We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Cannot connect to OWA on SBS2003 ISA2004 error 403 Forbidden

Medium Priority
Last Modified: 2012-05-06
Hi Experts !!,

Ive Setup a new SBS 2003 Premium box with exchange & ISA2004 installed and all the windows updates & SP's have been added.

We are using a dynamic IP address & the ISP is blocking port 80. (Local ISP wants to charge $6500 USD per month for Static IP :-(  !!! )

SBS has 2 x NICs and we are connecting through a basic Netgear Router with all the usual port forwarding happening

So all works good, VPN working, email working etc

We use DNSpark to route mail to us on an alternative port as ISP have blocked Inbound Port 25
We use an SMTP connector as Hotmail, Yahoo now seem to be rejecting emails from dynamic IP mail servers (good idea if you ask me)

So my only issue is OWA.
if I type http://mydomain:81 
Initally on the first try I got to the invalid certificate warning page. When I accept the risk (I trust myself) I get the "THE PAGE CANNOT BE DISPLAYED"
Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

So what my over all view here is this
Netgear router forwards the request on Port 81 to the server OK.
I changed the ISA's SBS Web Listener to port 81 and it forwards the request to default web site on port 80 OK.
Im assuming in the default web site something is wrong with the permissions.
Ive rerun the ICWISDENR (or whatevr the hell its called) several times now with no luck, of course I have to reset the email SMTP listener each time which is upsetting my emails.
Port 443 inst being blocked by the ISP. If I type https://mydomain I get the same error page

To try and resolve the issue I have also done the following.

Every port is temporarilly forwarded to SBS inside the router currently.
OWA rule in ISA has PUBLIC NAME this rule applies to all requests BRIDGING redirects to ports 80 & 443 both ticked

Any suggestions appreciated
Watch Question

are getting any errors in the event log....

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


yup,......... but not sure what to do next

Denied Connection MyServer 10/02/2009 1:48:17 PM
Log type: Web Proxy (Reverse)
Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).  
Rule: Default rule
Source: External ( MY.IP.WAS.HERE:0)
Destination: (
Request: GET http://MyDomainWasHere:81/ 
Filter information: Req ID: 0e5047a6  
Protocol: http
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Processing time: 1
Cache info: 0x0 MIME type:

So my interprutation here is that the LAST DEFAULT RULE is stopping the reply.
This means the there is no available rule for the reply
But the second last RULE is the SBS Internet Access Rule and is to allow everything by everyone currently

Your Expert Thoughts ?


Nah thats not right either.
Its saying there is no rule to allow access in
Enterprise Architect
Top Expert 2008
If you have setup OWA correctly using the SBS wizards then OWA will be operating on port 443 and would be accessed by https://yourdomain/exchange



Thanks keith_alabaster & lakshmidurga for their assistance.
What Ive implemented as a final solution is this:
As per Keith, Im running it on https, only problem here is trying to get a few NON computer literate people to understand https.
So, using DNSpark Im running their web guiding feature as per below.
webmail.mydomain = https://mydomain/exchange
Works a treat
I cant believe nobody commented on the $6500 USD per month for STATIS IP ?????
Thanks again
Keith AlabasterEnterprise Architect
Top Expert 2008

Not my place to comment on what you pay - if you are happy to pay thta much then good luck to your ISP - thats called Business :)

Personally I pay the equivalent of $50 per month for 32 ip addresses and my internet connection.


Im in Dubai UAE, the office is in Abu Dhabi UAE, the ISP is called Etisalat and they are the only available ISP so they charge what they want.
With regards to the pricing, we REFUSE to pay which is why we are having to deal with the Dymanic issues and blocked port 80.
Here is Dubai with now have another ISP called DU, we payed them a one off fee of from memory about $100US for a static IP then just pay the standard business connection fee per month for internet connection
Keith AlabasterEnterprise Architect
Top Expert 2008

Pleased to hear it :)  I sometimes forget that not everyone has the luxury of 50+ ISP's to select from.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.