Cannot connect to OWA on SBS2003 ISA2004 error 403 Forbidden

Posted on 2009-02-10
Last Modified: 2012-05-06
Hi Experts !!,

Ive Setup a new SBS 2003 Premium box with exchange & ISA2004 installed and all the windows updates & SP's have been added.

We are using a dynamic IP address & the ISP is blocking port 80. (Local ISP wants to charge $6500 USD per month for Static IP :-(  !!! )

SBS has 2 x NICs and we are connecting through a basic Netgear Router with all the usual port forwarding happening

So all works good, VPN working, email working etc

We use DNSpark to route mail to us on an alternative port as ISP have blocked Inbound Port 25
We use an SMTP connector as Hotmail, Yahoo now seem to be rejecting emails from dynamic IP mail servers (good idea if you ask me)

So my only issue is OWA.
if I type http://mydomain:81
Initally on the first try I got to the invalid certificate warning page. When I accept the risk (I trust myself) I get the "THE PAGE CANNOT BE DISPLAYED"
Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

So what my over all view here is this
Netgear router forwards the request on Port 81 to the server OK.
I changed the ISA's SBS Web Listener to port 81 and it forwards the request to default web site on port 80 OK.
Im assuming in the default web site something is wrong with the permissions.
Ive rerun the ICWISDENR (or whatevr the hell its called) several times now with no luck, of course I have to reset the email SMTP listener each time which is upsetting my emails.
Port 443 inst being blocked by the ISP. If I type https://mydomain I get the same error page

To try and resolve the issue I have also done the following.

Every port is temporarilly forwarded to SBS inside the router currently.
OWA rule in ISA has PUBLIC NAME this rule applies to all requests BRIDGING redirects to ports 80 & 443 both ticked

Any suggestions appreciated
Question by:JLW-ME
    LVL 7

    Assisted Solution

    are getting any errors in the event log....

    Author Comment

    yup,......... but not sure what to do next

    Denied Connection MyServer 10/02/2009 1:48:17 PM
    Log type: Web Proxy (Reverse)
    Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).  
    Rule: Default rule
    Source: External ( MY.IP.WAS.HERE:0)
    Destination: (
    Request: GET http://MyDomainWasHere:81/
    Filter information: Req ID: 0e5047a6  
    Protocol: http
    User: anonymous
    Additional information
    Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
    Object source: Processing time: 1
    Cache info: 0x0 MIME type:

    So my interprutation here is that the LAST DEFAULT RULE is stopping the reply.
    This means the there is no available rule for the reply
    But the second last RULE is the SBS Internet Access Rule and is to allow everything by everyone currently

    Your Expert Thoughts ?

    Author Comment

    Nah thats not right either.
    Its saying there is no rule to allow access in
    LVL 51

    Accepted Solution

    If you have setup OWA correctly using the SBS wizards then OWA will be operating on port 443 and would be accessed by https://yourdomain/exchange


    Author Comment

    Thanks keith_alabaster & lakshmidurga for their assistance.
    What Ive implemented as a final solution is this:
    As per Keith, Im running it on https, only problem here is trying to get a few NON computer literate people to understand https.
    So, using DNSpark Im running their web guiding feature as per below.
    webmail.mydomain = https://mydomain/exchange
    Works a treat
    I cant believe nobody commented on the $6500 USD per month for STATIS IP ?????
    Thanks again
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Not my place to comment on what you pay - if you are happy to pay thta much then good luck to your ISP - thats called Business :)

    Personally I pay the equivalent of $50 per month for 32 ip addresses and my internet connection.

    Author Comment

    Im in Dubai UAE, the office is in Abu Dhabi UAE, the ISP is called Etisalat and they are the only available ISP so they charge what they want.
    With regards to the pricing, we REFUSE to pay which is why we are having to deal with the Dymanic issues and blocked port 80.
    Here is Dubai with now have another ISP called DU, we payed them a one off fee of from memory about $100US for a static IP then just pay the standard business connection fee per month for internet connection
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Pleased to hear it :)  I sometimes forget that not everyone has the luxury of 50+ ISP's to select from.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    Easy CSR creation in Exchange 2007,2010 and 2013
    In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now