OMA on SBS2003 working alongside OWA

Hi All,
I'm trying to get my head round getting OMA up and running. I've already looked at and the VDir seems to be setup already, as per the KB.
I've currently got the original 'companyweb' Sharepoint, WSS3, and OWA running. OWA uses SSL and FBA with no problems. This is accessed externally by
In IIS, there is a redirect on the Default Website to "/Exchange"
Under the 'Multiple Identities for this website' it's set to:
 "(all unassigned)", TCP 80, blank host header
 "(all unassigned)", TCP 80,
And at the bottom it says "(all unassigned)", 443

On a website called "IntranetWSS3", there's the following:
Under the 'Multiple Identities for this website' it's set to:
 "(all unassigned)", TCP 80, 'intranet'

exchange-oma is set to 'integrated windows' and 'basic authentication', default domain set to '\'.

When trying to access OMA externally via "", I get, "HTTP Error 403, You are not authorised to view this page".

Any ideas, experts?


I can access OMA with no problems on the internal network. Both http://servername/oma and https://servername/oma work fine.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I struggled with these issues until I finally obtained a third party SSL cert (GoDaddy, Thawte, Verisign, etc.) for the site. If you are using ISA with SBS, all the necessary ISA rules get created automatically if you do the cert request from IIS Manager but do the import of the completed cert via ISA.
jonnyITAuthor Commented:
Not using ISA as it's just plain ole SBS2003 Standard (not premium). The OMA side of things is set to not requires SSL and I don't think it likes to use it anyway.
I don't think my the problems are with certs, although I am using a self-signed one.
if in doubt, i suggest you first run the internet connection wizard to confirm permissions and certs etc are all setup ok. SBS is pretty self managing for owa/oma and needs no customisation of directories, structure, permissions etc  (if you do, youll most likely break it) i have forund in the past that this wizard has fixed issues generated by changing settings.

if you can stop and start the default site and it does so sucessfully it means there is no conflict with the ports & header information specifiedwith any other website. If there is no conflict then as you are using "all unassigned" port 80, with a blank host header it should be working.

i would try the same stop and start after setting the "unassigned" ip to your servers ip, as natp'd by the router, then stop and start. this will confirm that no other service or site is incorrectly using the port/host header combo. but i suspect it is fine as you say owa is working fine.

try the connection wizard first.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Angular Fundamentals

Learn the fundamentals of Angular 2, a JavaScript framework for developing dynamic single page applications.

jonnyITAuthor Commented:
ok cheers for the advice. I'll give it a go tomorrow.

I remember the wizard messed up the redirects to the exchange directory for owa when I last ran it. That's why I leave it as a last resort rather than the first thing to try. I need more confidence in the wizards!
i havent had any problem generated from running the wizard, and have often used as a "check" to make sure all is setup correctly. especially owa/oma/ companyweb access controls page & the certificate.

please post if it does cause any issue at all.
jonnyITAuthor Commented:
Just a check, but would you normally wait for all users to be logged off, before running CEICW?
jonnyITAuthor Commented:
Just ran CEICW and there was indeed an option in there for allowing access to OMA from web! All working nicely now.

Enabled that and everything's fine. Nothing else was messed up either, so cheers for your help!

jonnyITAuthor Commented:
Just a note:

It DID mess something up, although it was easy to fix. I had a call from one of our remote workers as soon as I had run the wizard, saying Outlook was asking him for a username and password and wouldn't accept anything. He connected via RPC over HTTP.

Turns out that in the Rpc directory on IIS, the "Integrated Windows Authentication" box had become unticked. A quick tick and we were away.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.