External users can't access OWA

I've set up OWA on a Server 2003 Standard box.  I can access OWA from the network using either servername/exchange or publicip/exchange.  External users who type publicip/exchange get a "page not found" response, much less a login box.  I've forwarded port 80 in the firewall to the IIS server, and I've double-checked everything against other OWA sites I've set up and I can't find the problem.  We've got dynamic DNS set up, but it doesn't matter whether the DDNS name is used or the actual public IP address - if you're outside the network you can't access it.  I think it's a permissions problem but I'm stumped.

Thanks in advance.
LVL 2
klancyAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Network_Data_SupportConnect With a Mentor Commented:
well if it all works fine internally it has to be something blocking it externally can you view the logs/ traffic on the firewal?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
On the firewall, open the following ports:

    * For Exchange Communication:
          o Port 80 for HTTP
          o Port 691 for Link State Algorithm routing protocol
    * For Active Directory communication:
          o Port 389 for LDAP (TCP and UDP)
          o Port 3268 for Global Catalog Server LDAP (TCP)
          o Port 88 for Kerberos Authentication (TCP and UDP)

Reference: http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
0
 
Network_Data_SupportCommented:
when you say the iis server i take it its the exchange server right?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LeeDerbyshireConnect With a Mentor Commented:
mwecomputers - you only need to open that many ports if you intend to allow a FE server to communicate with a BE server behind a firewall.  You need to open port 80 if you are going to use plain HTTP, or port 443 if you require SSL.

klancy - have a look at your IIS Logs, and see if the external requests are even reaching the server.  Note that the times are in GMT.

Do you use an ISA server?  If so, did you publish the Exchange VDir?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Also found this link as it has some step-by-step solutions available:

http://forums.msexchange.org/m_1800385027/mpage_1/key_/tm.htm#1800385027
0
 
klancyAuthor Commented:
The Server is the Exchange Server, we're using a single server not a FE/BE combo and we aren't using an ISA server.  I'm starting with plain HTTP.  

I'll check the logs shortly and post another reply.

Thanks for the quick responses.
0
 
klancyAuthor Commented:
I've checked the log and it doesn't change when someone tries to access OWA externally.
0
 
klancyAuthor Commented:
It turns out that the ISP blocks port 80 (among others) for dynamically assigned IPs.  Once we switched to a static (unblocked) IP, OWA worked perfectly.

I'm splitting the points because checking the IIS log proved that it wasn't an OWA configuration issue, and checking the firewall log proved that external requests weren't even hitting the router.  Which left the ISP as the culprit.

I've got a user who's traveling in South Africa right now who is very, very happy that he can check his Outlook.

Thanks everyone.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.