Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2786
  • Last Modified:

OWA Externally not working

I currently have OWA configured to be working internally in the network when people go to //servername/exchange.   However, I need this to be working externally as well.  I have ports 443 and 25 open on the router, and my A record and MX record on my hosting is pointing to the e-mail server.  Am I missing something?  I am behind a FortiGate FortiNet router (Fortigate-100A 3.00,build0474,061228).   Everything seems to be in place but I cant understand for the life of me why this is not working.  We are not and will not be using an ISA server.
0
sbalawajder
Asked:
sbalawajder
  • 7
  • 6
1 Solution
 
Pete LongTechnical ConsultantCommented:
Hello sbalawajder,

You have port forwarding on - but have you allowed TCP pot 443 inbound and outbound on the firewall ;)

Regards,

PeteLong
0
 
redseatechnologiesCommented:
Do you have SSL enabled on the server?

If not, you will need to open port 80 (or install a certificate)

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
http://www.msexchange.org/tutorials/MF004.html

Try it internally, https://servername/exchange

-red
0
 
sbalawajderAuthor Commented:
Yes, the SSL certificate is installed and port 80 is open as well.  Let me show you what my firewall settings are (directly from the router)

 Name       IP       Service Port       Map to IP/IP Range       Map to Port       
Exchange1 SSL Connection       wan1/64.19.148.85       443/tcp       10.0.0.53       443/tcp       ]
Exhcange1 RDP       wan1/64.19.148.82       3391/tcp       10.0.0.53       3389/tcp         [Edit]
OWA       wan1/64.19.148.85       25/tcp       10.0.0.53       25/tcp       [Delete]   [Edit]
OWA SSL       wan1/64.19.148.82       443/tcp       10.0.0.53       443/tcp       [Delete]   [Edit]
Server POP3       wan1/64.19.148.82       110/tcp       10.0.0.4       110/tcp         [Edit]
Server RDP       wan1/64.19.148.82       3390/tcp       10.0.0.4       3389/tcp         [Edit]
Server SMTP       wan1/64.19.148.82       25/tcp       10.0.0.4       25/tcp         [Edit]
Solomon HTTP       wan1/64.19.148.82       80/tcp       10.0.0.3       80/tcp         [Edit]
Solomon RDP       wan1/64.19.148.82       3389/tcp       10.0.0.3       3389/tcp         [Edit]
http://mail.888digital.com/       wan1/64.19.148.85       80/tcp       10.0.0.53       80/tcp       [Delete]   [Edit]
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
sbalawajderAuthor Commented:
if you are wondering why theres 2 addresses doing the same thing, .82 was supposed to be the one to do it, but since we figured everything else is pretty much going on that, we decided to move it to our .85...........anyways, we have A records pointing to both addresses so it should resolve no matter what, right?
0
 
redseatechnologiesCommented:
mail.888digital.com translates to 82

and is not answering on port 80 or 443

something on 85 is answering on 80, but it is not an exchange server (although it has IIS)

internally, if you go to https://10.0.0.53/exchange what do you get?
0
 
sbalawajderAuthor Commented:
redseattechnologies:

if i go internally to https://10.0.0.53/exchange, I get OWA
0
 
redseatechnologiesCommented:
rats, that means that exchange is configured right and not listening on a dud IP.

it is simply timing out from here, which means that your firewall is obviously the culprit.  Do you have anything in the logs of the firewall?
0
 
sbalawajderAuthor Commented:
Nothing in the logs shows whats going on.....
0
 
redseatechnologiesCommented:
Do you actually see the connection though?

allow or deny, just wondering if it shows.

Alternatively, can you try moving it all to .82 for a test (as that appears to be working for 1 server)
0
 
sbalawajderAuthor Commented:
I already have the connections in place for .82 and .85............shouldnt it find one or the other?  I try going to https://owa.888digital.com/exchange and https://mail.888digital.com/exchange and I get the timeout.  This is getting rather frustrating!  I called the FortiNet people, and all they can tell me is "I dont know" which I thought was against the first law of tech support!
0
 
redseatechnologiesCommented:
ahhh yes, i can see that 443 goes to both already.

Try doing the same with port 80 - to rule out Pete's idea that there is some other kind of rule there
0
 
sbalawajderAuthor Commented:
80 is open on both as well....
0
 
redseatechnologiesCommented:
as of now?  because the list above doesn't show that
0
 
sbalawajderAuthor Commented:
OK, I have solved the problem!  It appears with this router after you add a virtual IP (for port forwarding), you need to apply it into a policy before the changes would take effect.  I will assign the points to redseat though, as he was correct in that I did not have port 80 open.  Thanks for the help guys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now