Link to home
Start Free TrialLog in
Avatar of snurd3
snurd3

asked on

I cannot get port 80 or port 443 in or out of a windows server 2003 with Exchange Server 2003

My Exchange Server 2003 will not allow port 80 and port 443 in or out.  When I bring up a web browser, the dialog in the lower left searches, then says the site is located, the says waiting for the site, then times out.  A port scan on the server shows only Port 110 open.  The Windows firewall is disabled and the TrendMicro Firewall is disabled.  The outside Sonicwall is set to allow the address object of the server port 80 and 443 Wan to Lan, Lan to Wan, and Lan to Lan.  

Inside the lan, I can't load the COMPANY web page or the OWA on the exchange server on any other computer.  I can, however, log in to the OWA Exchange Server on the Exchange Server or load the company home page.

I have Errors # 59 and 1059 from the W3SVC, but they don't seem to make any sense.  On Eventid.net, those errors are listed but all pertain to other types of servers.  I did correct the OsceAppPool disabled error, but that made no difference.  

I have done packet traces through the firewall and it is passing these ports.

Port 25 and 110 pass with no problem and mail is flowing, only the web mail and mobile push mail will not work.  

Thanks in advance for any help.

John
ASKER CERTIFIED SOLUTION
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of snurd3
snurd3

ASKER

Thanks.  I dont' understand your first comment that I can get out.  Can you clarify please.  I can only reach the Company Web (on the Exchange Server) and the OWA from the machine itself, not from any other. These are two separate web sites on the same machine.
No.  I tried using IP address.  No luck.  DNS is on the primary domain controller and a member server.  It is forwarded to an outside company  for internet resolution,.
 
John
 
SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I would definitely start with the firewall.  My first statement was merely that if your company website was not hosted on the Exchange server then you can get out.

If you cannot uninstall the firewall, as alanhardisty suggested, be sure you double check its settings.  It REALLY seems as though your firewall is blocking the traffic.

Justin
Avatar of snurd3

ASKER

OK.  Will uninstall the Trend Micro stuff.  I have to agree, since it seems to be port specific, I think the firewall is the most likely culprit.  But I thought I eliminated it by disabling it.  Will get back to you.  Have to drive about 10 miles before I get where I can do that.
Sadly disabling it still leaves it there and potentially blocking.  I have seen many computers with firewalls that were installed, had them uninstalled and still had issues getting to the web.  After a forced removal via a specific tool, internet access was restored.
Enjoy the drive!  No remote control?
Enter the following in CMD:
netstat -nao > %systemroot%\EE_netstat.txt
tasklist > %systemroot%\EE_tasklist.txt

Post the results.
Avatar of snurd3

ASKER

Yes.  I have it remoted, but I was at work and due home.  So, I had to leave the server and come home to do it remotely.  Doesn't make much sense, but wife was already expecting me.
Here are the requested files.  
 

EE-netstat.txt
EE-tasklist.txt
No problems - I can relate to the wife expecting you home.
Have you uninstalled Trend yet and rebooted?
Avatar of snurd3

ASKER

Trendmicro Firewall is removed and server is rebooting.
Okay - fingers crossed.
Avatar of snurd3

ASKER

Wouldn't ya know.  The server went down, but failed to come back up.   Will have to ride over there and see what's up.
Deep joy!  That's a pain in the butt.
Avatar of snurd3

ASKER

OK.  I'm back.  There was a flash drive in the USB it was trying to boot from. :(  
But, the firewall being gone made no diff.  Still doing the same thing.  It is looking up DNS, because it says what IP address it's connecting to, just never does it.
That's a shame.
Presumably if you visit www.canyouseeme.org and test port 80 and 443 you get a fail?
 
Thanks for the netstat and tasklist.
The server is definetly listening on port 80 and 443.

On the Exchange server can you "telnet 172.16.0.5 80" and "telnet 172.16.0.5 443"?
If success you should get a black window, if not it will say could not establish a connection on port X etc.

If it's successfull then there's no problem with the server and you should do a trace route to another machine that can't reach it and check if the ports are available from all the hops in the trace.

If unsuccessfull it's a due to a local firewall OR another application trying to steal the port.
Avatar of snurd3

ASKER

I can't get out on the web browser on that server, but let me try another.  The web browser will only connect to stuff on its own machine.
Let me try both of these things.  Seems to me that someplace along the line, I did the telnet and trace,  but it cannot hurt to make sure.
can you run the following please (from a command prompt):
ipconfig /all >c:\ipconfig.txt
Then upload c:\ipconfig.txt to EE
Avatar of snurd3

ASKER

I did try the above and sort of got lost checking.  I can telnet from one server to another on port 80 and port 443. Canyouseeme.org. does not see me on those ports.  I tried to telnet via the VPN to the shop and I can't do that.  If I run the netstat over the VPN, 80 and 443 are not listening.  
The thing has too many moving parts, though .  The certificate for the Exchange server is returning an error now and it was fine.  The PDC suddenly does not show any other hosts in its browser.  I have been checking the Sonicwall, which I just had checked last week by Sonicwall and found a couple of duplicated routes.  It's sort of like trying to pitch a tent on a 90 MPH wind.
 
John
It does sound like you have a few more problems on your hands and there are sinister happenings going on.
Can you reboot your server(s) and see if it / they settle down?
Avatar of snurd3

ASKER

Right.  When in doubt, reboot.  Will do that.  
Avatar of snurd3

ASKER

This situation was resolved with the help of the two experts who offered help.  Both contributed something to the solution so I'dlike to divide the points between them.  The solution was a combination of the outside firewall and security issues.<input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden">
Avatar of snurd3

ASKER

Thanks all