• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2325
  • Last Modified:

Configuring OWA on Exchange 2003

I've been searching all over for a good guide for setting up OWA on an Exchange 2003 server. Every place I look seems to indicate that it's on by default, but it doesn't seem to work for me. This is true, so far, at both my site and a clients' site. I get "The webpage cannot be found" on my system - probably because of all the mucking around I've done trying to get it to work. At my client's site. I get an authorization problem, if I recall correctly. Does anyone have a good list of what I should check to get this working? (And I haven't even addressed SSL yet!)
0
d0ughb0y
Asked:
d0ughb0y
  • 13
  • 10
  • 2
  • +1
1 Solution
 
2PiFLCommented:
Does this help:
Configurations for OWA to work with SSL
Install Exchange 2003 on the front-end server and configure as a front-end server.
Install the SSL certificate as instructed by Verisign
Open Internet Services Manager
Right-click the Default web site, and then click Properties.
Click the Directory Security tab.
Under Secure communications, click Edit.
Click to select the Require secure channel(SSL) check box.
Ignore client certificates should be selected
Return to the  Directory Security tab and click the Edit button under Authentication access control
Check Enable Anonymous access
Default domain and Realm should both be Dorner.com

Reference: Microsoft knowledge base article 3203291

Enabling Automatic Redirection of OWA HTTP requests to HTTPS
Obtain Microsoft knowledge base article 279681
Before following the article create a virtual directory under the Default web site as follows:
1.      Open Internet Services Manager
2.      Right-click the Default web site, and then click Properties.
3.      Select New>Virtual directory
4.      Set the Alias to OWAasp
5.      On the path screen click the Browse button
6.      Browse to C:\INETPUB\WWWROOT
7.      Click the Make New Folder button
8.      Name the folder OWAasp
9.      Click Next>Next>Finish
Follow the knowledge base article
Note: Make sure you do not miss the note that instructs you to not require SSL on the OWAasp folder.
Additional steps required for Exchange 2003.
1.      Bring up the Properties page for the OWAasp virtual directory
2.      On the Virtual Directory tab look for the Application pool drop-down selection box
3.      Select ExchangeApplicationPool  and click OK.


Simplifying the OWA URL
This will allow users to skip typing the /Exchange part of the URL
Using the Internet Services Manager open the properties for the Default Web Site.
Click the Home Directory tab, and then select A redirection to a URL.
In Redirect to, type /exchange, and then click A directory below this one.
0
 
SembeeCommented:
Before you do any of the above, which is not required for OWA operation, you need to get the core application to work.
It should work and be enabled out of the box. However if you have pulled changing settings then you should reset it.

Use this KB article to reset the virtual directories.
http://support.microsoft.com/default.aspx?kbid=883380
If you have an SSL certificate, require SSL or anything like that enabled, remove them.

Then you should be able to go to http://server/exchange and OWA should load.

Simon.
0
 
LeeDerbyshireCommented:
Start the IIS Manager on the server.  If you expand the Default Web Site, do you see a Virtual Directory named Exchange?  If so, what happens if you right-click it, and select 'Browse'?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
d0ughb0yAuthor Commented:
Sorry it took so long to respond. When I select the Exchange site from under the Default Web Site, and browse, it tells me that the webpage cannot be found.
0
 
LeeDerbyshireCommented:
That is clearly very strange.  Is the Default Web Site configured to use a port other than 80 for TCP requests?  Has it been configured to require SSL?
0
 
d0ughb0yAuthor Commented:
Nope. Using ports 80 and 443 for clear and SSL, respectively. Authentication is set to enable anon access as well as Integrated Windows auth and Digest auth. There is an SSL certificate installed, but the Require Secure Channel (SSL) is not checked. I suppose I could remove it, but I will want to put it back at some point.
0
 
d0ughb0yAuthor Commented:
FYI, I removed the certificate, and hence the requirement for SSL, I think. Still no change.
0
 
LeeDerbyshireCommented:
You say Anonymous Access is enabled - is that on just the Default Web Site, or on the Exchange VDir, too?  Exchange should have only Basic and Integrated enabled.  Digest Auth messes things up, and Anonymous is definitely not correct.
0
 
d0ughb0yAuthor Commented:
The Default site has these permissions:
* Anonymous, using the IUSR_SERVERNAME account and password
* Integrated Windows auth
* Digest auth for Windows domain servers

Exchange has these permissions:
* Integrated Windows auth
* Basic auth
0
 
LeeDerbyshireCommented:
Can you access the Default Web Site on the server, by going to http://servername ?  You should see an 'Under Construction' page, unless you replaced it with something else.
0
 
d0ughb0yAuthor Commented:
The Default site says "The page must be viewed over a secure channel". When I try to use https, the response is "Internet Explorer cannot display the webpage"
0
 
SembeeCommented:
That sounds like a suspect SSL certificate. Is the SSL certificate a home grown certificate or a purchased one?

Simon.
0
 
d0ughb0yAuthor Commented:
Ok, I checked and although the cert was gone, I had forgotten to remove the SSL requirement for the Default Site. I can now browse to the default site, but still not to http://servername/exchange. I get a 404 error.
0
 
LeeDerbyshireCommented:
Do you have Forms-based Authentication enabled?  If so, and you haven't set the 'Active Server Pages' Web Services Extension to 'Allowed', then this produces a confusing '404 - Not Found' error.

Also, if you  don't have an SMTP email address (check your ADUC record) in the primary SMTP Domain listed in you Default Recipient Policy (check ESM), then you will also get the same error.
0
 
d0ughb0yAuthor Commented:
Ok, please excuse my extreme ignorance on this - my background's in networking, not web - but where do I check for Forms-base auth, etc? I just looked through all the tabs, and couldn't find that.

As for the SMTP email address, I want to make sure we talking about the same things here. My default recipient policy has an SMTP address associated - it's just "@<mydomain>.com" - is that what you're talking about?
0
 
LeeDerbyshireCommented:
You can check FBA in Exchange System Manager.  Go to Servers/<server>/Protocols/HTTP and look at the properties of the Default HTTP Virtual Server.  Is the Forms-Based Auth checkbox enabled?

If you have @yourdomain.com as the Primary SMTP domain in your Recipient Policy, then your users must have SMTP addresses in that domain (i.e. user@yourdomain.com), otherwise OWA will not work for them.
0
 
d0ughb0yAuthor Commented:
Thanks - I knew I'd seen the FBA setting somewhere before. It isn't checked, although it probably should be... but let's jump off one bridge at a time.

As for the SMTP settings, that's fine. Addresses ARE within the primary domain.
0
 
LeeDerbyshireCommented:
No need to select FBA, unless you want to.  It's just an option.

Can you try using OWA again, wait a few minutes, and then open the server's current IIS log file in Notepad.  Let us know what is logged when the attempt is made.
0
 
d0ughb0yAuthor Commented:
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-12-21 18:39:47
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 64
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 0
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 64
2007-12-21 18:39:47 W3SVC1 192.168.28.21 GET /_vti_bin/owssvr.dll - 80 - 192.168.28.21 Microsoft-CryptoAPI/5.131.3790.3959 404 0 0
0
 
LeeDerbyshireCommented:
Is there no entry that contains
GET /exchange - 80 - 192.168.28.21
?
0
 
d0ughb0yAuthor Commented:
Nothing says GET /exchange
0
 
LeeDerbyshireCommented:
Sorry for the delay, but I'm totally baffled by all this.  You can get to the Default Web Site okay, and you can even see the Exchange VDir under the DWS in IIS Manager.  But if you try to go to http://server/exchange nothing is even logged in the IIS log?

Does the Public Folders VDir work okay if you go to http://server/public ?
0
 
d0ughb0yAuthor Commented:
It's okay - I appreciate the help you're providing, even if it does take a little bit of time.

Going to http://server/public does not work. The webpage cannot be found. OMA and ActiveSync don't work either.

I'm thinking this is a Basics-issue, meaning something is fundamentally wrong with the installation. But I don't know what, and I'd really rather not do anything quite as drastic as uninstall and reinstall Exchange on the server. It does work for Outlook clients.

I'm also pretty baffled here - but that's not saying much.
0
 
d0ughb0yAuthor Commented:
I just checked some things again, and did notice something that I didn't seem to mention here: At some point, browsing to the DWS started working again. Something we did fixed that part. It doesn't go to Under Construction, but rather to the SharePoint Home Team Site - so yes, that does mean that SharePoint is installed as well. I still can't browse the Exchange site or pretty much anything else under the DWS.
0
 
LeeDerbyshireCommented:
There are issues with OWA/Sharepoint coexistence.  Look for Exchange Server 2003 here:
http://office.microsoft.com/en-us/help/HA011607771033.aspx
0
 
d0ughb0yAuthor Commented:
ARGH!!! *That* would have been nice to know before I installed SharePoint! That was it, Lee. Now I've got to reconfigure the certificate, etc. but that's fine. Thanks for all your help!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 13
  • 10
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now