Solved

OWA not responding externally

Posted on 2006-11-17
24
741 Views
Last Modified: 2008-01-16
After a bunch of BS around with the mistake of installing GFI web monitor. No that ive removed GFI and undid as much of the troubles i could see everything is working at the moment with the exeception OWA mail.technologyprinting.com/exchange

internally it works

Ive ran the ICEW a few times with error on the firewall section. this is SBS03 premiun with BES4.2
0
Comment
Question by:Tork4840
  • 9
  • 4
  • 3
  • +4
24 Comments
 

Author Comment

by:Tork4840
ID: 17967685
Please move question to SBS group
0
 

Expert Comment

by:agreatround
ID: 17967897
Is your OWA access point on the same box as your SBS/exchange or is it configured as a bridgehead to exchnage?

0
 

Author Comment

by:Tork4840
ID: 17967946
All on the same box
0
 
LVL 3

Accepted Solution

by:
KVR_Solutions earned 500 total points
ID: 17968592
If you go in to IIS and expand the default (usually defualt) website, and right click on the Exchange virtual directory and click browse, you should be able to see OWA. If you can, check the properties of the default web site to see what IP address the host header is listening on. Make sure you resolve the public address of your server (or firewall if there is a NAT on port 80 or 443) from a machine outside of your domain.

You can use www.dnsstuff.com to ping owa.yourcompany.com or whatever your site is (www.yourcompany.com/owa).

Typically if you can browse it internally, but not externally - it's because your server has a public IP and IIS is not set to All Unassigned on the web site properties, or the server has a private IP and the firewall is not NATing the traffic properly.

Ira @ KVR
0
 

Author Comment

by:Tork4840
ID: 17968629
Is that not what the rule SBS Windows SharePoint Services Web Publishing Rule is suppose to due? Im guessthere would have to be a DNS entry to resolve it to an internal address. Ive added a dns entry could somone test it for me I do not have access to a externall internet source.

mail.technologyprinting.com/exchange

69.15.48.198
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17968674
Ok, first of all you can use www.dnsstuff.com to test from an external internet source. There are several text boxes available.

I just tested a ping to mail.technologyprinting.com and it resolved to 69.15.48.198. It appears that your DNS is correct. Additionally, I was able to get a reply on that address.

I think your problem is in IIS as I described, or there is a problem with your firewall.
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17968688
I noticed that you have RDP enabled. If you want to create a temporary account for me, I'll locate the problem and explain it to you.
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17968748
You'll have to add this user to the Remote Desktop Users group. If you want to bypass this, just make them a Domain Admin for the time being. You can delete the account when we're done.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17969308
The problem, as I see it, is that port 443 is either being used by something else or it's not open and pointed to your server... if you're getting an error when running the CEICW you need to look in the logs and see what that error is and correct it!

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17969311
The log is at C:\Program Files\Microsoft Windows Small Business Server\Support\icwlog.txt

Jeff
TechSoEasy
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17969379
Lol, I didn't expect him to post it for the world to see. I immediately spoke with him (voice) and had the password reset. No offense taken! I agree 100%. ;)

I'll post the results of this answer in a little bit.
0
 
LVL 3

Expert Comment

by:MarkWYnne
ID: 17969814
What heppens after authentication?, as the login portal loads.
0
 
LVL 2

Expert Comment

by:kcg-witchdoctor
ID: 17976371
Looks like it is availiable to me.  
0
 
LVL 2

Expert Comment

by:kcg-witchdoctor
ID: 17976373
You try https://mail.technologyprinting.com/exchange 


Do you have the s  in https?
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17976388
The problem was that the server had multiple sites running in IIS with hostheaders on the same ports. His default website with Exchange wasn't started. Additionally, ISA server didn't have a policy to allow access to web traffic (port 80) from anywhere.

Ira @ KVR
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17976408
Additionally, the problem is that the SSL certificates have gotten messed up because of this.  Currently, the server is pushing out the INTERNAL certificate (publishing.Technologyprinting.com).

This is partially caused by using a resolvable FQDN as the internal domain name.

The certificates need to all be removed from the server and the CEICW should be rerun to regenerate them.

Jeff
TechSoEasy
0
 
LVL 16

Expert Comment

by:Nyaema
ID: 17979504
Isn't it against EE rules to post a question then have an expert sort out the problem on  phone as KVR solutions has done?  Isn't that cheating?
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17979525
I didn't sort out the problem on the phone. If you read the comments, you'll see that I spoke with him on the phone to notify him of the security risk with the password posted publicly. Please read my EE profile for clarification on how I handle people that want to contact me directly.

Ira @ KVR
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17983761
Looking back, I realize that it wasn't right to offer that assistance when there was someone else involved in the question (agreatround). Honestly, I just overlooked it. I was just trying to help the guy and I knew that the quickest solution was to log in and fix it. I'll be more careful in the future as I respect this site and what it stands for greatly. I enjoy my time here!

If anyone feels I should have the points removed, please notify the mod and I'll have no problem with that.

Thanks,

Ira
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 17983984
Lol, I really don't want to beat a dead horse, but... I read *all* of the rules before I started posting on this site. Perhaps I interpreted this one incorrectly?

"The same applies to the use of Remote Access to resolve a problem. We recognize that sometimes, the only solution is a hands-on tinkering with a configuration, but this should be considered a last resort, and only with the full permission of the other participants in the question, and only with the full and complete disclosure of the methods used to resolve the problem. Any points awarded without the posting of both of these criteria will be removed from both the Asker's and the Expert's totals."

I don't want to make the same mistake again.. but I guess I need clarification. :)
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17984059
Hmmm... I actually didn't ever remember seeing that paragraph... so as Miss Litella would say... "nevermind".

Jeff
TechSoEasy
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now