Solved

External users can't access OWA

Posted on 2007-11-16
8
385 Views
Last Modified: 2010-05-19
I've set up OWA on a Server 2003 Standard box.  I can access OWA from the network using either servername/exchange or publicip/exchange.  External users who type publicip/exchange get a "page not found" response, much less a login box.  I've forwarded port 80 in the firewall to the IIS server, and I've double-checked everything against other OWA sites I've set up and I can't find the problem.  We've got dynamic DNS set up, but it doesn't matter whether the DDNS name is used or the actual public IP address - if you're outside the network you can't access it.  I think it's a permissions problem but I'm stumped.

Thanks in advance.
0
Comment
Question by:klancy
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 29

Expert Comment

by:Michael W
ID: 20298964
On the firewall, open the following ports:

    * For Exchange Communication:
          o Port 80 for HTTP
          o Port 691 for Link State Algorithm routing protocol
    * For Active Directory communication:
          o Port 389 for LDAP (TCP and UDP)
          o Port 3268 for Global Catalog Server LDAP (TCP)
          o Port 88 for Kerberos Authentication (TCP and UDP)

Reference: http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20299137
when you say the iis server i take it its the exchange server right?
0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 200 total points
ID: 20299170
mwecomputers - you only need to open that many ports if you intend to allow a FE server to communicate with a BE server behind a firewall.  You need to open port 80 if you are going to use plain HTTP, or port 443 if you require SSL.

klancy - have a look at your IIS Logs, and see if the external requests are even reaching the server.  Note that the times are in GMT.

Do you use an ISA server?  If so, did you publish the Exchange VDir?
0
 
LVL 29

Expert Comment

by:Michael W
ID: 20299200
Also found this link as it has some step-by-step solutions available:

http://forums.msexchange.org/m_1800385027/mpage_1/key_/tm.htm#1800385027
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 
LVL 2

Author Comment

by:klancy
ID: 20299207
The Server is the Exchange Server, we're using a single server not a FE/BE combo and we aren't using an ISA server.  I'm starting with plain HTTP.  

I'll check the logs shortly and post another reply.

Thanks for the quick responses.
0
 
LVL 2

Author Comment

by:klancy
ID: 20299464
I've checked the log and it doesn't change when someone tries to access OWA externally.
0
 
LVL 12

Accepted Solution

by:
Network_Data_Support earned 300 total points
ID: 20299644
well if it all works fine internally it has to be something blocking it externally can you view the logs/ traffic on the firewal?
0
 
LVL 2

Author Closing Comment

by:klancy
ID: 31409568
It turns out that the ISP blocks port 80 (among others) for dynamically assigned IPs.  Once we switched to a static (unblocked) IP, OWA worked perfectly.

I'm splitting the points because checking the IIS log proved that it wasn't an OWA configuration issue, and checking the firewall log proved that external requests weren't even hitting the router.  Which left the ISP as the culprit.

I've got a user who's traveling in South Africa right now who is very, very happy that he can check his Outlook.

Thanks everyone.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now