?
Solved

External users can't access OWA

Posted on 2007-11-16
8
Medium Priority
?
392 Views
Last Modified: 2010-05-19
I've set up OWA on a Server 2003 Standard box.  I can access OWA from the network using either servername/exchange or publicip/exchange.  External users who type publicip/exchange get a "page not found" response, much less a login box.  I've forwarded port 80 in the firewall to the IIS server, and I've double-checked everything against other OWA sites I've set up and I can't find the problem.  We've got dynamic DNS set up, but it doesn't matter whether the DDNS name is used or the actual public IP address - if you're outside the network you can't access it.  I think it's a permissions problem but I'm stumped.

Thanks in advance.
0
Comment
Question by:klancy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 20298964
On the firewall, open the following ports:

    * For Exchange Communication:
          o Port 80 for HTTP
          o Port 691 for Link State Algorithm routing protocol
    * For Active Directory communication:
          o Port 389 for LDAP (TCP and UDP)
          o Port 3268 for Global Catalog Server LDAP (TCP)
          o Port 88 for Kerberos Authentication (TCP and UDP)

Reference: http://www.msexchange.org/tutorials/OWA_Exchange_Server_2003.html
0
 
LVL 12

Expert Comment

by:Network_Data_Support
ID: 20299137
when you say the iis server i take it its the exchange server right?
0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 800 total points
ID: 20299170
mwecomputers - you only need to open that many ports if you intend to allow a FE server to communicate with a BE server behind a firewall.  You need to open port 80 if you are going to use plain HTTP, or port 443 if you require SSL.

klancy - have a look at your IIS Logs, and see if the external requests are even reaching the server.  Note that the times are in GMT.

Do you use an ISA server?  If so, did you publish the Exchange VDir?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 29

Expert Comment

by:Michael Worsham
ID: 20299200
Also found this link as it has some step-by-step solutions available:

http://forums.msexchange.org/m_1800385027/mpage_1/key_/tm.htm#1800385027
0
 
LVL 2

Author Comment

by:klancy
ID: 20299207
The Server is the Exchange Server, we're using a single server not a FE/BE combo and we aren't using an ISA server.  I'm starting with plain HTTP.  

I'll check the logs shortly and post another reply.

Thanks for the quick responses.
0
 
LVL 2

Author Comment

by:klancy
ID: 20299464
I've checked the log and it doesn't change when someone tries to access OWA externally.
0
 
LVL 12

Accepted Solution

by:
Network_Data_Support earned 1200 total points
ID: 20299644
well if it all works fine internally it has to be something blocking it externally can you view the logs/ traffic on the firewal?
0
 
LVL 2

Author Closing Comment

by:klancy
ID: 31409568
It turns out that the ISP blocks port 80 (among others) for dynamically assigned IPs.  Once we switched to a static (unblocked) IP, OWA worked perfectly.

I'm splitting the points because checking the IIS log proved that it wasn't an OWA configuration issue, and checking the firewall log proved that external requests weren't even hitting the router.  Which left the ISP as the culprit.

I've got a user who's traveling in South Africa right now who is very, very happy that he can check his Outlook.

Thanks everyone.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month10 days, 19 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question