Solved

Configuring OWA on Exchange 2003

Posted on 2007-12-03
26
2,301 Views
Last Modified: 2008-09-05
I've been searching all over for a good guide for setting up OWA on an Exchange 2003 server. Every place I look seems to indicate that it's on by default, but it doesn't seem to work for me. This is true, so far, at both my site and a clients' site. I get "The webpage cannot be found" on my system - probably because of all the mucking around I've done trying to get it to work. At my client's site. I get an authorization problem, if I recall correctly. Does anyone have a good list of what I should check to get this working? (And I haven't even addressed SSL yet!)
0
Comment
Question by:d0ughb0y
  • 13
  • 10
  • 2
  • +1
26 Comments
 
LVL 16

Expert Comment

by:2PiFL
Comment Utility
Does this help:
Configurations for OWA to work with SSL
Install Exchange 2003 on the front-end server and configure as a front-end server.
Install the SSL certificate as instructed by Verisign
Open Internet Services Manager
Right-click the Default web site, and then click Properties.
Click the Directory Security tab.
Under Secure communications, click Edit.
Click to select the Require secure channel(SSL) check box.
Ignore client certificates should be selected
Return to the  Directory Security tab and click the Edit button under Authentication access control
Check Enable Anonymous access
Default domain and Realm should both be Dorner.com

Reference: Microsoft knowledge base article 3203291

Enabling Automatic Redirection of OWA HTTP requests to HTTPS
Obtain Microsoft knowledge base article 279681
Before following the article create a virtual directory under the Default web site as follows:
1.      Open Internet Services Manager
2.      Right-click the Default web site, and then click Properties.
3.      Select New>Virtual directory
4.      Set the Alias to OWAasp
5.      On the path screen click the Browse button
6.      Browse to C:\INETPUB\WWWROOT
7.      Click the Make New Folder button
8.      Name the folder OWAasp
9.      Click Next>Next>Finish
Follow the knowledge base article
Note: Make sure you do not miss the note that instructs you to not require SSL on the OWAasp folder.
Additional steps required for Exchange 2003.
1.      Bring up the Properties page for the OWAasp virtual directory
2.      On the Virtual Directory tab look for the Application pool drop-down selection box
3.      Select ExchangeApplicationPool  and click OK.


Simplifying the OWA URL
This will allow users to skip typing the /Exchange part of the URL
Using the Internet Services Manager open the properties for the Default Web Site.
Click the Home Directory tab, and then select A redirection to a URL.
In Redirect to, type /exchange, and then click A directory below this one.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Before you do any of the above, which is not required for OWA operation, you need to get the core application to work.
It should work and be enabled out of the box. However if you have pulled changing settings then you should reset it.

Use this KB article to reset the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380
If you have an SSL certificate, require SSL or anything like that enabled, remove them.

Then you should be able to go to http://server/exchange and OWA should load.

Simon.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
Start the IIS Manager on the server.  If you expand the Default Web Site, do you see a Virtual Directory named Exchange?  If so, what happens if you right-click it, and select 'Browse'?
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
Sorry it took so long to respond. When I select the Exchange site from under the Default Web Site, and browse, it tells me that the webpage cannot be found.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
That is clearly very strange.  Is the Default Web Site configured to use a port other than 80 for TCP requests?  Has it been configured to require SSL?
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
Nope. Using ports 80 and 443 for clear and SSL, respectively. Authentication is set to enable anon access as well as Integrated Windows auth and Digest auth. There is an SSL certificate installed, but the Require Secure Channel (SSL) is not checked. I suppose I could remove it, but I will want to put it back at some point.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
FYI, I removed the certificate, and hence the requirement for SSL, I think. Still no change.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
You say Anonymous Access is enabled - is that on just the Default Web Site, or on the Exchange VDir, too?  Exchange should have only Basic and Integrated enabled.  Digest Auth messes things up, and Anonymous is definitely not correct.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
The Default site has these permissions:
* Anonymous, using the IUSR_SERVERNAME account and password
* Integrated Windows auth
* Digest auth for Windows domain servers

Exchange has these permissions:
* Integrated Windows auth
* Basic auth
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
Can you access the Default Web Site on the server, by going to http://servername ?  You should see an 'Under Construction' page, unless you replaced it with something else.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
The Default site says "The page must be viewed over a secure channel". When I try to use https, the response is "Internet Explorer cannot display the webpage"
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
That sounds like a suspect SSL certificate. Is the SSL certificate a home grown certificate or a purchased one?

Simon.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
Ok, I checked and although the cert was gone, I had forgotten to remove the SSL requirement for the Default Site. I can now browse to the default site, but still not to http://servername/exchange. I get a 404 error.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
Do you have Forms-based Authentication enabled?  If so, and you haven't set the 'Active Server Pages' Web Services Extension to 'Allowed', then this produces a confusing '404 - Not Found' error.

Also, if you  don't have an SMTP email address (check your ADUC record) in the primary SMTP Domain listed in you Default Recipient Policy (check ESM), then you will also get the same error.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
Ok, please excuse my extreme ignorance on this - my background's in networking, not web - but where do I check for Forms-base auth, etc? I just looked through all the tabs, and couldn't find that.

As for the SMTP email address, I want to make sure we talking about the same things here. My default recipient policy has an SMTP address associated - it's just "@<mydomain>.com" - is that what you're talking about?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
You can check FBA in Exchange System Manager.  Go to Servers/<server>/Protocols/HTTP and look at the properties of the Default HTTP Virtual Server.  Is the Forms-Based Auth checkbox enabled?

If you have @yourdomain.com as the Primary SMTP domain in your Recipient Policy, then your users must have SMTP addresses in that domain (i.e. user@yourdomain.com), otherwise OWA will not work for them.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
Thanks - I knew I'd seen the FBA setting somewhere before. It isn't checked, although it probably should be... but let's jump off one bridge at a time.

As for the SMTP settings, that's fine. Addresses ARE within the primary domain.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
No need to select FBA, unless you want to.  It's just an option.

Can you try using OWA again, wait a few minutes, and then open the server's current IIS log file in Notepad.  Let us know what is logged when the attempt is made.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-12-21 18:39:47
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 64
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 0
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 64
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 0
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
Is there no entry that contains
GET /exchange - 80 - 192.168.28.21
?
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
Nothing says GET /exchange
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
Comment Utility
Sorry for the delay, but I'm totally baffled by all this.  You can get to the Default Web Site okay, and you can even see the Exchange VDir under the DWS in IIS Manager.  But if you try to go to http://server/exchange nothing is even logged in the IIS log?

Does the Public Folders VDir work okay if you go to http://server/public ?
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
It's okay - I appreciate the help you're providing, even if it does take a little bit of time.

Going to http://server/public does not work. The webpage cannot be found. OMA and ActiveSync don't work either.

I'm thinking this is a Basics-issue, meaning something is fundamentally wrong with the installation. But I don't know what, and I'd really rather not do anything quite as drastic as uninstall and reinstall Exchange on the server. It does work for Outlook clients.

I'm also pretty baffled here - but that's not saying much.
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
I just checked some things again, and did notice something that I didn't seem to mention here: At some point, browsing to the DWS started working again. Something we did fixed that part. It doesn't go to Under Construction, but rather to the SharePoint Home Team Site - so yes, that does mean that SharePoint is installed as well. I still can't browse the Exchange site or pretty much anything else under the DWS.
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
Comment Utility
There are issues with OWA/Sharepoint coexistence.  Look for Exchange Server 2003 here:
http://office.microsoft.com/en-us/help/HA011607771033.aspx
0
 
LVL 8

Author Comment

by:d0ughb0y
Comment Utility
ARGH!!! *That* would have been nice to know before I installed SharePoint! That was it, Lee. Now I've got to reconfigure the certificate, etc. but that's fine. Thanks for all your help!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now