Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

OWA down *unless* connected with VPN

Posted on 2009-02-16
13
Medium Priority
?
318 Views
Last Modified: 2012-05-06
We have been running OWA just fine for a few years. We also use vpn for offsite people. Starting last week, people can no longer hit OWA unless they are connected with VPN (which isn't always an option) Any ideas on what I should check on? Seems like it might have to do with security. SSL looks fine (says good until 2011)  I'm not an Exchange person by any means so I'm really not sure where to start. Any help would be great. And if you need info, please ask.  Thanks!
Darren
0
Comment
Question by:PurpleWine
  • 7
  • 6
13 Comments
 
LVL 58

Expert Comment

by:tigermatt
ID: 23652457

If you can hit OWA and use it while connected on the VPN then that would indicate there is no issue with OWA itself. Your problem must therefore be somewhere in the firewall, and that is the most likely place which you need to check in order to resolve the problem.

Check you have port 443 open to the Exchange Server.
Verify the DNS record you are using to access OWA maps to the correct external IP of the Exchange Server.

Let me know how you get on,

-Matt
0
 
LVL 3

Author Comment

by:PurpleWine
ID: 23652617
SOrry, my day off so I wasn't thinking cleary. One BIG piece of info I forgot... This place was setup with only one external IP for the T1 line (something that will be changed in the next month or so) But for now, 443 goes to a different server do to oddball reasons. We hit web access by this....

http://server.ourdomain.com:8080/exchange/

And no, I didn't set this up :)   We did some testing for the new line, but it has all new equipment, so no changes were made to our current setup. Just bypassed our current system, plugged in the new line, new PIX, new router. Then pulled it and went back to our current setup. I've rebooted everything and have no other issues save for this. I'll check on the DNS record. We are outsourcing this, and I know he was looking at that. Maybe he changed something...
0
 
LVL 3

Author Comment

by:PurpleWine
ID: 23652676
Ok, so I am in computer management, under DNS and at the server. Not sure where I should see it pointing to our outside IP. I definatly do not see our outside IP listed anywhere. Can you point me in the right direction?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 58

Expert Comment

by:tigermatt
ID: 23652696

Check the DNS record. It's a possibility the IP is wrong there.

However, I am pretty convinced this is a firewall issue. You need to check the firewall is listening correctly on port 8080 and then forwarding it to the Exchange Server.

What port do you use when on the VPN? Still 8080, or does it translate to 443 when connecting to the Exchange Server?

Let me know as soon as you get some additional information,

-Matt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 23652708

You need to look in the external DNS namespace, which is separate to the local DNS which you access when on your server.

The external DNS is usually hosted at your ISP, your domain registrar or at an outsourced DNS host. If you post your domain name here, I would be able to look up exactly where it is hosted.

-Matt
0
 
LVL 3

Author Comment

by:PurpleWine
ID: 23652797
I'm trying to get in touch with Network Solutions right now. There is a bigger problem then I thought. We only have internal email. It's not a OWA issue at all. Is there something the cisco guy could have changed? I doubt it is an issue with our domain hosting, as I never contacted them. (though I am calling them)
owa.jpg
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 23652822

It looks to me as though your OWA running on port 8080 is not the SSL secured version, but the unencrypted HTTP version. Your OWA running over SSL is still running on port 443.

At this stage, I'd focus on getting it up and running with port 8080, then concern yourself with SSL afterwards.

The Cisco tech could have changed something. Let me know the outcome of your telephone call and then we can proceed with further troubleshooting.

-Matt
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 23652831

Ah sorry, you mean everything externally is broken? Incoming email too? That would most definitely indicate either a DNS issue which is stopping the mail hitting your firewall, or an issue in the firewall which is preventing it hitting the Exchange Server.

Again, let me know what Network Solutions say.

-Matt
0
 
LVL 3

Author Comment

by:PurpleWine
ID: 23653092
Everything with them is fine. Still pointing to the correct IP.  I'm guessing now it has to be something the guy did when he was here. Of course I haven;t heard back from him all day. And getting into Cisco stuff just isn't my thing :(  I'll let you know how this goes....
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 23653261

We can continue to troubleshoot if you like, but Cisco is not my thing either. However, what happens if, from an outside PC, you enter telnet <external IP> 25 at a command prompt? If you have no inbound mail flow, I'd expect that to fail.

-Matt
0
 
LVL 3

Author Comment

by:PurpleWine
ID: 23675412
our 3560g cisco switch was terminally ill. Setup a new 3750g and OWA, as well as other mysterious issues went away. Never thought about looking at that. Weird. Expensive. Expensively weird. But fixed none-the-less. After this note is posted I will close and assign points, but I want to select this as solution so if people look it up they know what the problem was. I'll give this the lowest point possible, and you the rest for trying to help. Thanks!
0
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 23675909

No problem. Faulty switches, faulty NICs, even faulty network cables can cause some very, very strange issues indeed which are a pain to troubleshoot.

Feel free to close this as you wish.

-Matt
0
 
LVL 3

Author Closing Comment

by:PurpleWine
ID: 31547441
Always remember to check hardware :)
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question