Avatar of Ultramarathonman
UltramarathonmanFlag for United States of America asked on

OWA and iPhone not working on Exchange 2007

I just completed my transition to Exchange 2007 this morning and decommissioned Exchange 2003.  Everything seems to be working fine except I can't get iPhone users to connect and OWA doesn't work.  They both worked on Exchange 2003.
Exchange

Avatar of undefined
Last Comment
Ultramarathonman

8/22/2022 - Mon
Mestha

The fact that both worked on Exchange 2003 is of non-consequence at all. Exchange 2007 is a very different beast.
However you have provided very little information to work with. No indication in what way they don't work, whether it works internally, whether it has worked at all.
You need to provide more information on the configuration and what is actually happening.

-M
ASKER
Ultramarathonman

Here are some additional details.  From an outside computer trying to reach http://mail.domainname.com/exchange I get 403-Forbidden: Access is denied. I am never prompted for credentials.  Same thing when I try http://mail.domainname.com/owa.  Same thing when I try https with both owa and exchange

Internally I try 172.25.X.X/exchange and I get the same 403 error.  If I use https I get "There is a problem with this websites security certificate". If I click continue to this website (not recommended) I am prompted for credentials.  When I put in my credentials it takes me back to the certificate error.  If I again choose continue I get a 404-File or directory not found with the certificate error still showning on the status bar.

I do not have a certificate server or one purchased from any authority.  I hope you have enough information here to start with.  Thanks.

Mestha

You need to change the certificate to start with.
The self generated certificate that is supplied with Exchange is not supported for Exchange ActiveSync, which is how the iPhone will connect.
My blog posting here goes in to what is required to change the certificate.
http://www.sembee.co.uk/archive/2008/05/30/78.aspx

The access denied would tend to indicate that restrictions are on the IIS server in some way, or you are pointing the firewall at the wrong server. Check both of those.

You did install the CAS role on the server? In IIS manager you can see the Exchange virtual directories?

-M
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
LeeDerbyshire

Do you have an ISA server?  The external 403 could come from there.  It would help if you could find the relevant IIS log entries - in IIS there are 20 subcodes (i.e. different reasons) for 403.
ASKER
Ultramarathonman

I do not have an ISA server.  I use a Sonicwall firewall.
LeeDerbyshire

Okay.  Can you find the IIS log entries (from your OWA server) generated when you try to use OWA?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Ultramarathonman

Where are those log entries?  I don't find anything related with a time stamp of when I attempt to make the connection.
LeeDerbyshire

Usually in C:\Windows\System32\LogFiles\W3SVC1 .  Note that the times are in GMT.
ASKER
Ultramarathonman

Oh, this is on Windows Server 2008 by the way.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
LeeDerbyshire

I think you'll find them in C:\Inetpub\logs\logfiles .
ASKER
Ultramarathonman

I don't see anything in the files related
LeeDerbyshire

Can you see lines containing GET and /owa ?  If not, look at the properties of the Default Web Site, and make sure that logging is enabled.  Then look at the properties of owa, and make sure that Log Visits is checked.  Note that the times in these files are in GMT.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Ultramarathonman

I this is what you want.  See attachment

log.txt
LeeDerbyshire

Those log file entries show a 403.4 response, which just means that SSL is required, and you should be using https:// .  No mystery there.  Can you see any entries where the port number is 443 (i.e. https), not 80.  If not, then maybe your Default Web Site is not actually configured to listen on port 443?
ASKER
Ultramarathonman

I do see that owa is set to both 80 and 443  From the server, if I click on the 443 application for owa it tries to open it locally.  I have added the errors that I get from that to the attached log plus the 443 errors from the log file.
log.txt
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
LeeDerbyshire

When you try to open the FBA logon page, you are getting a 404.3 error, which makes me think that the server is not configured to handle ASP.Net (the FBA logon page is an .aspx page).  You can either turn FBA off for a quick fix, or make sure that the ASP.Net extension is set to Allowed in IIS.
ASKER
Ultramarathonman

Turning off FBA didn't fix it.  Another bit of info.  When I first tried to get this working, it told me ASP.net wasn't installed on the server.  I added ASP.net and it's accompanying components.  Maybe I need to start from scratch.  Would that be easier?  Not the server but just OWA and iPhone support.  What would be the best way to accomplish that?
ASKER CERTIFIED SOLUTION
LeeDerbyshire

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Ultramarathonman

I have attached a screenshot of the get-owavirtualdirectory output.  It references 2000/2003 stuff which doesn't exist anymore.  Could that be the problem?  OWA does say 2007 though.
getowa.doc
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
LeeDerbyshire

The 2000/2003 VDirs are normal.  They are there for legacy applications.
ASKER
Ultramarathonman

Ok, so I will just try the remove and then new?
LeeDerbyshire

Yes, it might help.  Read the get-help carefully - some parameters require a colon, while others don't.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
Ultramarathonman

Ok, I did that successfully.  When I (internally) go to servername.domainname/owa I get a 4.03 Forbidden.  Access is denied.  I am not prompted for credentials.
LeeDerbyshire

Are you using https:// in your URL?
ASKER
Ultramarathonman

Ok, making progress.  It works internally using HTTPS://.  Externally, using HTTPS:// I am not prompted for a password and I just get a cannot connect to the website error message
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
LeeDerbyshire

Have another look at your IIS log file, and see if the external https requests are reaching the server.
ASKER
Ultramarathonman

Ok, once I cleared the cache on the external machine and tried it again, it is prompting me and working now externally using HTTPS://  It is also still working inside.  I will try an iPhone now.  Not sure if they are related at all but maybe something we did will have it working now as well.
ASKER
Ultramarathonman

iPhones are working too.  Thanks for the help.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy