Solved

I can't get a New install of Exchange 2007 to browse to OWA site.

Posted on 2008-10-15
29
509 Views
Last Modified: 2012-08-13
Server 2003 - 64bit / New installl
Exchange 2007 Standard - Fresh Install
Exchange 2007 SP1 - Installed immediately before any config.

I can not browse to the OWA site.  I tried HTTP, it said i needed https to access.  Which is good, that means IIS recognized what i wanted...i think.  So i try https from the excahnge server Or any other internal computer and it won't browse.  It just says it cannot display the page.

I have done nothign to exchange except to enable outlook anywhere & setup the domain its going to receive email from.  This is my 3rd Exchange 2007 server setup and this is the first time i've seen this problem.  

thanks in advance.
0
Comment
Question by:KentuckyDataService
  • 16
  • 12
29 Comments
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
If you look at the IIS logs what is the status/substatus of the request?
0
 
LVL 2

Expert Comment

by:Shecky919
Comment Utility
IS there a firewall running on the server and does it have the right ports open in it. If it does have windows firewall on it, I would start by turning Windows Firewall off and seeing if that corrects the issue. Then you can decide whether to just put exceptions in the Windows firewall software or just keep it disabled at the service level.
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
I will look at the logs now..NO firewall service running.  Service disabled before i started.  Exchange server on a .local domain.
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
here are the last 2 time stamps from the log file:

#Date: 2008-10-15 20:43:28
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2008-10-15 20:43:28 W3SVC1 172.16.1.2 GET /exchweb - 80 - 172.16.1.2 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+WOW64;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30) 403 4 5
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2008-10-15 20:47:27
#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2008-10-15 20:47:27 W3SVC1 172.16.1.2 GET /owa/default.aspx - 80 - 172.16.1.2 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+WOW64;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30) 403 4 5
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
403.5 means 128bit SSL is required but your browser doesnt support it:
http://support.microsoft.com/kb/318380

Either change the setting so that 128bit is not required or figure out why your browser is not supporting it.

Erik
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
Browser from both the EX server & Another system both have allow all for SSL & TLS..which is what was suggested as a repair.   Where can you change the required encryption level?  not that i want too, cause 128 is not too strong, but it wouldn't hurt for a temp solution in testing.
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
On the virtual directory in IIS, Directory Security, Secure Communications, Edit.

However it may be best to fix your other issue, whatever it may be, so that you can return your browser to default and use 128bit.

Erik
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
So, i disabled 128 bit, tried connecting & still no dice.  IIS still returns same error in log file.  any other ideas?

In your opinon, would this be an exchange or IIS issue?  
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
Update:

Ok, so those logs from the IIS are showing where i try with HTTP, not the HTTPS.  Its not loggint the HTTPS attempts..at least as far as i can tell.  The time stamps don't show it loggin that.
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
Odd that IIS would still give you a 403.5 if you're not requiring 128bit encryption.  You sure you're hitting the right virtual directory (i.e. make the change on \owa and try to hit \owa)?

Where IIS issues end and Exchange issues start can be tough to define.  May be worth deleting and recreating the OWA virtual directory:
Remove-OwaVirtualDirectory
New-OwaVirtualDirectory

Erik
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
Or you could go with the shotgun approach (exercise caution before you just cut and paste):

Get-OwaVirtualDirectory | Remove-OwaVirtualDirectory
Get-ActiveSyncVirtualDirectory | Remove-ActiveSyncVirtualDirectory
Get-AutodiscoverVirtualDirectory | Remove-AutodiscoverVirtualDirectory

New-OWAVirtualDirectory -OwaVersion:Exchange2007 -Name "owa" -WebSite "Default Web Site"

If you are also supporting Exchange 2003 mailboxes, then you need to run these additional commands:

New-OwaVirtualDirectory -OwaVersion:"Exchange2003or2000" -Name "Exchange" -WebSite "Default Web Site" -VirtualDirectoryType:Mailboxes
New-OwaVirtualDirectory -OwaVersion:"Exchange2003or2000" -Name "Public" -WebSite "Default Web Site" -VirtualDirectoryType:PublicFolders
New-OwaVirtualDirectory -OwaVersion:"Exchange2003or2000" -Name "Exadmin" -WebSite "Default Web Site" -VirtualDirectoryType:Exadmin
New-OwaVirtualDirectory -OwaVersion:"Exchange2003or2000" -Name "Exchweb" -WebSite "Default Web Site" -VirtualDirectoryType:Exchweb

For ActiveSync, run the following command:

New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site"

For Autodiscover:

New-AutodiscoverVirtualDirectory -Websitename "Default Web Site" -BasicAuthentication:$true -WindowsAuthentication:$true
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
Holdup, I didnt see your last post or notice that the logs posted above were port 80.

Are you saying you see no entries in the IIS logs when you try and hit via port 443?

Check for firewall, confirm IIS is using port 443 for SSL.
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
LOL...i'm a hunting kinda a guy..i will post back after recreation of the VD  (lol  vd)  =)
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
IIS is set to use 443 for SSL.  No, there are no log entries for port 443...just the GET /owa - 80
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
sounds like IIS is not getting the requests on port 443 then, which is usually a firewall

you could run a netstat -a just to confirm it's listening on 443; you could also do some packet captures (i.e. netmon) to confirm the TCP 443 requests are actually making it to the server.

Erik
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
it says https is listening
microsoft firewall service is off and disabled & HTTP SSL service is started

I also am trying to run the OWA connection from an IE window on the exchange server itself, so it shouldn't be going anywhere!!  

Should i try to still recreate directories? or do you think that still could fix the problem.
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
No, I would not recreate the directories.  If IIS is not receiving the requests (which would seem to be the case) the directories could be non-existent and it wouldn't matter.

Tried running a packet capture?  There are plenty of other things that can stop the traffic other then the Windows firewall (i.e. AV).
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
I will try the packet capture...thats the weird thing, i dont' have anything on this server yet.  NO A/V, nothing.  Fresh install of OS and exchange 2 days ago, and only did windows updates, no other software.  Will try packet capture and post back.
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
Windows TCP/IP filtering?  Yeah I know it's a long shot, just trying to come up with a reasonable explanation.
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
oh something else to try, telnet to the box on 443 from another machine; see if you get anything
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
Ok, ran netmon while trying to connect to EX1.  The telnet made a connection on port 443; well, it wasn't denied.

output from netmon:

391      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=.S......, SrcPort=2973, DstPort=HTTPS(443), Len=0, Seq=982229209, Ack=0, Win=65535 (scale factor not found)
392      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=.S..A..., SrcPort=HTTPS(443), DstPort=2973, Len=0, Seq=3795097667, Ack=982229210, Win=16384 (scale factor not found)
393      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=....A..., SrcPort=2973, DstPort=HTTPS(443), Len=0, Seq=982229210, Ack=3795097668, Win=65535 (scale factor not found)
394      19.796875            dc1.donahuelg.local      172.16.1.2      SSL      SSL
395      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=F...A..., SrcPort=HTTPS(443), DstPort=2973, Len=0, Seq=3795097668, Ack=982229288, Win=65457 (scale factor not found)
396      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=....A..., SrcPort=2973, DstPort=HTTPS(443), Len=0, Seq=982229288, Ack=3795097669, Win=65535 (scale factor not found)
397      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=F...A..., SrcPort=2973, DstPort=HTTPS(443), Len=0, Seq=982229288, Ack=3795097669, Win=65535 (scale factor not found)
398      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=....A..., SrcPort=HTTPS(443), DstPort=2973, Len=0, Seq=3795097669, Ack=982229289, Win=65457 (scale factor not found)
399      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=.S......, SrcPort=2974, DstPort=HTTPS(443), Len=0, Seq=707625679, Ack=0, Win=65535 (scale factor not found)
400      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=.S..A..., SrcPort=HTTPS(443), DstPort=2974, Len=0, Seq=3597522223, Ack=707625680, Win=16384 (scale factor not found)
401      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=....A..., SrcPort=2974, DstPort=HTTPS(443), Len=0, Seq=707625680, Ack=3597522224, Win=65535 (scale factor not found)
402      19.796875            dc1.donahuelg.local      172.16.1.2      SSL      SSL
403      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=F...A..., SrcPort=HTTPS(443), DstPort=2974, Len=0, Seq=3597522224, Ack=707625758, Win=65457 (scale factor not found)
404      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=....A..., SrcPort=2974, DstPort=HTTPS(443), Len=0, Seq=707625758, Ack=3597522225, Win=65535 (scale factor not found)
405      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=F...A..., SrcPort=2974, DstPort=HTTPS(443), Len=0, Seq=707625758, Ack=3597522225, Win=65535 (scale factor not found)
406      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=....A..., SrcPort=HTTPS(443), DstPort=2974, Len=0, Seq=3597522225, Ack=707625759, Win=65457 (scale factor not found)
407      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=.S......, SrcPort=2975, DstPort=HTTPS(443), Len=0, Seq=3204919208, Ack=0, Win=65535 (scale factor not found)
408      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=.S..A..., SrcPort=HTTPS(443), DstPort=2975, Len=0, Seq=2557646069, Ack=3204919209, Win=16384 (scale factor not found)
409      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=....A..., SrcPort=2975, DstPort=HTTPS(443), Len=0, Seq=3204919209, Ack=2557646070, Win=65535 (scale factor not found)
410      19.796875            dc1.donahuelg.local      172.16.1.2      SSL      SSL
411      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=F...A..., SrcPort=HTTPS(443), DstPort=2975, Len=0, Seq=2557646070, Ack=3204919254, Win=65490 (scale factor not found)
412      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=....A..., SrcPort=2975, DstPort=HTTPS(443), Len=0, Seq=3204919254, Ack=2557646071, Win=65535 (scale factor not found)
413      19.796875            dc1.donahuelg.local      172.16.1.2      TCP      TCP: Flags=F...A..., SrcPort=2975, DstPort=HTTPS(443), Len=0, Seq=3204919254, Ack=2557646071, Win=65535 (scale factor not found)
414      19.796875            172.16.1.2      dc1.donahuelg.local      TCP      TCP: Flags=....A..., SrcPort=HTTPS(443), DstPort=2975, Len=0, Seq=2557646071, Ack=3204919255, Win=65490 (scale factor not found)
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
I ran test-outlookwebservices from the shell, and it spit out errors:

Error When Contacting https:...
Error when Contacting https:.....
Error The Autodiscover servi.....

How do i get it to show the rest of what is trying to tell me!!!

(i really loved 2003 exchange!! ...oh well)
0
 
LVL 6

Expert Comment

by:spyordie007
Comment Utility
test-outlookwebservices | fl
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
output :

Id      : 1003
Type    : Information
Message : About to test AutoDiscover with the e-mail address XXX@xxx.com

Id      : 1007
Type    : Information
Message : Testing server ex1.DONAHUELG.LOCAL with the published name https://ex
          1.xxxx.local/EWS/Exchange.asmx & .

Id      : 1019
Type    : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover
           URL on this object is https://ex1.XXX.LOCAL/Autodiscover/Autod
          iscover.xml.

Id      : 1013
Type    : Error
Message : When contacting https://ex1.XXXX.LOCAL/Autodiscover/Autodiscover
          .xml received the error The underlying connection was closed: An unex
          pected error occurred on a send.

Id      : 1013
Type    : Error
Message : When contacting https://ex1.XXXXX.LOCAL/Autodiscover/Autodiscover
          .xml received the error Authentication failed because the remote part
          y has closed the transport stream.

Id      : 1006
Type    : Error
Message : The Autodiscover service could not be contacted
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
[PS] C:\Documents and Settings\XXXXX>test-owaconnectivity
WARNING: Test user 'CAS_1bccbccd4ed746e1' cannot be accessed. Therefore, this
cmdlet will be unable to test Mailbox server 'ex1.XXXX.LOCAL'.
Test-OwaConnectivity : Could not find or log on with user XXXXX.LOCAL\CAS_1
bccbccd4ed746e1. If this task is being run without credentials, log on as a Dom
ain Administrator, and then run the new-TestCasConnectivityUser.ps1 to verify t
hat the user exists on Mailbox server ex1.XXXXX.LOCAL
At line:1 char:21
+ test-owaconnectivity  <<<< | fl
WARNING: No Client Access servers were tested.

*******************************************
Also this

[PS] C:\Documents and Settings\XXXX>Test-OwaConnectivity -URL:https://e
x1/owa -MailboxCredential:(get-credential XXXX\XXXXX)
WARNING: The test was unable to establish a connection to Outlook Web Access.

WARNING: column "Error" does not fit into the display and was removed.

ClientAccessServer MailboxServer URL                     Scenario Result  Laten
                                                                          cy (m
                                                                          s)
------------------ ------------- ---                     -------- ------  -----
                                 https://ex1/owa/        Logon    Failure -1


0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
LOL...i hate this creek i'm up right now!!
0
 
LVL 6

Accepted Solution

by:
spyordie007 earned 250 total points
Comment Utility
You could always uninstall CAS, uninstall IIS, reinstall IIS, reinstall CAS...
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
Well, its not like we'd be loosing any data.  It's not and active EX server yet.  I will try it and repost.  Will probably be tomorrow.  I have been on this all day.   Thanks for your help so far!!
0
 
LVL 1

Author Comment

by:KentuckyDataService
Comment Utility
Well, i think that removing it and resinstalling it is going to work...Thanks for the help  I will repost if it doesn't.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now