OWA Internet Explorer cannot display the webpage

Our OWA has been playing around for a while, when i try and access i get the cert warning, i click continue then i get 'Internet Explorer cannot display the webpage'
Normally a reboot of the server will fix this for a few days then it happens again.
It's running on server2003, i have the same error externally and internally, we are coming in externally via https and the certificate is a self cert one which i updated a few weeks ago, however we were suffering this issue before the cert was updated but not as often.
kev-griggsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
It sounds like this issue is costing the company more money than what it would cost for a UC cert.    Why not be done with the issues and get a proper cert?
0
LeeDerbyshireCommented:
Do you still get the error if you temporarily remove the requirement for SSL on the Exchange VDir?
0
kev-griggsAuthor Commented:
EndureKona
I take your point, if i can prove it's the cert i will
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

kev-griggsAuthor Commented:
LeeDerbyshire:

Will give it a go, thanks
0
kev-griggsAuthor Commented:
LeeDerbyshire:

Yes it does work if i uncheck the SSL requirements in the exchange section of the Vdirectory.
0
LeeDerbyshireCommented:
Well, I think that points to a problem with the cert.  It's probably easier to go and buy one, but if you want to persevere with your own, I would suggest going through the creation process again, being extra careful.  My personal favourite method is SelfSSL, since it's a very simple process.
0
kev-griggsAuthor Commented:
I did use SelfSSL, when i view the certificate it says its OK, i restarted the server and its now working, but will see how long for.
My thoughts are the cert will either work or not, not just give up a few days in.
0
LeeDerbyshireCommented:
Maybe something else is going wrong with IIS?  Next time you are unable to use OWA, see if you are also unable to access the Default Web Site using SSL.
0
kev-griggsAuthor Commented:
its stopped again, had a look through event manager and this error W3SVC-WP does not appear whilst it was running but did appear when not, not sure if its relevent.
aim1.JPG
0
LeeDerbyshireCommented:
I don't know what ETW tracing is.  Maybe you turned it on to help diagnose the problem:
http://msdn.microsoft.com/en-us/library/ms751538.aspx?ppud=4

Did you try disabling SSL once the problem appears?  I know that I sort of already asked this once, but I didn't mention to only try it after you see the problem.
0
kev-griggsAuthor Commented:
Yes, i disabled SSL and it works, re enabled it and it does not
0
LeeDerbyshireCommented:
Is anything else displayed, other than 'Cannot display the web page'?  If not, make sure that you IE 'Friendly HTTP Errors' are not enabled (they hide the most useful information).
0
kev-griggsAuthor Commented:
No matter if its checked or not after clicking the continue on the security cert page i get Internet Explorer cannot display the webpage
if i click rthe more info tab, i get
This problem can be caused by a variety of issues, including:

•Internet connectivity has been lost.
•The website is temporarily unavailable.
•The Domain Name Server (DNS) is not reachable.
•The Domain Name Server (DNS) does not have a listing for the website's domain.
•There might be a typing error in the address.
•If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
0
LeeDerbyshireCommented:
Well, IE's own suggestions aren't usually very helpful, but lets try them.  The only way it could be a DNS issue is if OWA has changed the server name part of the URL by itself (not as impossible as, you'd think).  So, has the server name part of the URL changed to something other than what you originally typed in?

Also, try the last suggestion.  I've never heard of anyone disabling SSL in IE, but you never know - it might have happened accidentally.
0
kev-griggsAuthor Commented:
i did try the suggestions IE made, server name had not changed and i have SSL enabled.
What does not make sense is when we make initial connection it must be finding the server because it shows the certificate error, its only when we click continue it bombs out.
0
LeeDerbyshireCommented:
Is the HTTP SSL service still running on the server?
0
kev-griggsAuthor Commented:
HTTP SSL services are running, i even restarted them
0
LeeDerbyshireCommented:
Can you find the IIS log entries generated by the server when the request failed?
0
kev-griggsAuthor Commented:
any idea what the log id called, seached for obviouse but cannot find aything, maybe not turned on
0
LeeDerbyshireCommented:
Should be one of the files in C:\Windows\System32\LogFiles\W3SVC1 .  There is one file for each day.
0
kev-griggsAuthor Commented:
Found the logs, the only thing i can see different between not working and woring is the following line repeated time after time in the non working log but not in the working log
the reason=0 443 may be the issue but i have no idea what it means other than port 443

#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2010-04-03 15:21:09 W3SVC1 192.168.0.101 GET /exchweb/bin/auth/owalogon.asp url=https://mydomain/exchange&reason=0 443 - 45.152.195.20 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+Tablet+PC+2.0) 200 0 0
0
LeeDerbyshireCommented:
That is the server sending the Forms-based Auth logon page to the client.  Are these entries in different log file directories?  They should all be in W3SVC1 .
0
kev-griggsAuthor Commented:
They do not appear in the logs when ots working, but appear many times in the logs when not, currently it has been up with no problems.
0
LeeDerbyshireCommented:
There is no reason why the working entries should not be in the same log, unless the requests are going to a different site when they succeed.  Does the server have more than one web site on it?
0
kev-griggsAuthor Commented:
no, there is no other website on this server, but there is our company intranet on another server on the domain.
0
LeeDerbyshireCommented:
Can you see requests for /Exchange in the IIS log for the intranet server?  It's possible that a name resolution issue is directing some of your OWA requests there.
0
kev-griggsAuthor Commented:
dont think so but i will have another look
0
kev-griggsAuthor Commented:
No i cannot see any requests for exchange in the logs or visa versa
0
LeeDerbyshireCommented:
Can you access the default web site on the server?  With and without https?
0
kev-griggsAuthor Commented:
No not with https, but i can with http
0
LeeDerbyshireCommented:
We should already have checked this, but I can't find it mentioned anywhere...  In IIS Manager, look at the properties of the default web site.  Note the IP address selected, then click the Advanced button.

Is the IP address set to anything other than All Unassigned?
Is a Host Header name configured for the site?
Is SSL configured to listen on port 443?
Is there more than one web site in the Web Sites container?
0
kev-griggsAuthor Commented:

Is the IP address set to anything other than All Unassigned?       - No
Is a Host Header name configured for the site?                            - Host header value is blank
Is SSL configured to listen on port 443?                                        - Yes
Is there more than one web site in the Web Sites container?       - No, one only

Thanks
0
LeeDerbyshireCommented:
What error is displayed when you tried to reach the default web site via https?  Can you find that request in the IIS log file?
0
kev-griggsAuthor Commented:
Have just noticed it has dropped again so will check the log files in the morningm through firefox i get
The connection to the server was reset while the page was loading.

       


       
       


    *   The site could be temporarily unavailable or too busy. Try again in a few
          moments.

    *   If you are unable to load any pages, check your computer's network
          connection.

    *   If your computer or network is protected by a firewall or proxy, make sure
          that Firefox is permitted to access the Web.
0
kev-griggsAuthor Commented:
At the moment i cannot connect so i have tried to connect then looked at the log file, here is whats in the log file.

2010-04-23 17:49:54 W3SVC1 192.168.0.101 GET /exchweb/bin/auth/owalogon.asp url=https://owa.mydomain.co.uk/exchange&reason=0 443 - 81.154.8.52 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+Tablet+PC+2.0) 200 0 64

what i have noticed is i connectedat 18:49, the server time says 18:49, but the log file says 17:49, all the entries appear to be an hour behind.
0
LeeDerbyshireCommented:
Again, that is the server correctly sending the FBA logon page to the client.  Do you see the FBA page okay?  IIS log file times are in GMT.
0
kev-griggsAuthor Commented:
I assume by FBA page you mean the OWA sign in screen, no i do not see that
I restarted the server and it's working again and the time is still an hour out, so as you suggested, it's got nothing to do with it.
0
LeeDerbyshireCommented:
Your server is presumably now in Daylight Saving Time, so it's clock will have advanced.  The IIS log times are always in GMT, though, so in DST periods they will appear to be one hour behind.

Anyway.  The IIS log shows that the server is sending the FBA page to you (that's what the GET /exchweb/bin/auth/owalogon.asp means), and the 200 near the end indicates that as far as the server is concerned, the request was completed successfully.  What address is in the address bar when you get the error message in the browser?  It should have changed from https://server/exchange to something else.
0
kev-griggsAuthor Commented:
Just tried it and its not working again, heres the log of my attempt to connect internally, when i get the cannot connect page the address does not change in the address bar.


2010-04-29 14:54:52 W3SVC1 192.168.0.101 GET /exchweb/bin/auth/owalogon.asp url=https://server1/exchange&reason=0 443 - 192.168.0.134 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+Trident/4.0;+GTB6;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 200 0 64
0
LeeDerbyshireCommented:
It's baffling.  That single entry looks good, and you should be looking at the FBA logon screen.  How long does it take before you see the error message?  Does it appear immediately, or does it hang about for a few seconds?
0
kev-griggsAuthor Commented:
It appears immediately
0
LeeDerbyshireCommented:
Can you check a few things in IIS Manager.  First, expand the Web Sites container, and make sure that there is only the Default Web Site in there.  Lots of server applications like to add a web site for their own administration purposes, so there might be something in there that you don't know about.  Then look at the Web Service Extensions container, and make sure that Active Server Pages is set to Allow.

Also, try turning off Forms-based Authentication in ESM/Servers/Protocols/HTTP .
0
kev-griggsAuthor Commented:
ok, checked as suggested and all are as they should be,
0
LeeDerbyshireCommented:
Does it make any difference if you turn off Forms-Based Authentication?
0
kev-griggsAuthor Commented:
Missed that one, i had to restart the server last night so it's currently up and running, currently Forms-Based Authentication is on, will wait for it ot go wrong again and try thid.
0
kev-griggsAuthor Commented:
if i turn off Forms-based authentication it works, when i enable again it stops working.
0
LeeDerbyshireCommented:
Does it still work if you use SSL when FBA is turned off (at the same time that it isn't working with FBA enabled)?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kev-griggsAuthor Commented:
I have had ssl on all the time(excpept for when i turned it off briefly for a test), so yes, with ssl on and FBA off i was able to connect.
0
LeeDerbyshireCommented:
With FBA (when it's not working) you are only seeing iis log entries for owalogon.asp, whose only job is to work out what language you use, and then redirect you to something like exchweb/bin/auth/<lang>/logon.asp .  When you see the error message, what URL is in the address bar?  Does it end in either owalogon.asp or logon.asp, or something else?
0
kev-griggsAuthor Commented:
https://servername/exchange when trying internally, will try externally tonight
0
kev-griggsAuthor Commented:
Tried it remotely whilst not working, then restarted the server and tried again, which then worked, the address in the address bar was exacly the same.

https://owa.mydomain.co.uk/exchweb/bin/auth/owalogon.asp?url=https://owa.mydomain.co.uk/exchange&reason=0
0
LeeDerbyshireCommented:
The redirection to the FBA page is working, then.  It doesn't seem like an SSL problem if the redirect worked AND you used https: in your original request for https://servername/Exchange (if ssl was broken, nothing would have happened at all).  At the moment, it seems to me like ASP processing is periodically failing on the server, but if you're sure that nothing is being recorded in the event logs (not just the iis logs), I don't see a way to diagnose it.
0
kev-griggsAuthor Commented:
When not working thats all i get in the log, but when it is working i can see all the various folders etc being called by the user.
Strange!, thanks for all your help
0
LeeDerbyshireCommented:
You might try adding the AllowRetailHTTPAuth registry key described here:
http://technet.microsoft.com/en-us/library/aa996007(EXCHG.65).aspx?ppud=4
which will allow you to use FBA without SSL, and see if that makes any difference.  Note that this is only a temporary measure, since FBA without SSL is not very secure.
0
kev-griggsAuthor Commented:
will give it look tomorrow, thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.