Solved

OWA Externally not working

Posted on 2007-04-10
14
2,770 Views
Last Modified: 2008-01-09
I currently have OWA configured to be working internally in the network when people go to //servername/exchange.   However, I need this to be working externally as well.  I have ports 443 and 25 open on the router, and my A record and MX record on my hosting is pointing to the e-mail server.  Am I missing something?  I am behind a FortiGate FortiNet router (Fortigate-100A 3.00,build0474,061228).   Everything seems to be in place but I cant understand for the life of me why this is not working.  We are not and will not be using an ISA server.
0
Comment
Question by:sbalawajder
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18882267
Hello sbalawajder,

You have port forwarding on - but have you allowed TCP pot 443 inbound and outbound on the firewall ;)

Regards,

PeteLong
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882272
Do you have SSL enabled on the server?

If not, you will need to open port 80 (or install a certificate)

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
http://www.msexchange.org/tutorials/MF004.html

Try it internally, https://servername/exchange

-red
0
 

Author Comment

by:sbalawajder
ID: 18882374
Yes, the SSL certificate is installed and port 80 is open as well.  Let me show you what my firewall settings are (directly from the router)

 Name       IP       Service Port       Map to IP/IP Range       Map to Port       
Exchange1 SSL Connection       wan1/64.19.148.85       443/tcp       10.0.0.53       443/tcp       ]
Exhcange1 RDP       wan1/64.19.148.82       3391/tcp       10.0.0.53       3389/tcp         [Edit]
OWA       wan1/64.19.148.85       25/tcp       10.0.0.53       25/tcp       [Delete]   [Edit]
OWA SSL       wan1/64.19.148.82       443/tcp       10.0.0.53       443/tcp       [Delete]   [Edit]
Server POP3       wan1/64.19.148.82       110/tcp       10.0.0.4       110/tcp         [Edit]
Server RDP       wan1/64.19.148.82       3390/tcp       10.0.0.4       3389/tcp         [Edit]
Server SMTP       wan1/64.19.148.82       25/tcp       10.0.0.4       25/tcp         [Edit]
Solomon HTTP       wan1/64.19.148.82       80/tcp       10.0.0.3       80/tcp         [Edit]
Solomon RDP       wan1/64.19.148.82       3389/tcp       10.0.0.3       3389/tcp         [Edit]
http://mail.888digital.com/       wan1/64.19.148.85       80/tcp       10.0.0.53       80/tcp       [Delete]   [Edit]
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 

Author Comment

by:sbalawajder
ID: 18882472
if you are wondering why theres 2 addresses doing the same thing, .82 was supposed to be the one to do it, but since we figured everything else is pretty much going on that, we decided to move it to our .85...........anyways, we have A records pointing to both addresses so it should resolve no matter what, right?
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882564
mail.888digital.com translates to 82

and is not answering on port 80 or 443

something on 85 is answering on 80, but it is not an exchange server (although it has IIS)

internally, if you go to https://10.0.0.53/exchange what do you get?
0
 

Author Comment

by:sbalawajder
ID: 18882593
redseattechnologies:

if i go internally to https://10.0.0.53/exchange, I get OWA
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882627
rats, that means that exchange is configured right and not listening on a dud IP.

it is simply timing out from here, which means that your firewall is obviously the culprit.  Do you have anything in the logs of the firewall?
0
 

Author Comment

by:sbalawajder
ID: 18882677
Nothing in the logs shows whats going on.....
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882804
Do you actually see the connection though?

allow or deny, just wondering if it shows.

Alternatively, can you try moving it all to .82 for a test (as that appears to be working for 1 server)
0
 

Author Comment

by:sbalawajder
ID: 18882841
I already have the connections in place for .82 and .85............shouldnt it find one or the other?  I try going to https://owa.888digital.com/exchange and https://mail.888digital.com/exchange and I get the timeout.  This is getting rather frustrating!  I called the FortiNet people, and all they can tell me is "I dont know" which I thought was against the first law of tech support!
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 125 total points
ID: 18882856
ahhh yes, i can see that 443 goes to both already.

Try doing the same with port 80 - to rule out Pete's idea that there is some other kind of rule there
0
 

Author Comment

by:sbalawajder
ID: 18882923
80 is open on both as well....
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18885907
as of now?  because the list above doesn't show that
0
 

Author Comment

by:sbalawajder
ID: 18889413
OK, I have solved the problem!  It appears with this router after you add a virtual IP (for port forwarding), you need to apply it into a policy before the changes would take effect.  I will assign the points to redseat though, as he was correct in that I did not have port 80 open.  Thanks for the help guys.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question