[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 978
  • Last Modified:

I cannot get port 80 or port 443 in or out of a windows server 2003 with Exchange Server 2003

My Exchange Server 2003 will not allow port 80 and port 443 in or out.  When I bring up a web browser, the dialog in the lower left searches, then says the site is located, the says waiting for the site, then times out.  A port scan on the server shows only Port 110 open.  The Windows firewall is disabled and the TrendMicro Firewall is disabled.  The outside Sonicwall is set to allow the address object of the server port 80 and 443 Wan to Lan, Lan to Wan, and Lan to Lan.  

Inside the lan, I can't load the COMPANY web page or the OWA on the exchange server on any other computer.  I can, however, log in to the OWA Exchange Server on the Exchange Server or load the company home page.

I have Errors # 59 and 1059 from the W3SVC, but they don't seem to make any sense.  On Eventid.net, those errors are listed but all pertain to other types of servers.  I did correct the OsceAppPool disabled error, but that made no difference.  

I have done packet traces through the firewall and it is passing these ports.

Port 25 and 110 pass with no problem and mail is flowing, only the web mail and mobile push mail will not work.  

Thanks in advance for any help.

John
0
snurd3
Asked:
snurd3
  • 11
  • 8
  • 2
  • +1
2 Solutions
 
Justin OwensITIL Problem ManagerCommented:
Well, unless your company intranet is also hosted on the Exchange server, you CAN get out.

My first hunch would be DNS problems.  Can anyone access OWA by using IP rather than servername or pointer?  Can your Exchange server pull up web pages if you go to IP addresses rather than to URLs?  How is your organization configured as far as DNS resolution goes?

Justin
0
 
snurd3Author Commented:
Thanks.  I dont' understand your first comment that I can get out.  Can you clarify please.  I can only reach the Company Web (on the Exchange Server) and the OWA from the machine itself, not from any other. These are two separate web sites on the same machine.
No.  I tried using IP address.  No luck.  DNS is on the primary domain controller and a member server.  It is forwarded to an outside company  for internet resolution,.
 
John
 
0
 
Alan HardistyCommented:
You said that you have the Trend Micro firewall disabled.  That does not usually mean it is not interfering with web flow.
To be sure, please completely remove it and reboot the server then test again.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Justin OwensITIL Problem ManagerCommented:
I would definitely start with the firewall.  My first statement was merely that if your company website was not hosted on the Exchange server then you can get out.

If you cannot uninstall the firewall, as alanhardisty suggested, be sure you double check its settings.  It REALLY seems as though your firewall is blocking the traffic.

Justin
0
 
snurd3Author Commented:
OK.  Will uninstall the Trend Micro stuff.  I have to agree, since it seems to be port specific, I think the firewall is the most likely culprit.  But I thought I eliminated it by disabling it.  Will get back to you.  Have to drive about 10 miles before I get where I can do that.
0
 
Alan HardistyCommented:
Sadly disabling it still leaves it there and potentially blocking.  I have seen many computers with firewalls that were installed, had them uninstalled and still had issues getting to the web.  After a forced removal via a specific tool, internet access was restored.
Enjoy the drive!  No remote control?
0
 
holthdCommented:
Enter the following in CMD:
netstat -nao > %systemroot%\EE_netstat.txt
tasklist > %systemroot%\EE_tasklist.txt

Post the results.
0
 
snurd3Author Commented:
Yes.  I have it remoted, but I was at work and due home.  So, I had to leave the server and come home to do it remotely.  Doesn't make much sense, but wife was already expecting me.
Here are the requested files.  
 

EE-netstat.txt
EE-tasklist.txt
0
 
Alan HardistyCommented:
No problems - I can relate to the wife expecting you home.
Have you uninstalled Trend yet and rebooted?
0
 
snurd3Author Commented:
Trendmicro Firewall is removed and server is rebooting.
0
 
Alan HardistyCommented:
Okay - fingers crossed.
0
 
snurd3Author Commented:
Wouldn't ya know.  The server went down, but failed to come back up.   Will have to ride over there and see what's up.
0
 
Alan HardistyCommented:
Deep joy!  That's a pain in the butt.
0
 
snurd3Author Commented:
OK.  I'm back.  There was a flash drive in the USB it was trying to boot from. :(  
But, the firewall being gone made no diff.  Still doing the same thing.  It is looking up DNS, because it says what IP address it's connecting to, just never does it.
0
 
Alan HardistyCommented:
That's a shame.
Presumably if you visit www.canyouseeme.org and test port 80 and 443 you get a fail?
 
0
 
holthdCommented:
Thanks for the netstat and tasklist.
The server is definetly listening on port 80 and 443.

On the Exchange server can you "telnet 172.16.0.5 80" and "telnet 172.16.0.5 443"?
If success you should get a black window, if not it will say could not establish a connection on port X etc.

If it's successfull then there's no problem with the server and you should do a trace route to another machine that can't reach it and check if the ports are available from all the hops in the trace.

If unsuccessfull it's a due to a local firewall OR another application trying to steal the port.
0
 
snurd3Author Commented:
I can't get out on the web browser on that server, but let me try another.  The web browser will only connect to stuff on its own machine.
Let me try both of these things.  Seems to me that someplace along the line, I did the telnet and trace,  but it cannot hurt to make sure.
0
 
Alan HardistyCommented:
can you run the following please (from a command prompt):
ipconfig /all >c:\ipconfig.txt
Then upload c:\ipconfig.txt to EE
0
 
snurd3Author Commented:
I did try the above and sort of got lost checking.  I can telnet from one server to another on port 80 and port 443. Canyouseeme.org. does not see me on those ports.  I tried to telnet via the VPN to the shop and I can't do that.  If I run the netstat over the VPN, 80 and 443 are not listening.  
The thing has too many moving parts, though .  The certificate for the Exchange server is returning an error now and it was fine.  The PDC suddenly does not show any other hosts in its browser.  I have been checking the Sonicwall, which I just had checked last week by Sonicwall and found a couple of duplicated routes.  It's sort of like trying to pitch a tent on a 90 MPH wind.
 
John
0
 
Alan HardistyCommented:
It does sound like you have a few more problems on your hands and there are sinister happenings going on.
Can you reboot your server(s) and see if it / they settle down?
0
 
snurd3Author Commented:
Right.  When in doubt, reboot.  Will do that.  
0
 
snurd3Author Commented:
This situation was resolved with the help of the two experts who offered help.  Both contributed something to the solution so I'dlike to divide the points between them.  The solution was a combination of the outside firewall and security issues.<input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden">
0
 
snurd3Author Commented:
Thanks all
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 11
  • 8
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now