?
Solved

HTTPS Webmail suddenly gives page 404

Posted on 2010-01-11
33
Medium Priority
?
501 Views
Last Modified: 2012-05-08
Hello all,

I've had my users logging into our Webmail via HTTPS for some time now.   I even checked it yesterday from home.   Now, suddenly, if we try to access through HTTPS, we get to the Secure Certificate page, but when we select the "Continue to Website" link we get a 404, page not found.  I initially restarted Exhange and IIS services and have even restarted the server, but no go.

I did turn off requiring HTTPS and Forms Based Authentication and we CAN log in unsecured, so that's what we're doing at the moment.

Any ideas of where to start looking?
0
Comment
Question by:balloyd66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 11
  • 7
  • +2
33 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 26284923
Has your certificate expired?
0
 

Author Comment

by:balloyd66
ID: 26284987
nope, good for another year +.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26285012
Try resetting the Exchange Virtual Directories, use methid 3:http://support.microsoft.com/kb/883380

Also check the permissions against this:  http://www.msexchange.org/tutorials/Resetting-OWA-Folder-IIS-security-permissions-Exchange-2003.html
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26285030
If you turned off FBA, and it works, then it's possible that the Active Server Pages IIS Web Extension has been disallowed.  The FBA page is an Active Server Page.

Can you find the IIS log entries showing the request and the 404 response?
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 26286606
Please find IIS authentication type and the SSL requirement for Exchange 2003.
1) Default Website : Annonymous & Integrated     NO SSL
2) Exadmin : Integrated                                    NO SSL
3) Exchweb : Annonymous                              NO SSL
4) Exchange: Basic                                        SSL Optional
5) RPC     : Basic                                        SSL Required
6) OMA     : Basic                                       SSL Optional
7) Public  : Basic+Integrated                         SSL Optional
8) exchange-oma : Basic & Integrated             NO SSL
9) Microsoft-Server-ActiveSync : Basic           SSL Optional
After  that Restrart IIS and check it.
0
 

Author Comment

by:balloyd66
ID: 26288336
Sorry folks, nothing working yet.   I've reset Virtual Directories, check permissions.  Log files don't show any requests or denial for https.
Lee, turning off HTTPS requirement is what's letting us in right now.  I actually forgot to turn of FBA until later this morning.  Do you still think IIS web extension has been disallowed?  How to fix?
I may try to recreate my certificate, but it'll have to wait a couple days for an after hours session.  People are getting tired of me restarting email services.
Any more suggestions?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26292486
Turning off SSL should automatically disable FBA.  To check the ASP IIS Web extension, start your IIS Manager, and click on the Web Service Extensions container in the left hand panel.  You should see 'Active Server Pages' over on the right.  It should be set to 'Allow'.
0
 

Author Comment

by:balloyd66
ID: 26292726
Everything is allowed, except WebDAV.   I've attached screenshot.
IIS-Web-Service-Extensions.JPG
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26292773
Okay, that looks good.  You'll have to open your IIS log file and find the 404 entry.
0
 

Author Comment

by:balloyd66
ID: 26292936
Sorry, I really don't know what I'm looking for in the logs.   I've found several "404" entries, but don't know what they mean.  Mostly what's in the logs is my OMA guys' activity.  I've attached the last two days' log files.  
ex100110.log
ex100111.log
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26293047
Before looking at the logs, I want to be sure that the relevant 404 errors are actually in there.  If you turned SSL off more than two days ago (which means that no-one will have encountered the 404 error in the last two days), they won't be in there.  The best way would be to re-enable your SSL requiremet on OWA, try to access OWA so that the error is reproduced, and then remove the SSL requirement so your users can access OWA again.  That way, you know that the relevant entries are near the end of today's IIS log file.  BTW, you can open these in notepad, but note that the logged times are in GMT.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 800 total points
ID: 26293496
The next thing I would go for would be an IIS reinstallation as per: http://support.microsoft.com/kb/320202
0
 

Author Comment

by:balloyd66
ID: 26293530
I'm attaching today's log.   You can see where I restart IIS at 14:47:43 and then I tried to log in several times via HTTPS since then, but I don't see any evidence in the log files.
ex100112.log
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26293574
No, there are no relevant 404's in there.  Is there more than one web site on the server?  In IIS Manager, do you see other sites, besides the Default Web Site, in the Web Sites container?  If so, then check that the Default Web Site is using port 443 for its SSL requests (press that Advanced button), and that no other web site is.
0
 

Author Comment

by:balloyd66
ID: 26293669
Lee, Attaching file of Web Sites.    The weird thing is, this just happened overnight, nobody messing with the server, etc.   It was running fine for months.

Dematzer, keeping your suggestion in the back of my mind.


IIS-Web-Sites.JPG
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26293771
Okay, so the Default Web Site is listening on port 443.  How about any of the others?  If they are, then there is a good chance that when you use https in your OWA URL, then the requests are actually going to the wrong web site, resulting in the 404 response.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26293795
If there were 2 websites listening on port 443 then they wouldn't both start?
It looks from the screen captures like the Default Website is started.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26293899
I would expect you get that weird 'File already in use' error.  But it's possible that one of the other sites is using a specific IP address (rather than 'All Unassigned').  I'm guessing that in that case, the sites would start up okay, and that this might ultimately require the default web site to be configured to use another specific IP address, and then make sure the name resolution is correct.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26293906
good point.
0
 

Author Comment

by:balloyd66
ID: 26294034
No other web sites are using SSL.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26294084
Are you sure you are getting a 404 - Page Not Found message, and not just the generic IE 'The Page Could Not Be Displayed' message.  A 404 response has to come from somewhere (it is sent by the server, not simply 'assumed' by IE), but it does not appear in your Default Web Site IIS log file.  So where is it coming from?
0
 

Author Comment

by:balloyd66
ID: 26294153
I'm kind of having the same question.   Attaching screenshot.
HTTPS-404-page.JPG
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26294220
Have a look at the other iis log files on the server (you should have logs in 3 other folders, besides W3SVC1).  See if you can see any requests for /Exchange in there.

Are you doing your testing from the LAN, or from the Internet?
0
 

Author Comment

by:balloyd66
ID: 26294366
Will look at other logs.   Doing testing from LAN, but separate IP, i.e. my firewall is xxx.xxx.xxx.152 and the email firewall is xxx.xxx.xxx.151.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26294448
Try the link I posted on re-installing IIS?
0
 

Author Comment

by:balloyd66
ID: 26294546
Lee, nothing in other log files.

Dematzer, still keeping that an option, but think it would be last resort.  I don't do this stuff everyday and what would take some 1 hour will take me 4, at least.  Will have to wait for a weekend to take email down.

?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 26294604
What happens if you try to open the default web site with SSL:
  https://mail.lsapa.com
how about using the LAN IP address
  https://xxx.xxx.xxx.xxx/Exchange
0
 

Author Comment

by:balloyd66
ID: 26296540
Took some time to change out router/firewall.   Have more confidence that this one is passing through info.   Also, now not getting 404, but IE cannot display..    Think the firewall was jacked up too.
EXTERNAL
https://mail.lsapa.com = IE cannot display the webpage.
https://mail.lsapa.com/exchange = IE cannot display the webpage.
HTTP://mail.lsapa.com = Under Construction
HTTP://mail.lsapa.com/exchange = Page must be viewed over secure channel.
LOCAL NETWORK
https://192.168.1.165 = IE cannot display the webpage.
https://192.168.1.165/exchange = IE cannot display the webpage.
HTTP://192.168.1.165 = Under Construction
HTTP://192.168.1.165/exchange = Page must be viewed over secure channel.
0
 
LVL 31

Assisted Solution

by:LeeDerbyshire
LeeDerbyshire earned 400 total points
ID: 26303172
It's possible that you were getting a 404 from the firewall's own admin web site - you wouldn't believe how common it is for that to happen.  People think the firewall is forwarding the traffic, but instead, it's responding to the request itself.

So, it looks like your SSL requests are now either not reaching the server, or the server is ignoring them.  Are you reasonably sure that the firewall is passing SSL to the correct server?  All you need to do is make sure that its port 443 rule is the same as the port 80 one.  If it looks okay, then make sure that the HTTP SSL service is running on the server.
0
 

Author Comment

by:balloyd66
ID: 26309748
Well, I'm fairly confident the request are reaching the server now, but still "IE cannot display the webpage."   Looks like I probably messed up the server when really it was the router issue.  Again, I reset the High Water Marks and have even rebooted the server, but still no go.  Am I to the point of reinstalling IIS and Exchange?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26309794
I have to say that's where I would be going!

It's detailed step by step in the link I posted just make sure you follow it to the letter!
0
 

Author Comment

by:balloyd66
ID: 26323997
Okay, think it's time for the reinstall.   Not a high priority, though.   Thanks to everyone for hanging in there with me.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26324012
The re-install of IIS will more than likely fix it because it involves a "repair" installation of Exchange as well.
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question