Solved

OWA Externally not working

Posted on 2007-04-10
14
2,757 Views
Last Modified: 2008-01-09
I currently have OWA configured to be working internally in the network when people go to //servername/exchange.   However, I need this to be working externally as well.  I have ports 443 and 25 open on the router, and my A record and MX record on my hosting is pointing to the e-mail server.  Am I missing something?  I am behind a FortiGate FortiNet router (Fortigate-100A 3.00,build0474,061228).   Everything seems to be in place but I cant understand for the life of me why this is not working.  We are not and will not be using an ISA server.
0
Comment
Question by:sbalawajder
  • 7
  • 6
14 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18882267
Hello sbalawajder,

You have port forwarding on - but have you allowed TCP pot 443 inbound and outbound on the firewall ;)

Regards,

PeteLong
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882272
Do you have SSL enabled on the server?

If not, you will need to open port 80 (or install a certificate)

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
http://www.msexchange.org/tutorials/MF004.html

Try it internally, https://servername/exchange

-red
0
 

Author Comment

by:sbalawajder
ID: 18882374
Yes, the SSL certificate is installed and port 80 is open as well.  Let me show you what my firewall settings are (directly from the router)

 Name       IP       Service Port       Map to IP/IP Range       Map to Port       
Exchange1 SSL Connection       wan1/64.19.148.85       443/tcp       10.0.0.53       443/tcp       ]
Exhcange1 RDP       wan1/64.19.148.82       3391/tcp       10.0.0.53       3389/tcp         [Edit]
OWA       wan1/64.19.148.85       25/tcp       10.0.0.53       25/tcp       [Delete]   [Edit]
OWA SSL       wan1/64.19.148.82       443/tcp       10.0.0.53       443/tcp       [Delete]   [Edit]
Server POP3       wan1/64.19.148.82       110/tcp       10.0.0.4       110/tcp         [Edit]
Server RDP       wan1/64.19.148.82       3390/tcp       10.0.0.4       3389/tcp         [Edit]
Server SMTP       wan1/64.19.148.82       25/tcp       10.0.0.4       25/tcp         [Edit]
Solomon HTTP       wan1/64.19.148.82       80/tcp       10.0.0.3       80/tcp         [Edit]
Solomon RDP       wan1/64.19.148.82       3389/tcp       10.0.0.3       3389/tcp         [Edit]
http://mail.888digital.com/       wan1/64.19.148.85       80/tcp       10.0.0.53       80/tcp       [Delete]   [Edit]
0
 

Author Comment

by:sbalawajder
ID: 18882472
if you are wondering why theres 2 addresses doing the same thing, .82 was supposed to be the one to do it, but since we figured everything else is pretty much going on that, we decided to move it to our .85...........anyways, we have A records pointing to both addresses so it should resolve no matter what, right?
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882564
mail.888digital.com translates to 82

and is not answering on port 80 or 443

something on 85 is answering on 80, but it is not an exchange server (although it has IIS)

internally, if you go to https://10.0.0.53/exchange what do you get?
0
 

Author Comment

by:sbalawajder
ID: 18882593
redseattechnologies:

if i go internally to https://10.0.0.53/exchange, I get OWA
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882627
rats, that means that exchange is configured right and not listening on a dud IP.

it is simply timing out from here, which means that your firewall is obviously the culprit.  Do you have anything in the logs of the firewall?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:sbalawajder
ID: 18882677
Nothing in the logs shows whats going on.....
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18882804
Do you actually see the connection though?

allow or deny, just wondering if it shows.

Alternatively, can you try moving it all to .82 for a test (as that appears to be working for 1 server)
0
 

Author Comment

by:sbalawajder
ID: 18882841
I already have the connections in place for .82 and .85............shouldnt it find one or the other?  I try going to https://owa.888digital.com/exchange and https://mail.888digital.com/exchange and I get the timeout.  This is getting rather frustrating!  I called the FortiNet people, and all they can tell me is "I dont know" which I thought was against the first law of tech support!
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 125 total points
ID: 18882856
ahhh yes, i can see that 443 goes to both already.

Try doing the same with port 80 - to rule out Pete's idea that there is some other kind of rule there
0
 

Author Comment

by:sbalawajder
ID: 18882923
80 is open on both as well....
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 18885907
as of now?  because the list above doesn't show that
0
 

Author Comment

by:sbalawajder
ID: 18889413
OK, I have solved the problem!  It appears with this router after you add a virtual IP (for port forwarding), you need to apply it into a policy before the changes would take effect.  I will assign the points to redseat though, as he was correct in that I did not have port 80 open.  Thanks for the help guys.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What does UTC stand for?  “Coordinated Universal Time” – Think of this as the true time on Planet Earth that never changes with the exception of minor leap seconds here and there to account for the changes in the planet's rotation.   What does th…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now