IntoFOS
asked on
Unable to connect to OWA from Mailbox server
Hi all,
My problem is that, from the console of a Mailbox Server role Exchange 2007 server, I cannot access the OWA log-in authentication screen.
It says "IE cannot display the webpage....."
Now I can successfully connect to OWA from all other machines in my domain except for the mailbox server roles.
My set up is:
2 Hub Transport/CAS servers configured with NLB
2 Mailbox Servers configured with CCR
I think the answer is something simple but could anyone point me in the right direction?
OWA is working fine both internally and externally but it is an inconvenience that it won´t work on the 2 mailbox servers.
I also had this problem on another computer but, after running a dnsflush, it connected fine.
This didn´t work however on the mailbox servers.
Any ideas anyone?
Cheers
My problem is that, from the console of a Mailbox Server role Exchange 2007 server, I cannot access the OWA log-in authentication screen.
It says "IE cannot display the webpage....."
Now I can successfully connect to OWA from all other machines in my domain except for the mailbox server roles.
My set up is:
2 Hub Transport/CAS servers configured with NLB
2 Mailbox Servers configured with CCR
I think the answer is something simple but could anyone point me in the right direction?
OWA is working fine both internally and externally but it is an inconvenience that it won´t work on the 2 mailbox servers.
I also had this problem on another computer but, after running a dnsflush, it connected fine.
This didn´t work however on the mailbox servers.
Any ideas anyone?
Cheers
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, I have a bit more information now...
I cannot connect using https://owa.domain.com/owa
but I can connect using https://frontexchserv.doma
where frontexchserv is either of the 2 CAS servers hostnames.
In DNS there is a host record for owa (which points to the IP add of the NLB cluster) and also for both frontexchserv´s
Any ideas?
ASKER
Hi, sorry for the late reply.
These are the results for the AuthDiag utility run against the owa.domain.com (owa.domain.com is the domain name I am using for OWA externally and internally)
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/asp net_client
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Autodisc over
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/Autodisc over
AuthType:NTLM
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/Autodisc over/bin
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/Autodisc over/help
Test Authentication
Path:W3SVC/1/ROOT/EWS
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/EWS
AuthType:NTLM
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/EWS/bin
Test Authentication
Path:W3SVC/1/ROOT/Exchange
AuthType:Basic
UNCPassword
An invalid value for UNCUserName or UNCPassword is causing login to fail.Path:W3SVC/1/ROOT/Exc hange
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Exchweb
AuthType:Basic
UNCPassword
An invalid value for UNCUserName or UNCPassword is causing login to fail.Path:W3SVC/1/ROOT/Exc hweb
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Microsof t-Server-A ctiveSync
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/OAB
AuthType:NTLM
Test Authentication
Path:W3SVC/1/ROOT/owa
AuthType:Basic
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa /8.0.813.0
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa /8.1.240.5
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa /8.1.291.1
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa /auth
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa /bin
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Public
AuthType:Basic
UNCPassword
An invalid value for UNCUserName or UNCPassword is causing login to fail.Path:W3SVC/1/ROOT/Pub lic
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Rpc
AuthType:Basic
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/RpcWithC ert
Test Authentication
Path:W3SVC/1/ROOT/UnifiedM essaging
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/UnifiedM essaging
AuthType:NTLM
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/UnifiedM essaging/b in
Diagnostics complete
and these are the results for the test-outlookwebservices command
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address postmaster@domain.com.
Id : 1007
Type : Information
Message : Testing server exchfe01.domain.com with the published name https://exchfe01.domain.com/EWS/Exchange.ascom & https://owa.domain.com/EWS/Exchange.ascom.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://exchfe01.domain.com/Autodiscover/Autodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://exchfe01.domain.com/Autodiscover/Autodiscover.xml.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://exchfe01.domain.com/EWS/Exchange.ascom. The elapsed time was 15 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://exchfe01.domain.com/EWS/Exchange.ascom. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://exchfe01.domain.com/UnifiedMessaging/Service.ascom. The elapsed time was 15 milliseconds.
Id : 1013
Type : Error
Message : When contacting https://owa.domain.com/EWS/Exchange.ascom received the error The request failed with HTTP status 401: Unauthorized.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at https://owa.domain.com/EWS/Exchange.ascom. The elapsed time was 0 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://owa.domain.com/EWS/Exchange.ascom. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXPR]-Successfully contacted the UM service at https://owa.domain.com/UnifiedMessaging/Service.ascom. The elapsed time was 0 milliseconds.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://owa.domain.com/Rpc. The elapsed time was 0 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
Id : 1021
Type : Information
Message : The following web services generated errors.
As in EXPR
Please use the prior output to diagnose and correct the errors.
As it stands:
external users:
can access owa using https://owa.domain.com/owa
all internal users in other sites than the main site:
can access owa using the above plus both https://exchfe01.domain.co m/owa and https://exchfe02.domain.co m/owa
some internal users: in the main site can access owa using the latter 2 URLs above but not https://owa.domain.com/owa
I am logging on with the same account to each computer to try which is a domain admin account with full exch permissions
Does this mean anything to anyone as I am confused?
Thanks in advance
These are the results for the AuthDiag utility run against the owa.domain.com (owa.domain.com is the domain name I am using for OWA externally and internally)
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/asp
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Autodisc
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/Autodisc
AuthType:NTLM
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/Autodisc
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/Autodisc
Test Authentication
Path:W3SVC/1/ROOT/EWS
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/EWS
AuthType:NTLM
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/EWS/bin
Test Authentication
Path:W3SVC/1/ROOT/Exchange
AuthType:Basic
UNCPassword
An invalid value for UNCUserName or UNCPassword is causing login to fail.Path:W3SVC/1/ROOT/Exc
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Exchweb
AuthType:Basic
UNCPassword
An invalid value for UNCUserName or UNCPassword is causing login to fail.Path:W3SVC/1/ROOT/Exc
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Microsof
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/OAB
AuthType:NTLM
Test Authentication
Path:W3SVC/1/ROOT/owa
AuthType:Basic
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa
AuthType:Anonymous
Server's response: HTTP/1.1 403 Forbidden
Learn about IIS status codesPath:W3SVC/1/ROOT/owa
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Public
AuthType:Basic
UNCPassword
An invalid value for UNCUserName or UNCPassword is causing login to fail.Path:W3SVC/1/ROOT/Pub
AuthType:Anonymous
Test Authentication
Path:W3SVC/1/ROOT/Rpc
AuthType:Basic
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/RpcWithC
Test Authentication
Path:W3SVC/1/ROOT/UnifiedM
AuthType:Basic
Test Authentication
Path:W3SVC/1/ROOT/UnifiedM
AuthType:NTLM
No authentication types are currently configured for IIS. Ensure that your Web site is configured correctly. Path:W3SVC/1/ROOT/UnifiedM
Diagnostics complete
and these are the results for the test-outlookwebservices command
Id : 1003
Type : Information
Message : About to test AutoDiscover with the e-mail address postmaster@domain.com.
Id : 1007
Type : Information
Message : Testing server exchfe01.domain.com with the published name https://exchfe01.domain.com/EWS/Exchange.ascom & https://owa.domain.com/EWS/Exchange.ascom.
Id : 1019
Type : Information
Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://exchfe01.domain.com/Autodiscover/Autodiscover.xml.
Id : 1006
Type : Information
Message : The Autodiscover service was contacted at https://exchfe01.domain.com/Autodiscover/Autodiscover.xml.
Id : 1016
Type : Success
Message : [EXCH]-Successfully contacted the AS service at https://exchfe01.domain.com/EWS/Exchange.ascom. The elapsed time was 15 milliseconds.
Id : 1015
Type : Success
Message : [EXCH]-Successfully contacted the OAB service at https://exchfe01.domain.com/EWS/Exchange.ascom. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXCH]-Successfully contacted the UM service at https://exchfe01.domain.com/UnifiedMessaging/Service.ascom. The elapsed time was 15 milliseconds.
Id : 1013
Type : Error
Message : When contacting https://owa.domain.com/EWS/Exchange.ascom received the error The request failed with HTTP status 401: Unauthorized.
Id : 1016
Type : Error
Message : [EXPR]-Error when contacting the AS service at https://owa.domain.com/EWS/Exchange.ascom. The elapsed time was 0 milliseconds.
Id : 1015
Type : Success
Message : [EXPR]-Successfully contacted the OAB service at https://owa.domain.com/EWS/Exchange.ascom. The elapsed time was 0 milliseconds.
Id : 1014
Type : Success
Message : [EXPR]-Successfully contacted the UM service at https://owa.domain.com/UnifiedMessaging/Service.ascom. The elapsed time was 0 milliseconds.
Id : 1017
Type : Success
Message : [EXPR]-Successfully contacted the RPC/HTTP service at https://owa.domain.com/Rpc. The elapsed time was 0 milliseconds.
Id : 1006
Type : Success
Message : The Autodiscover service was tested successfully.
Id : 1021
Type : Information
Message : The following web services generated errors.
As in EXPR
Please use the prior output to diagnose and correct the errors.
As it stands:
external users:
can access owa using https://owa.domain.com/owa
all internal users in other sites than the main site:
can access owa using the above plus both https://exchfe01.domain.co
some internal users: in the main site can access owa using the latter 2 URLs above but not https://owa.domain.com/owa
I am logging on with the same account to each computer to try which is a domain admin account with full exch permissions
Does this mean anything to anyone as I am confused?
Thanks in advance
ASKER
I have fixed the problem.
After a lot of testing I was sure the problem was related to the NLB cluster, so I trashed the existing cluster, reconfigured a new one and now everything is working like a charm.
I will award 250 points to Exchange_Geek for the effort.
Thank you again.
Cheers
After a lot of testing I was sure the problem was related to the NLB cluster, so I trashed the existing cluster, reconfigured a new one and now everything is working like a charm.
I will award 250 points to Exchange_Geek for the effort.
Thank you again.
Cheers
ASKER
Thanks Exchange_Geek.
ASKER
Thanks for the response.
I double-checked and the following is the answer to your queries
IE is at v7.0 on all machines
Firewall is disabled on both nodes
SSL is checked on both the Exchange and OWA virt dirs on the CAS servers but it was not enabled on the Exchange virt dir on the mailbox nodes. I enabled this on both nodes, reset IIS and tried again but to no avail.
Any other ideas?
Thanks