Avatar of Ultramarathonman
UltramarathonmanFlag for United States of America

asked on 

OWA and iPhone not working on Exchange 2007

I just completed my transition to Exchange 2007 this morning and decommissioned Exchange 2003.  Everything seems to be working fine except I can't get iPhone users to connect and OWA doesn't work.  They both worked on Exchange 2003.
Exchange

Avatar of undefined
Last Comment
Ultramarathonman
Avatar of Mestha
Mestha
Flag of United Kingdom of Great Britain and Northern Ireland image

The fact that both worked on Exchange 2003 is of non-consequence at all. Exchange 2007 is a very different beast.
However you have provided very little information to work with. No indication in what way they don't work, whether it works internally, whether it has worked at all.
You need to provide more information on the configuration and what is actually happening.

-M
Avatar of Ultramarathonman

ASKER

Here are some additional details.  From an outside computer trying to reach http://mail.domainname.com/exchange I get 403-Forbidden: Access is denied. I am never prompted for credentials.  Same thing when I try http://mail.domainname.com/owa.  Same thing when I try https with both owa and exchange

Internally I try 172.25.X.X/exchange and I get the same 403 error.  If I use https I get "There is a problem with this websites security certificate". If I click continue to this website (not recommended) I am prompted for credentials.  When I put in my credentials it takes me back to the certificate error.  If I again choose continue I get a 404-File or directory not found with the certificate error still showning on the status bar.

I do not have a certificate server or one purchased from any authority.  I hope you have enough information here to start with.  Thanks.

Avatar of Mestha
Mestha
Flag of United Kingdom of Great Britain and Northern Ireland image

You need to change the certificate to start with.
The self generated certificate that is supplied with Exchange is not supported for Exchange ActiveSync, which is how the iPhone will connect.
My blog posting here goes in to what is required to change the certificate.
http://www.sembee.co.uk/archive/2008/05/30/78.aspx

The access denied would tend to indicate that restrictions are on the IIS server in some way, or you are pointing the firewall at the wrong server. Check both of those.

You did install the CAS role on the server? In IIS manager you can see the Exchange virtual directories?

-M
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Do you have an ISA server?  The external 403 could come from there.  It would help if you could find the relevant IIS log entries - in IIS there are 20 subcodes (i.e. different reasons) for 403.
Avatar of Ultramarathonman

ASKER

I do not have an ISA server.  I use a Sonicwall firewall.
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Okay.  Can you find the IIS log entries (from your OWA server) generated when you try to use OWA?
Avatar of Ultramarathonman

ASKER

Where are those log entries?  I don't find anything related with a time stamp of when I attempt to make the connection.
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Usually in C:\Windows\System32\LogFiles\W3SVC1 .  Note that the times are in GMT.
Avatar of Ultramarathonman

ASKER

Oh, this is on Windows Server 2008 by the way.
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

I think you'll find them in C:\Inetpub\logs\logfiles .
Avatar of Ultramarathonman

ASKER

I don't see anything in the files related
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Can you see lines containing GET and /owa ?  If not, look at the properties of the Default Web Site, and make sure that logging is enabled.  Then look at the properties of owa, and make sure that Log Visits is checked.  Note that the times in these files are in GMT.
Avatar of Ultramarathonman

ASKER

I this is what you want.  See attachment

log.txt
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Those log file entries show a 403.4 response, which just means that SSL is required, and you should be using https:// .  No mystery there.  Can you see any entries where the port number is 443 (i.e. https), not 80.  If not, then maybe your Default Web Site is not actually configured to listen on port 443?
Avatar of Ultramarathonman

ASKER

I do see that owa is set to both 80 and 443  From the server, if I click on the 443 application for owa it tries to open it locally.  I have added the errors that I get from that to the attached log plus the 443 errors from the log file.
log.txt
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

When you try to open the FBA logon page, you are getting a 404.3 error, which makes me think that the server is not configured to handle ASP.Net (the FBA logon page is an .aspx page).  You can either turn FBA off for a quick fix, or make sure that the ASP.Net extension is set to Allowed in IIS.
Avatar of Ultramarathonman

ASKER

Turning off FBA didn't fix it.  Another bit of info.  When I first tried to get this working, it told me ASP.net wasn't installed on the server.  I added ASP.net and it's accompanying components.  Maybe I need to start from scratch.  Would that be easier?  Not the server but just OWA and iPhone support.  What would be the best way to accomplish that?
ASKER CERTIFIED SOLUTION
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Ultramarathonman

ASKER

I have attached a screenshot of the get-owavirtualdirectory output.  It references 2000/2003 stuff which doesn't exist anymore.  Could that be the problem?  OWA does say 2007 though.
getowa.doc
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

The 2000/2003 VDirs are normal.  They are there for legacy applications.
Avatar of Ultramarathonman

ASKER

Ok, so I will just try the remove and then new?
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Yes, it might help.  Read the get-help carefully - some parameters require a colon, while others don't.
Avatar of Ultramarathonman

ASKER

Ok, I did that successfully.  When I (internally) go to servername.domainname/owa I get a 4.03 Forbidden.  Access is denied.  I am not prompted for credentials.
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Are you using https:// in your URL?
Avatar of Ultramarathonman

ASKER

Ok, making progress.  It works internally using HTTPS://.  Externally, using HTTPS:// I am not prompted for a password and I just get a cannot connect to the website error message
Avatar of LeeDerbyshire
LeeDerbyshire
Flag of United Kingdom of Great Britain and Northern Ireland image

Have another look at your IIS log file, and see if the external https requests are reaching the server.
Avatar of Ultramarathonman

ASKER

Ok, once I cleared the cache on the external machine and tried it again, it is prompting me and working now externally using HTTPS://  It is also still working inside.  I will try an iPhone now.  Not sure if they are related at all but maybe something we did will have it working now as well.
Avatar of Ultramarathonman

ASKER

iPhones are working too.  Thanks for the help.
Exchange
Exchange

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo