH50 1020 2". This will probably cause the connection to fail.
Actually, I just found this one in the event logs, and I think it's related to this:
Source = MSExhangeTransport
Event ID = 7004
This is an SMTP protocol error log for virtual server ID 1, connection #41. The remote host "my IP address here", responded to the SMTP command "xexch50" with "504 need to authenticate first". The full command sent was "XEXCH50 1020 2". This will probably cause the connection to fail.
I would take a look at this article for the SMTP error - http://support.microsoft.com/default.aspx?scid=kb;en-us;843106.
I am guessing that you ruled out basic issues such as DNS by attempting to connect via the IP address etc.
I am guessing that you ruled out basic issues such as DNS by attempting to connect via the IP address etc.
ASKER
Well, I tried to test it by IP, and I think I was doing it wrong. In most cases, comapnies have it setup like https://www.domain.com/exchange so you could easily do https://IPADDRESS/exchange
Since mine is https://servername.domainname.org how would I do it?
Since mine is https://servername.domainname.org how would I do it?
ASKER
I just worked through that resolution from Microsoft and what they said to make sure was checked off, is. I'm more stumped that this problem happened overnight. No software changes took place. I just can't understand why it would work before I go to bed, and be broken when i wake up.
ok, first off, blackberry does not use pop3.
now, i see you have a single exchange server, is that correct?
https://servername.domainname.org would the name you use to connect to the server externally.
internally, you should be able to test by going to http://mailservername/exchange (no s!)
what does get you?
have you tried going to the console of the exchange server, opening iis, right clicking on the Exchange virtual directory, and clicking browse.
What do you get then?
If you try this and it fails, open your IIS log files and have a look in the most recent log file at the bottom. What information do you have there?
Try right clicking on the default web site in IIS and selecting browse. Do you get the under construction page?
Kris.
now, i see you have a single exchange server, is that correct?
https://servername.domainname.org would the name you use to connect to the server externally.
internally, you should be able to test by going to http://mailservername/exchange (no s!)
what does get you?
have you tried going to the console of the exchange server, opening iis, right clicking on the Exchange virtual directory, and clicking browse.
What do you get then?
If you try this and it fails, open your IIS log files and have a look in the most recent log file at the bottom. What information do you have there?
Try right clicking on the default web site in IIS and selecting browse. Do you get the under construction page?
Kris.
ASKER
If I do this:
http://PrivateIPofEmailServer/exchange I get,
Bad Request (Invalid Hostname)
If I do this:
http://servername.domain.org/exchange I get,
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
If I do this:
https://servername.domain.org/exchange I get,
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
If I try to browse the Exchange Server Directory, I get:
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Where do I find the IIS logs? Everything in OWA says running...
http://PrivateIPofEmailServer/exchange I get,
Bad Request (Invalid Hostname)
If I do this:
http://servername.domain.org/exchange I get,
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
If I do this:
https://servername.domain.org/exchange I get,
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
If I try to browse the Exchange Server Directory, I get:
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Where do I find the IIS logs? Everything in OWA says running...
start, run, logfiles is one way to get to them, if the default logging path hasn't been changed.
what happens if you click on the default web site and click browse?
kris.
what happens if you click on the default web site and click browse?
kris.
right click
ASKER
If I right click and select browse, it says...
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Please try the following:
Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
The page must be viewed over a secure channel
The page you are trying to access is secured with Secure Sockets Layer (SSL).
--------------------------
Please try the following:
Type https:// at the beginning of the address you are attempting to reach and press ENTER.
HTTP Error 403.4 - Forbidden: SSL is required to view this resource.
Internet Information Services (IIS)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No, it's not anything related to the other question. COMPLETELY different server on a completely different network and subnet.
The certificate date is valid, until 2014, I checked that earlier.
No other websites are running on this server
Host headers?? How can I tell?
Recommend process to turn off SSL and test that?? Explain. :)
The certificate date is valid, until 2014, I checked that earlier.
No other websites are running on this server
Host headers?? How can I tell?
Recommend process to turn off SSL and test that?? Explain. :)
<sigh>
you might want to go ahead and pony up for a call to microsoft.
if you don't want to do that here's some free reading: http://www.microsoft.com/technet/prodtechnol/exchange/2000/support/troubowa.mspx
kris.
you might want to go ahead and pony up for a call to microsoft.
if you don't want to do that here's some free reading: http://www.microsoft.com/technet/prodtechnol/exchange/2000/support/troubowa.mspx
kris.
ASKER
Go figure, the Certificate expired at midnight. I had to get a new one, re-install it, restart IIS and make sure everything was good. After checking every setting imagineable it turns out it wasn't nearly as major as we all thought.
ok, so the dates weren't valid on the cert?
that's the main reason for unchecking ssl, ruling out cert issues.
kris.
that's the main reason for unchecking ssl, ruling out cert issues.
kris.
ASKER
I emailed you kris... check lycos.
In the IIS Admin MSC can you right click and browse Exchange Admin virtual directory or do you get the same error. Try creating a new web site and then an Exchange1 virtual directory with the default settings and try and browse that by using from the Exchange server and for the path use
\\.\BackOfficeStorage\doma inname\MBX
in browser use //127.0.0.1/exchange1
or you can
Change the Exchange virtual directory's security to basic and windows integrated only then restart the default website and try.
If it works SSL then Kerberos, Networking or certificate are most likely the root cause.
If not then use netmon utility on the Exchange server and filter it out to HTTP which is plain text readable
\\.\BackOfficeStorage\doma
in browser use //127.0.0.1/exchange1
or you can
Change the Exchange virtual directory's security to basic and windows integrated only then restart the default website and try.
If it works SSL then Kerberos, Networking or certificate are most likely the root cause.
If not then use netmon utility on the Exchange server and filter it out to HTTP which is plain text readable
ASKER
R-Yanin - Did you even read this entire thread before posting that??? I just explained what the problem was and what was done to correct it myself...
Hi,
I am going to face the same problem as certificate has to expire after 12 days. I renewed the certificate and import to IIS but when i try to connect client. It gives the same error page cannot be displayed. I believe I am missing a step. I am using internal certificate. I am also using RPC over HTTPS for remote clients and its going to be a big task for me to install a new certificate on all remote clients. Is there any shortest way to do that. What are the steps for renewal of certificates and then what is required on client side. Is there anyway, to continue with the existing certificate and client just get a message to update the certificate.
Regards,
I am going to face the same problem as certificate has to expire after 12 days. I renewed the certificate and import to IIS but when i try to connect client. It gives the same error page cannot be displayed. I believe I am missing a step. I am using internal certificate. I am also using RPC over HTTPS for remote clients and its going to be a big task for me to install a new certificate on all remote clients. Is there any shortest way to do that. What are the steps for renewal of certificates and then what is required on client side. Is there anyway, to continue with the existing certificate and client just get a message to update the certificate.
Regards,