Cannot connect to OWA on SBS2003 ISA2004 error 403 Forbidden

Posted on 2009-02-10
Medium Priority
Last Modified: 2012-05-06
Hi Experts !!,

Ive Setup a new SBS 2003 Premium box with exchange & ISA2004 installed and all the windows updates & SP's have been added.

We are using a dynamic IP address & the ISP is blocking port 80. (Local ISP wants to charge $6500 USD per month for Static IP :-(  !!! )

SBS has 2 x NICs and we are connecting through a basic Netgear Router with all the usual port forwarding happening

So all works good, VPN working, email working etc

We use DNSpark to route mail to us on an alternative port as ISP have blocked Inbound Port 25
We use an SMTP connector as Hotmail, Yahoo now seem to be rejecting emails from dynamic IP mail servers (good idea if you ask me)

So my only issue is OWA.
if I type http://mydomain:81 
Initally on the first try I got to the invalid certificate warning page. When I accept the risk (I trust myself) I get the "THE PAGE CANNOT BE DISPLAYED"
Technical Information (for support personnel)
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

So what my over all view here is this
Netgear router forwards the request on Port 81 to the server OK.
I changed the ISA's SBS Web Listener to port 81 and it forwards the request to default web site on port 80 OK.
Im assuming in the default web site something is wrong with the permissions.
Ive rerun the ICWISDENR (or whatevr the hell its called) several times now with no luck, of course I have to reset the email SMTP listener each time which is upsetting my emails.
Port 443 inst being blocked by the ISP. If I type https://mydomain I get the same error page

To try and resolve the issue I have also done the following.

Every port is temporarilly forwarded to SBS inside the router currently.
OWA rule in ISA has PUBLIC NAME this rule applies to all requests BRIDGING redirects to ports 80 & 443 both ticked

Any suggestions appreciated
Question by:JLW-ME
  • 4
  • 3

Assisted Solution

lakshmidurga earned 400 total points
ID: 23598631
are getting any errors in the event log....

Author Comment

ID: 23598764
yup,......... but not sure what to do next

Denied Connection MyServer 10/02/2009 1:48:17 PM
Log type: Web Proxy (Reverse)
Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL).  
Rule: Default rule
Source: External ( MY.IP.WAS.HERE:0)
Destination: (
Request: GET http://MyDomainWasHere:81/ 
Filter information: Req ID: 0e5047a6  
Protocol: http
User: anonymous
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; WOW64; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Processing time: 1
Cache info: 0x0 MIME type:

So my interprutation here is that the LAST DEFAULT RULE is stopping the reply.
This means the there is no available rule for the reply
But the second last RULE is the SBS Internet Access Rule and is to allow everything by everyone currently

Your Expert Thoughts ?

Author Comment

ID: 23598776
Nah thats not right either.
Its saying there is no rule to allow access in
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

LVL 51

Accepted Solution

Keith Alabaster earned 1600 total points
ID: 23600006
If you have setup OWA correctly using the SBS wizards then OWA will be operating on port 443 and would be accessed by https://yourdomain/exchange


Author Comment

ID: 23621534
Thanks keith_alabaster & lakshmidurga for their assistance.
What Ive implemented as a final solution is this:
As per Keith, Im running it on https, only problem here is trying to get a few NON computer literate people to understand https.
So, using DNSpark Im running their web guiding feature as per below.
webmail.mydomain = https://mydomain/exchange
Works a treat
I cant believe nobody commented on the $6500 USD per month for STATIS IP ?????
Thanks again
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23622356
Not my place to comment on what you pay - if you are happy to pay thta much then good luck to your ISP - thats called Business :)

Personally I pay the equivalent of $50 per month for 32 ip addresses and my internet connection.

Author Comment

ID: 23622422
Im in Dubai UAE, the office is in Abu Dhabi UAE, the ISP is called Etisalat and they are the only available ISP so they charge what they want.
With regards to the pricing, we REFUSE to pay which is why we are having to deal with the Dymanic issues and blocked port 80.
Here is Dubai with now have another ISP called DU, we payed them a one off fee of from memory about $100US for a static IP then just pay the standard business connection fee per month for internet connection
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23624449
Pleased to hear it :)  I sometimes forget that not everyone has the luxury of 50+ ISP's to select from.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
Let us take a look at the scenario, you have a database that is corrupt and you run the ESEUTIL command only to find you are unable to repair it. How do you now get the data back?
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month4 days, 9 hours left to enroll

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question