Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS2003 OWA SSL Getting Error Code 10061

Posted on 2007-03-28
13
Medium Priority
?
1,940 Views
Last Modified: 2008-01-17
My situation is as follows...

I have a SBS2003 server and a seperate server running ISA 2004. I followed the guide on isaserver.org to get OWA published with SSL. I'm running on a .local and have added a entry to the host file on the ISA 2004 server pointing mail.domain.com to the internal ip address of the SBS2003 server.

When I try and login to https://mail.mydomain.com/exchange i'm of course getting the CA error which is caused by the .local which is not an issue right now. I'll setup a split DNS later. After I click through the cert error i'm getting:


Error Code 10061: Connection refused
Background: When the gateway or proxy server contacted the upstream (Web) server, the connection was refused. This usually results from trying to connect to a service that is inactive on the upstream server.

ISA 2004 Log:

Destination IP: 192.168.16.2
Destination Port: 443
Protocol: https
Action: Failed Connection Attempt
URL: http://servername.domain.local:443/exhange 

Any help would be appreciated!
0
Comment
Question by:matt-helm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
13 Comments
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 18807568
Have you run the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > To-Do List)?

Is the Default Web Site running on the SBS?  Because "Inactive on the upstream server" would indicate that it's not running.

Can you access OWA on the SBS itself? (http://localhost/exchange ?)

FYI, you do not need to set up split DNS to account for your CA error.  If it's a self-signed cert, you'll always get an error unless you install the certificate in the remote machine you're using to access OWA from.  If it's a 3rd party certificate, you should use the CEICW to install it properly... click the "More Information" button in the CEICW's SSL Certificate screen for, of course, More Information.  :-)

Jeff
TechSoEasy

0
 

Author Comment

by:matt-helm
ID: 18807669
I can't believe the damn service was not running! Yeah.. so I did start the default website. Not sure how i could over looked that.. thanks! BUT! I'm now getting this error from outside:

Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)


And yes.. I can access the site internally http://servername/exchange
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18807702
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18807711
I should state, that using a separate server for ISA in an SBS environment doesn't really make much sense, in both cost and ease of management.  Why have you chosen this configuration?

Jeff
TechSoEasy
0
 
LVL 5

Expert Comment

by:megs28
ID: 18808296
What's the FQDN that you entered in your certificate?  Also keep in mind that the certificate will do a reverse DNS lookup to verify that it's not being spoofed.
0
 

Author Comment

by:matt-helm
ID: 18808342
Ok.. I did get the cert straightened out and i'm getting the OWA login over Https!

Now the problem is that when I try and login, it's just going back to the login screen.. no errors.

0
 

Author Comment

by:matt-helm
ID: 18808523
Well..the problem was that in my cert I had mail.domain.com in my To: when i redid the cert and had severname.domain.local in the To: it worked. But like i said i'm it's failing some how when I try and log in.
0
 

Author Comment

by:matt-helm
ID: 18808565
https://mail.domain.com/exchweb/bin/auth/owalogon.asp?url=https://mail.domain.com/exchange&reason=0

This is what i'm seeing in address bar once i try and log in..
0
 

Author Comment

by:matt-helm
ID: 18808816
Well.. I got it all fixed!

I needed to turn off Formbased Authentication on the Exchange Virtual Server

Thanks ;)
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18831397
See, all of that would be done automatically on a standard SBS installation.  Which makes me still wonder why you are using a separate ISA Server.

But glad you got it working.

Jeff
TechSoEasy
0
 

Author Comment

by:matt-helm
ID: 18837859
It makes me nervous having my company firewall sitting on the same server thats holding sensative company information. I was not involved in setting up the network else i would of suggested something a bit more segregated. I also have to set them up with a split DNS solution.

I really don't like SBS2003 to begin with.... Something gets hosed and it can take everything else down with it.

Thanks again.
Helm
0
 

Author Comment

by:matt-helm
ID: 18837873
Oh.. one more thing while i have your attention. About the CA error a end user will see when using OWA from the outside. The only way is to buy a cert from verisign or someone else?

I mean they can click through the cert error not being from a trusted source.. but is there anything else i can do?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 18855487
SBS is designed for what MOST small companies need... a solution that is COST EFFECTIVE, and SECURE.  If you configure SBS according to it's design parameters, it's plenty secure.  If you start trying to second guess it's design and treat it as though it's a stand-alone enterprise server, it's much less secure and you will spend significantly MORE time managing it and your network.

As for your Certificate error?  The only thing to avoid it entirely is to use a 3rd party certificate.  The other option is that the first time a user sees that warning, they should VIEW the certificate then INSTALL it.  Then they won't ever see the warning that the site isn't trusted... because they've now told their computer that it is.

Jeff
TechSoEasy
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question