Solved

OWA Externally not working

Posted on 2007-04-10
14
2,752 Views
Last Modified: 2008-01-09
I currently have OWA configured to be working internally in the network when people go to //servername/exchange.   However, I need this to be working externally as well.  I have ports 443 and 25 open on the router, and my A record and MX record on my hosting is pointing to the e-mail server.  Am I missing something?  I am behind a FortiGate FortiNet router (Fortigate-100A 3.00,build0474,061228).   Everything seems to be in place but I cant understand for the life of me why this is not working.  We are not and will not be using an ISA server.
0
Comment
Question by:sbalawajder
  • 7
  • 6
14 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18882267
Hello sbalawajder,

You have port forwarding on - but have you allowed TCP pot 443 inbound and outbound on the firewall ;)

Regards,

PeteLong
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882272
Do you have SSL enabled on the server?

If not, you will need to open port 80 (or install a certificate)

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
http://www.msexchange.org/tutorials/MF004.html

Try it internally, https://servername/exchange

-red
0
 

Author Comment

by:sbalawajder
ID: 18882374
Yes, the SSL certificate is installed and port 80 is open as well.  Let me show you what my firewall settings are (directly from the router)

 Name       IP       Service Port       Map to IP/IP Range       Map to Port       
Exchange1 SSL Connection       wan1/64.19.148.85       443/tcp       10.0.0.53       443/tcp       ]
Exhcange1 RDP       wan1/64.19.148.82       3391/tcp       10.0.0.53       3389/tcp         [Edit]
OWA       wan1/64.19.148.85       25/tcp       10.0.0.53       25/tcp       [Delete]   [Edit]
OWA SSL       wan1/64.19.148.82       443/tcp       10.0.0.53       443/tcp       [Delete]   [Edit]
Server POP3       wan1/64.19.148.82       110/tcp       10.0.0.4       110/tcp         [Edit]
Server RDP       wan1/64.19.148.82       3390/tcp       10.0.0.4       3389/tcp         [Edit]
Server SMTP       wan1/64.19.148.82       25/tcp       10.0.0.4       25/tcp         [Edit]
Solomon HTTP       wan1/64.19.148.82       80/tcp       10.0.0.3       80/tcp         [Edit]
Solomon RDP       wan1/64.19.148.82       3389/tcp       10.0.0.3       3389/tcp         [Edit]
http://mail.888digital.com/       wan1/64.19.148.85       80/tcp       10.0.0.53       80/tcp       [Delete]   [Edit]
0
 

Author Comment

by:sbalawajder
ID: 18882472
if you are wondering why theres 2 addresses doing the same thing, .82 was supposed to be the one to do it, but since we figured everything else is pretty much going on that, we decided to move it to our .85...........anyways, we have A records pointing to both addresses so it should resolve no matter what, right?
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882564
mail.888digital.com translates to 82

and is not answering on port 80 or 443

something on 85 is answering on 80, but it is not an exchange server (although it has IIS)

internally, if you go to https://10.0.0.53/exchange what do you get?
0
 

Author Comment

by:sbalawajder
ID: 18882593
redseattechnologies:

if i go internally to https://10.0.0.53/exchange, I get OWA
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882627
rats, that means that exchange is configured right and not listening on a dud IP.

it is simply timing out from here, which means that your firewall is obviously the culprit.  Do you have anything in the logs of the firewall?
0
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:sbalawajder
ID: 18882677
Nothing in the logs shows whats going on.....
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882804
Do you actually see the connection though?

allow or deny, just wondering if it shows.

Alternatively, can you try moving it all to .82 for a test (as that appears to be working for 1 server)
0
 

Author Comment

by:sbalawajder
ID: 18882841
I already have the connections in place for .82 and .85............shouldnt it find one or the other?  I try going to https://owa.888digital.com/exchange and https://mail.888digital.com/exchange and I get the timeout.  This is getting rather frustrating!  I called the FortiNet people, and all they can tell me is "I dont know" which I thought was against the first law of tech support!
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 125 total points
ID: 18882856
ahhh yes, i can see that 443 goes to both already.

Try doing the same with port 80 - to rule out Pete's idea that there is some other kind of rule there
0
 

Author Comment

by:sbalawajder
ID: 18882923
80 is open on both as well....
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18885907
as of now?  because the list above doesn't show that
0
 

Author Comment

by:sbalawajder
ID: 18889413
OK, I have solved the problem!  It appears with this router after you add a virtual IP (for port forwarding), you need to apply it into a policy before the changes would take effect.  I will assign the points to redseat though, as he was correct in that I did not have port 80 open.  Thanks for the help guys.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now