Solved

External users can't access OWA

Posted on 2007-11-16
8
387 Views
Last Modified: 2010-05-19
I've set up OWA on a Server 2003 Standard box.  I can access OWA from the network using either servername/exchange or publicip/exchange.  External users who type publicip/exchange get a "page not found" response, much less a login box.  I've forwarded port 80 in the firewall to the IIS server, and I've double-checked everything against other OWA sites I've set up and I can't find the problem.  We've got dynamic DNS set up, but it doesn't matter whether the DDNS name is used or the actual public IP address - if you're outside the network you can't access it.  I think it's a permissions problem but I'm stumped.

Thanks in advance.
0
Comment
Question by:klancy
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 29

Expert Comment

by:Michael W
ID: 20298964
On the firewall, open the following ports:

    * For Exchange Communication:
          o Port 80 for HTTP
          o Port 691 for Link State Algorithm routing protocol
    * For Active Directory communication:
          o Port 389 for LDAP (TCP and UDP)
          o Port 3268 for Global Catalog Server LDAP (TCP)
          o Port 88 for Kerberos Authentication (TCP and UDP)

Reference: http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20299137
when you say the iis server i take it its the exchange server right?
0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 200 total points
ID: 20299170
mwecomputers - you only need to open that many ports if you intend to allow a FE server to communicate with a BE server behind a firewall.  You need to open port 80 if you are going to use plain HTTP, or port 443 if you require SSL.

klancy - have a look at your IIS Logs, and see if the external requests are even reaching the server.  Note that the times are in GMT.

Do you use an ISA server?  If so, did you publish the Exchange VDir?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 29

Expert Comment

by:Michael W
ID: 20299200
Also found this link as it has some step-by-step solutions available:

http://forums.msexchange.org/m_1800385027/mpage_1/key_/tm.htm#1800385027
0
 
LVL 2

Author Comment

by:klancy
ID: 20299207
The Server is the Exchange Server, we're using a single server not a FE/BE combo and we aren't using an ISA server.  I'm starting with plain HTTP.  

I'll check the logs shortly and post another reply.

Thanks for the quick responses.
0
 
LVL 2

Author Comment

by:klancy
ID: 20299464
I've checked the log and it doesn't change when someone tries to access OWA externally.
0
 
LVL 12

Accepted Solution

by:
Network_Data_Support earned 300 total points
ID: 20299644
well if it all works fine internally it has to be something blocking it externally can you view the logs/ traffic on the firewal?
0
 
LVL 2

Author Closing Comment

by:klancy
ID: 31409568
It turns out that the ISP blocks port 80 (among others) for dynamically assigned IPs.  Once we switched to a static (unblocked) IP, OWA worked perfectly.

I'm splitting the points because checking the IIS log proved that it wasn't an OWA configuration issue, and checking the firewall log proved that external requests weren't even hitting the router.  Which left the ISP as the culprit.

I've got a user who's traveling in South Africa right now who is very, very happy that he can check his Outlook.

Thanks everyone.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question