Solved

Exchange OWA 2003

Posted on 2007-11-18
10
246 Views
Last Modified: 2008-02-01
Hi,

What must I do to publish my OWA to the internet? I know I need 443 through the firewall, but what do I tell my ISP? I have a domain. I plan to use a self SSL Certificate. No problem there. What DNS record should I tell the ISP to add? www.domain.com/owa? (Or anything else I choose)+the internal IP of the mail server? FIXed WAN address? what are the exact steps?

I used to do this years ago...but I forgot the procedure.
0
Comment
Question by:cybrosh
  • 5
  • 5
10 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 20310843
I assume you already have your MX records configured for domain.com so that mail is flowing in and out of Exchange correctly. I won't go into it here but let me know if you want me to.

You cannot tell your ISP to add a DNS record just for /owa. The whole point of DNS records is that they are independent of protocol, so you can use any protocol before domain.com and you will get to the same place on the Internet. If you use /owa, that is only accessible by HTTP or HTTPS.

The easiest way to access your OWA would be to simply use the subdomain which your MX record is tied to, most often mail.domain.com. Alternatively, some people like to make a subdomain called webmail.domain.com, then set that as an A record for your fixed WAN IP address.

-tigermatt
0
 

Author Comment

by:cybrosh
ID: 20318708
Ok, thanks for the comment, but can you be a little more specific? more details on the technical steps needed to be done.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20321999
As you haven't said otherwise, I will still assume you have MX records set up correctly and that you can send mail in and out of the Exchange server.

Probably the easiest way to do this would be to:

1) Create a subdomain: webmail.<yourdomain>.com
2) Ask your ISP/registrar to change the A record IP address on the subdomain to the IP address of your router which is accessible on the Internet (i.e. not the internal 10.x.x.x, 192.168.x.x or 172.x.x.x address, but the external one)
3) Once the record is changed, forward requests to port 443 on that IP address to the internal IP of the Exchange server
4) Go to https://webmail.<yourdomain>.com/exchange or /owa to test

If you have MX records set up already, you could just use them.

-tigermatt
0
 

Author Comment

by:cybrosh
ID: 20330040
Tiger,

Thanks for replying. Sorry for being such a pest.
Yes, I have set up MX records, as well as the ISP's mail servers for fault tolerance(rating).

*In the event of having MX records, how do I use them?

*Again, sorry for being a pain...
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20330081
>>> *In the event of having MX records, how do I use them?

I'm not quite sure what you mean by "having MX records". MX records stands for "Mail Exchanger Records"; this is the DNS record which is looked up by mail servers attempting to send mail to a recipient at your domain. The MX record points to an FQDN (fully qualified domain name), which is then configured as an A record to your WAN IP address, which means connections are passed directly to your Exchange server assuming port 25 is forwarded correctly.

So having MX records *is* a good thing, otherwise mail wouldn't flow into your domain and possibly not outwards, depending on the setup of some recipients' mail servers they may reject messages if they can't perform a lookup of your MX records and verify that all sorts of other settings are correctly configured.

-tigermatt
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:cybrosh
ID: 20330480
Hi TIger,

Here's the  MX/A records config :

-A record, FQDN=mail.companydomain.com, value=214.X.X.X(Real WAN IP), MX Pref=none
-MX record, FQDN=companydomain.com, value=mail.companydomain.com, MX Pref=10
-A Record, FQDN=mail.isp.com, value=Real wan IP, MX Pref=none
-MX Record, FQDN=companydomain.com, value=mail.isp.com, mx pref=100

How do I combine the OWA address with the above config?

Appreciate the help.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20330530
Hi again,

I hope I don't over-complicate my posts! I always like to explain things thoroughly to make sure you everyone understands, but it often seems to complicate things a little!

The OWA address needs an A record which is mapped to the Exchange WAN IP. In this case, mail.companydomain.com has an A record of 214.x.x.x which is your WAN IP. Therefore, you could quite easily use mail.companydomain.com as your OWA address, just append /owa or /exchange depending on which of the two your OWA site uses.

Also, don't forget you will need port 443 forwarded in your router firewall and need your self-signed SSL certificate set up before the HTTPS through port 443 will work. Once everything is in place, you should be able to go to https://mail.companydomain.com/owa or /exchange from outside with no issues. Make sure you enter the https, http:// will only work if you forward port 80 too (insecure) to the Exchange server, in which case Exchange *should* redirect to the SSL connection although I believe this has to be manually configured.

--
So:
1) Forward port 443 in your router's firewall to Exchange server (just like you did with port 25, expect for TCP port 443)
2) Set up SSL certificate
3) Use https://mail.companydomain.com/owa or /exchange as your OWA URL.
--

Hope this helps!
-tigermatt
0
 

Author Comment

by:cybrosh
ID: 20332754
Hi TIger,

Last question, just to make sure.

I don't have to modify the A record, by adding the /Exchange, right? since it's already embedded? true?'


0
 
LVL 58

Accepted Solution

by:
tigermatt earned 50 total points
ID: 20333005
>>> I don't have to modify the A record, by adding the /Exchange, right? since it's already embedded? true?'
Correct, you just add https:// to the beginning and /Exchange at the end assuming you're using mail.companydomain.com

-tigermatt
:)
0
 

Author Comment

by:cybrosh
ID: 20333222
Thanks mate!!!
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now