Solved

how to enable 'Web Mail' in Exchange/SBS  2003

Posted on 2009-06-27
24
815 Views
Last Modified: 2012-05-07
We use Exchange/SBS  2003 with SMTP & Pop3.

We have a request for web mail. can you please guide with a step by step procedure to implement the 'web mail' feature (like yahoo, gmail etc) using our server.

Thanks
0
Comment
Question by:anushahanna
  • 11
  • 7
  • 4
  • +2
24 Comments
 
LVL 4

Expert Comment

by:ythevenot
Comment Utility
this is not a quick guide should answer all your questions and get you running:

http://technet.microsoft.com/en-us/library/bb123645(EXCHG.65).aspx

good luck,
Yannick
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Web Mail is enabled by default. You don't need to do any special work. Simply open port 443 through your firewall, and direct users to connect to https://<firewall external IP>/exchange from outside. This will present them with a login interface to enable them to access their webmail.

For security reasons, you will need to enable SSL on the web access if you have not yet done so. This ensures data is sent encrypted between the server and the client computer - particularly important for password details. You can purchase cheap 3rd-party SSL certificates from www.certificatesforexchange.com.

-Matt
0
 
LVL 3

Expert Comment

by:gonz-IT
Comment Utility
Run the Internet Connection and Email Wizard and make sure you enable Outlook Web Access in the firewall section  and enable Internet Mail in the Exchange section.

If you are using the 2 network cards recommended setup then you don't need to do anything else and just follow security and SSL recommendations by tigermatt.

If you are using a 1 NIC setup, then you will have to forward traffic on the 443 port to your SBS server.
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
Thanks very much. Yes, now I am able to get the login screen, and the users are able to login, but when they do, they get this error:
"HTTP/1.1 503 Service Unavailable"

Is there a seperate security user group for Web mail?
Thanks
0
 
LVL 3

Expert Comment

by:gonz-IT
Comment Utility
I've seen this error screen when you lack of enough licenses.
Are ALL your users getting this error?
You can check your licenses in the Server Management console, under "Licensing".

SBS2003 comes with 5 CAL's, so if you have more than 5 users you should buy a License Pak. Let me know what you find out.
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
gonz-IT,
Under Licensing, Under ProductID, I see 15 installed licenses, and 11 as 'Maximum usage'.

Under License Codes, I see of them with each of 5 licenses.

In terms of the error, yes, all the users are getting it.
Thanks
0
 
LVL 3

Expert Comment

by:gonz-IT
Comment Utility
Restart the server and if the problem is not fixed, run the Internet Connection and Email Wizard, then run the Remote Access Wizard. The problem should be fixed.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

The problem is more likely a configuraton issue than a licensing issue.

A "Service Unavailable" message usually indicates the web site or the web server services are not started on the server. Open the Services Management applet in Administrative Tools. Check the following services are started and set to 'Automatic':

World Wide Web
IIS Admin
HTTP SSL

Next, open IIS Manager, locate the 'Default Web Site' in the 'Web Sites' container, right-click and verify it is started.

-Matt
0
 
LVL 3

Expert Comment

by:gonz-IT
Comment Utility
The reason I supposed a Licensing problem is because as anushahanna stated, the users get to the login screen, and after the login screen they get the service unavailable error. So, www and ssl services are up and running.

If the number of licenses is correct, then I suggest a server restart, just to check if all services get in place in the correct order and OWA works now.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

That error usually comes from the WWW service being up and running, but another service being stopped or inaccessible behind the scenes. This means IIS cannot connect to Exchange, so IIS throws a Service Unavailable error.
Licenses are not generally enforced, but if it was licensing I would be expecting the Author to be seeing many other strange issues.

The usual culprit is a binding set incorrectly somewhere.

-Matt
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
tigermatt
can you please suggest what config issues/binding  I may check, apart from World Wide Web,
IIS Admin,HTTP SSL, dedault web site which are all running.

thanks
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

You need to first verify whether it works internally. Can you get to OWA using http://servername/exchange and/or https://servername/exchange? If so, you have a firewall issue with forwarding port 443 to the Exchange Server, and that needs to be addressed in the firewall/router device.

You stated "apart from World Wide Web". Are you implying that service is stopped - not running? If so, you must enable it. Without that running, no OWA will function at all.

-Matt
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 6

Author Comment

by:anushahanna
Comment Utility
tigermatt,
I used http://servername/exchange from internally, and it gives the same message
"HTTP/1.1 503 Service Unavailable"

When I do it from outside the local network, it shows the OWA welcome screen. If I put a wrong credentials, it is smart to deny entry. But if the right password is put, then it gives the above error message.

The following are indeed running:
World Wide Web Publishing Service (Started, Automatic)
IIS Admin Service (Started, Automatic)
HTTP SSL(Started Manual)
dedault web site (running in IIS Manager - Port 80, SSL 443)

The following are not running
Microsoft Exchange Event,
Microsoft Exchange IMAP4
Microsoft Exchange POP3
Microsoft Exchange Site Replication Service

Thanks for your help.
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

Okay - take a read through http://support.microsoft.com/kb/823159 and action the steps it describes.

-Matt
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
tigermatt
I have tried every option in the article you provided, but one. I need the HKCRScan.exe file, but I searched in MS website, and it does not have it. Any thoughts on it.?

But so far, OWA does not work with all the fix.

I have also tried Step1 and 3 from the following article, with no help:
http://support.microsoft.com/?id=883380

My Remote Web Workplace works fine. Just the company web and OWA needs to work.  The users are enabled for OWA in  Exchange Features.

Server->Users has listed under it , the user
IUSR_SERVER

Thanks
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

At this point, I'd be abandoning trying to workaround this problem, and simply do a repair install from the Exchange installation media. This will reconfigure all the Exchange system files - but leave your mailbox databases in tact. Hopefully, if there is a configuration issue, this would resolve it.

Download a fresh copy of the Exchange Server 2003 Service Pack 2 from Microsoft at http://www.microsoft.com/downloads/details.aspx?FamilyID=535BEF85-3096-45F8-AA43-60F1F58B3C40&displaylang=en. Once you have it down, extract it and run the setup program. Go through the steps, and if you are prompted, you can choose to do a 'Repair' install. Otherwise, just let it install itself over the top of the existing install.

It will take the Exchange Services down momentarily, so users on Exchange at that time may notice a slight interruption of service.

-Matt
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
Matt
I installed this 109MB SP2 version last weekend (from your link), but it showed after that there is not even SP1, so on tuesday, I installed SP1
SBS2003-KB885918-SP1-X86-ENU.EXE (210MB)
WindowsServer2003-KB889101-SP1-x86-ENU.exe (337 MB)
WSS2003SP1-kb841876-fullfile-ENU.exe (4 MB)

and also SP2 from the below link which is a lot bigger file than the one you sent:

http://www.microsoft.com/downloads/details.aspx?FamilyId=95AC1610-C232-4644-B828-C55EEC605D55&displaylang=en

What do you think is the difference between the 109MB and 372MB SP2?

Regardless, I tried both these versions, and the 372MB was done on tuesday July 21st.

Let me know if I should try again the same file. I have all these files saved.

Apart from this, last thursday, I found 2 hijack files on the system. Could they be causing any issues related to OWA?

These are the 2 files.I am working on removing it.

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0)

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0)

Thanks
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
Matt
Can you please help me verify some settings, that I noted down from the server. I am concerned about the local path issue. Thanks
--------------

1)In IIS Manager, by right click 'Default
Web Site' -> Properties->'Directory Security' tab->'Edit' in 'Authentication and access control'->'Enable anonymous access' and 'Integrated Windows
authentication' are checked. Other options are not checked.

2a)Under properties for 'Exadmin', only 'Integrated Windows authentication' is checked.
2b)for 'Exadmin', Virtual Directory-> Local Path is '\\.\BackOfficeStorage'
I believe, the local directory is C:\Inetpub. Should this under 'Local path'?

3a)Under properties for 'Exchange', only 'Basic Authentication' is checked; also under "Secure communications"->Edit, the "Require secure channel (SSL)" and "Require 128-bit
encryption" are checked.
3b)Exchange - Default Domain is '\' under Authentication Methods
3c)Exchange - Virtual Directory ->Local Path is '\\.\BackOfficeStorage\domainname\MBX'
I believe, the local directory is C:\Inetpub. Should this under 'Local path'?

4)Under 'ExchWeb'->Properties, only 'Enable anonymous access' is checked.

Please see the attached picture of c:\Inetpub. Can you please tell me if that should be the local path for Exaadmin and Exchange folders under IIS manager-> Default Web Site. Will this impact OWA?
inetpub.jpg
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
Matt,
I ran the SBS Best Practice analysis tool: It has three issues with my server:
"DNS Client was not configured"
"Task Offloading is enabled"
"Sharepoint 2.0 RTM installed"

Do you see any trouble, related to OWA? I am also attaching the whole analysis, for the complete big picture.

Also there are 2 application log error events when I restarted the server:
MSExchangeDSAccess;Category:Topology;Event 2114; User N/A; Computer :Server
MSExchangeIS; Category:General;Event 9542; User N/A; Computer :Server
Would appreciate any feedback if this could be causing any trouble to the OWA.

Thanks
Critical-All-Issues.jpg
Info-Items.jpg
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility

"...I installed this 109MB SP2 version last weekend (from your link), but it showed after that there is not even SP1..."

You are referring to 3 *different* service packs. You have different service packs for:

- the Operating System - Windows Server 2003
- the Email Server - Exchange Server 2003
- the Small Business Server software

Windows Server 2003 should be at Server 2003 Service Pack 2.
Exchange Server 2003 should be at Exchange Service Pack 2.
SBS should be at Service Pack 1.

Links to Service Pack downloads:

http://www.microsoft.com/downloads/details.aspx?FamilyId=95AC1610-C232-4644-B828-C55EEC605D55
http://www.microsoft.com/downloads/details.aspx?FamilyID=535BEF85-3096-45F8-AA43-60F1F58B3C40
http://www.microsoft.com/downloads/details.aspx?FamilyId=B6F8A4C0-B707-4161-ADEB-44F1B756119F

If your server is to be up-to-date, all those should be installed. According to the last screenshot you posted, it appears they are already installed.

"...I found 2 hijack files on the system. Could they be causing any issues related to OWA?..."

I wouldn't say they are hijacks. They are more likely lock-down settings applied by a Group Policy.

That said, you should never browse the Internet from your server.

"...Can you please help me verify some settings, that I noted down from the server. I am concerned about the local path issue..."

All the authentication settings you referred to sound correct. The Exchange directories are not stored in C:\Inetpub but at the \\.\BackOfficeStorage location, which ultimately resolves back to a virtual path into the Exchange database. That is not a problem - and you shouldn't see anything within C:\Inetpub regarding Exchange.

"...I ran the SBS Best Practice analysis tool: It has three issues with my server..."

Those won't affect OWA.

Have you progressed any further with this problem since your last post?

-Matt
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
I have cleared out some of the errors mentioned in the SBS BP Tool. Apart from that, I am kind of going around the Microsoft documents on '503 Service not available' error, includind deleting and regenerating the virtual diectories.

thanks for verifying all the settings. it is good to know they are in their place.

0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
Comment Utility
I have responded to your other question I am assuming it is the same issue so this is the response:

Sounds to me like an OLE DB problem, check this link out: http://support.microsoft.com/kb/305030

if you fun through this and it's still not working check for the event viewer items it refers to when looking at registry keys over 259 characters long.

If nit resolved I would phone PSS support at MS and they will run a scanner on your registry and have this sorted in a jiffy!
0
 
LVL 6

Author Comment

by:anushahanna
Comment Utility
Thanks.

Calendar items were present in event logs, called MS and they resolved by deleting registry Sub-key N34d90ae5 and everything now works.

Below is the resolution from Microsoft:
"the Sub key: N34d90ae5 was causing the 503 Service Unavailable issue since it has exceeded the Default 259 characters. This problem can occur if the Exoledb library does not initialize. When the Exoledb library initializes, it scans the HKEY_CLASSES_ROOT (HKCR) registry hive for content class information. If the Exoledb library finds a ProgID with a value that exceeds 259 characters, the Exoledb library cannot initialize."
0
 
LVL 6

Author Closing Comment

by:anushahanna
Comment Utility
A Solution, finally! Many thanks for the right diagnosis.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
how to add IIS SMTP to handle application/Scanner relays into office 365.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now