Solved

Exchange OWA 2003

Posted on 2007-11-18
10
251 Views
Last Modified: 2008-02-01
Hi,

What must I do to publish my OWA to the internet? I know I need 443 through the firewall, but what do I tell my ISP? I have a domain. I plan to use a self SSL Certificate. No problem there. What DNS record should I tell the ISP to add? www.domain.com/owa? (Or anything else I choose)+the internal IP of the mail server? FIXed WAN address? what are the exact steps?

I used to do this years ago...but I forgot the procedure.
0
Comment
Question by:cybrosh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 20310843
I assume you already have your MX records configured for domain.com so that mail is flowing in and out of Exchange correctly. I won't go into it here but let me know if you want me to.

You cannot tell your ISP to add a DNS record just for /owa. The whole point of DNS records is that they are independent of protocol, so you can use any protocol before domain.com and you will get to the same place on the Internet. If you use /owa, that is only accessible by HTTP or HTTPS.

The easiest way to access your OWA would be to simply use the subdomain which your MX record is tied to, most often mail.domain.com. Alternatively, some people like to make a subdomain called webmail.domain.com, then set that as an A record for your fixed WAN IP address.

-tigermatt
0
 

Author Comment

by:cybrosh
ID: 20318708
Ok, thanks for the comment, but can you be a little more specific? more details on the technical steps needed to be done.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20321999
As you haven't said otherwise, I will still assume you have MX records set up correctly and that you can send mail in and out of the Exchange server.

Probably the easiest way to do this would be to:

1) Create a subdomain: webmail.<yourdomain>.com
2) Ask your ISP/registrar to change the A record IP address on the subdomain to the IP address of your router which is accessible on the Internet (i.e. not the internal 10.x.x.x, 192.168.x.x or 172.x.x.x address, but the external one)
3) Once the record is changed, forward requests to port 443 on that IP address to the internal IP of the Exchange server
4) Go to https://webmail.<yourdomain>.com/exchange or /owa to test

If you have MX records set up already, you could just use them.

-tigermatt
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:cybrosh
ID: 20330040
Tiger,

Thanks for replying. Sorry for being such a pest.
Yes, I have set up MX records, as well as the ISP's mail servers for fault tolerance(rating).

*In the event of having MX records, how do I use them?

*Again, sorry for being a pain...
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20330081
>>> *In the event of having MX records, how do I use them?

I'm not quite sure what you mean by "having MX records". MX records stands for "Mail Exchanger Records"; this is the DNS record which is looked up by mail servers attempting to send mail to a recipient at your domain. The MX record points to an FQDN (fully qualified domain name), which is then configured as an A record to your WAN IP address, which means connections are passed directly to your Exchange server assuming port 25 is forwarded correctly.

So having MX records *is* a good thing, otherwise mail wouldn't flow into your domain and possibly not outwards, depending on the setup of some recipients' mail servers they may reject messages if they can't perform a lookup of your MX records and verify that all sorts of other settings are correctly configured.

-tigermatt
0
 

Author Comment

by:cybrosh
ID: 20330480
Hi TIger,

Here's the  MX/A records config :

-A record, FQDN=mail.companydomain.com, value=214.X.X.X(Real WAN IP), MX Pref=none
-MX record, FQDN=companydomain.com, value=mail.companydomain.com, MX Pref=10
-A Record, FQDN=mail.isp.com, value=Real wan IP, MX Pref=none
-MX Record, FQDN=companydomain.com, value=mail.isp.com, mx pref=100

How do I combine the OWA address with the above config?

Appreciate the help.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 20330530
Hi again,

I hope I don't over-complicate my posts! I always like to explain things thoroughly to make sure you everyone understands, but it often seems to complicate things a little!

The OWA address needs an A record which is mapped to the Exchange WAN IP. In this case, mail.companydomain.com has an A record of 214.x.x.x which is your WAN IP. Therefore, you could quite easily use mail.companydomain.com as your OWA address, just append /owa or /exchange depending on which of the two your OWA site uses.

Also, don't forget you will need port 443 forwarded in your router firewall and need your self-signed SSL certificate set up before the HTTPS through port 443 will work. Once everything is in place, you should be able to go to https://mail.companydomain.com/owa or /exchange from outside with no issues. Make sure you enter the https, http:// will only work if you forward port 80 too (insecure) to the Exchange server, in which case Exchange *should* redirect to the SSL connection although I believe this has to be manually configured.

--
So:
1) Forward port 443 in your router's firewall to Exchange server (just like you did with port 25, expect for TCP port 443)
2) Set up SSL certificate
3) Use https://mail.companydomain.com/owa or /exchange as your OWA URL.
--

Hope this helps!
-tigermatt
0
 

Author Comment

by:cybrosh
ID: 20332754
Hi TIger,

Last question, just to make sure.

I don't have to modify the A record, by adding the /Exchange, right? since it's already embedded? true?'


0
 
LVL 58

Accepted Solution

by:
tigermatt earned 50 total points
ID: 20333005
>>> I don't have to modify the A record, by adding the /Exchange, right? since it's already embedded? true?'
Correct, you just add https:// to the beginning and /Exchange at the end assuming you're using mail.companydomain.com

-tigermatt
:)
0
 

Author Comment

by:cybrosh
ID: 20333222
Thanks mate!!!
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question