HTTPS Webmail suddenly gives page 404

Has your certificate expired?

nope, good for another year +.

Try resetting the Exchange Virtual Directories, use methid 3:http://support.microsoft.com/kb/883380

Also check the permissions against this:  http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html

If you turned off FBA, and it works, then it's possible that the Active Server Pages IIS Web Extension has been disallowed.  The FBA page is an Active Server Page.

Can you find the IIS log entries showing the request and the 404 response?

Please find IIS authentication type and the SSL requirement for Exchange 2003.
1) Default Website : Annonymous & Integrated     NO SSL
2) Exadmin : Integrated                                    NO SSL
3) Exchweb : Annonymous                              NO SSL
4) Exchange: Basic                                        SSL Optional
5) RPC     : Basic                                        SSL Required
6) OMA     : Basic                                       SSL Optional
7) Public  : Basic+Integrated                         SSL Optional
8) exchange-oma : Basic & Integrated             NO SSL
9) Microsoft-Server-ActiveSync : Basic           SSL Optional
After  that Restrart IIS and check it.

Sorry folks, nothing working yet.   I've reset Virtual Directories, check permissions.  Log files don't show any requests or denial for https.
Lee, turning off HTTPS requirement is what's letting us in right now.  I actually forgot to turn of FBA until later this morning.  Do you still think IIS web extension has been disallowed?  How to fix?
I may try to recreate my certificate, but it'll have to wait a couple days for an after hours session.  People are getting tired of me restarting email services.
Any more suggestions?

Turning off SSL should automatically disable FBA.  To check the ASP IIS Web extension, start your IIS Manager, and click on the Web Service Extensions container in the left hand panel.  You should see 'Active Server Pages' over on the right.  It should be set to 'Allow'.

Everything is allowed, except WebDAV.   I've attached screenshot.
IIS-Web-Service-Extensions.JPG

Okay, that looks good.  You'll have to open your IIS log file and find the 404 entry.

Sorry, I really don't know what I'm looking for in the logs.   I've found several "404" entries, but don't know what they mean.  Mostly what's in the logs is my OMA guys' activity.  I've attached the last two days' log files.  
ex100110.log
ex100111.log

Before looking at the logs, I want to be sure that the relevant 404 errors are actually in there.  If you turned SSL off more than two days ago (which means that no-one will have encountered the 404 error in the last two days), they won't be in there.  The best way would be to re-enable your SSL requiremet on OWA, try to access OWA so that the error is reproduced, and then remove the SSL requirement so your users can access OWA again.  That way, you know that the relevant entries are near the end of today's IIS log file.  BTW, you can open these in notepad, but note that the logged times are in GMT.

I'm attaching today's log.   You can see where I restart IIS at 14:47:43 and then I tried to log in several times via HTTPS since then, but I don't see any evidence in the log files.
ex100112.log

No, there are no relevant 404's in there.  Is there more than one web site on the server?  In IIS Manager, do you see other sites, besides the Default Web Site, in the Web Sites container?  If so, then check that the Default Web Site is using port 443 for its SSL requests (press that Advanced button), and that no other web site is.

Lee, Attaching file of Web Sites.    The weird thing is, this just happened overnight, nobody messing with the server, etc.   It was running fine for months.

Dematzer, keeping your suggestion in the back of my mind.


IIS-Web-Sites.JPG

Okay, so the Default Web Site is listening on port 443.  How about any of the others?  If they are, then there is a good chance that when you use https in your OWA URL, then the requests are actually going to the wrong web site, resulting in the 404 response.

If there were 2 websites listening on port 443 then they wouldn't both start?
It looks from the screen captures like the Default Website is started.

I would expect you get that weird 'File already in use' error.  But it's possible that one of the other sites is using a specific IP address (rather than 'All Unassigned').  I'm guessing that in that case, the sites would start up okay, and that this might ultimately require the default web site to be configured to use another specific IP address, and then make sure the name resolution is correct.

good point.

No other web sites are using SSL.

Are you sure you are getting a 404 - Page Not Found message, and not just the generic IE 'The Page Could Not Be Displayed' message.  A 404 response has to come from somewhere (it is sent by the server, not simply 'assumed' by IE), but it does not appear in your Default Web Site IIS log file.  So where is it coming from?

I'm kind of having the same question.   Attaching screenshot.
HTTPS-404-page.JPG

Have a look at the other iis log files on the server (you should have logs in 3 other folders, besides W3SVC1).  See if you can see any requests for /Exchange in there.

Are you doing your testing from the LAN, or from the Internet?

Will look at other logs.   Doing testing from LAN, but separate IP, i.e. my firewall is xxx.xxx.xxx.152 and the email firewall is xxx.xxx.xxx.151.

Try the link I posted on re-installing IIS?

Lee, nothing in other log files.

Dematzer, still keeping that an option, but think it would be last resort.  I don't do this stuff everyday and what would take some 1 hour will take me 4, at least.  Will have to wait for a weekend to take email down.

?

What happens if you try to open the default web site with SSL:
  https://mail.lsapa.com
how about using the LAN IP address
  https://xxx.xxx.xxx.xxx/Exchange

Took some time to change out router/firewall.   Have more confidence that this one is passing through info.   Also, now not getting 404, but IE cannot display..    Think the firewall was jacked up too.
EXTERNAL
https://mail.lsapa.com = IE cannot display the webpage.
https://mail.lsapa.com/exchange = IE cannot display the webpage.
HTTP://mail.lsapa.com = Under Construction
HTTP://mail.lsapa.com/exchange = Page must be viewed over secure channel.
LOCAL NETWORK
https://192.168.1.165 = IE cannot display the webpage.
https://192.168.1.165/exchange = IE cannot display the webpage.
HTTP://192.168.1.165 = Under Construction
HTTP://192.168.1.165/exchange = Page must be viewed over secure channel.

Well, I'm fairly confident the request are reaching the server now, but still "IE cannot display the webpage."   Looks like I probably messed up the server when really it was the router issue.  Again, I reset the High Water Marks and have even rebooted the server, but still no go.  Am I to the point of reinstalling IIS and Exchange?

I have to say that's where I would be going!

It's detailed step by step in the link I posted just make sure you follow it to the letter!

Okay, think it's time for the reinstall.   Not a high priority, though.   Thanks to everyone for hanging in there with me.

The re-install of IIS will more than likely fix it because it involves a "repair" installation of Exchange as well.