Solved

Exchange 2007 OWA not working externally

Posted on 2009-03-30
8
1,629 Views
Last Modified: 2012-05-06
I just installed an addtional Exchange server in my Exchange Org. The Org started out as 2003 but I have added a 2007 server that has the CAS, HUB and Mailbox roles running on a 2008 server. All is working except OWA externally. while I know i have not install the web cert on this box as of yet, i would think that OWA should still work. From an external client I goto the web address of the OWA server, i get the cert warning, i click continue and then get the following message:

The URL you requested has been blocked. URL = invalid.

I know the my firewall is configured corectly as I am getting email on port 25, i can RDP in on port 3389 and i get the cert warning page, all of which are on the same box.  I have made sure that the interal and external address is the correct within Exchange Management console for Server config and client access.

any help would be greatly apprecaited.
0
Comment
Question by:SpeedRacer1972
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 5

Accepted Solution

by:
kollenh earned 375 total points
ID: 24022579
Actually it has a certificate, it's just self-signed, iirc.  Have you tried hitting the internal link for OWA and does that work?  Also verify your settings for OWA; via the EMS:   Server Configuration --> Client Access, right-click OWA --> Properites.  There will be both "Internal URL" and "External URL" on this page.  Then make sure those settings match the IIS configuration on your server.
If you can get to the internal link/url but not the external then you should look at your firewall settings.  Are you doing a blanket forward (all ports) to the server?  If so, I'd suggest changing that and only allow 25 & 443.
HTH
0
 

Author Comment

by:SpeedRacer1972
ID: 24022709
I can get to the OWA internally, just not externally. I am only forwarding 25, 443, 3389 on the firewall. The URLs for internal and external are set to be the same in ESM. I guess i do not know IIS on Server 2008 well enough to check if they match. I have looked in all places i can find and have no luck. i assume the setting i am looking for would be under sites\Default Web Site\OWA.
0
 
LVL 5

Assisted Solution

by:kollenh
kollenh earned 375 total points
ID: 24022752
Yes, that is the correct path.  You don't really want to do any setting changes there, just make sure the path in IIS matches your settings in Exchange and that it's running as an application (it looks like a gear when it is).
So if your internal link works but not the external, sounds like a firewall or routing issue.  You say the URLs are the same, how so?  Is your external link using an "external" dns name?  How are you testing external connectivity?  Have you tried using the external IP address in place of the name?  Example:  https://IP/owa.
And I apologize for not noticing you're running on Server 2008, there are some changes when running Exchange 2007 on that so I'll go read my notes and make sure I'm not overlooking something.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:SpeedRacer1972
ID: 24022977
the internal and external URLs are both set to the external DNS names, which is what my MX record is pointing to. I am able to test from my home network, hitting the OWA address. hitting the IP address does the same thing.  

I would think that if it were a firewall issue, using a Fortinet WiFi 60B, them RDP or SMTP would not work which are all forwarding in the same firewall rule to the same IP.
0
 

Author Comment

by:SpeedRacer1972
ID: 24023101
so i decided to take a harder look at my firewall. As it turns out Fortinet considers the actual address of my OWA server as in valid. I had a check box to block invalid URLs, as soon as i unchecked that the started working. Thank you for the help
0
 
LVL 5

Assisted Solution

by:kollenh
kollenh earned 375 total points
ID: 24023478
Aha!  That's good because I was fairly sure it had to be firewall-related since that seemed to be the only difference you had in your two tests.  Glad to help.  Let the web-based mail goodness begin!
As a side-note, if you have Outlook 2007 users, I can't say enough good things about Outlook Anywhere.  Having your full Outlook client work over the internet without a VPN is very nice.  Only downside is you would need a real certificate.
Enjoy
0
 

Author Comment

by:SpeedRacer1972
ID: 24023512
yes, i plan on settting up Outlook anywhere and a cert, i just wanted to get OWA working before i took any anything new.
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 125 total points
ID: 24035454
This:

"The URL you requested has been blocked. URL = invalid. "

Is not an Exchange message. Therefore it is being blocked elsewhere. Firewall would be the first place to look, possibly something that needs to be configured with a specific URL rather than just a port being opened.
A quick Google points at this being a Fortigate error, which you have mentioned, so I would be looking there.

-M
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question