Outlook Web Access OWA not working in Exchange 2010

I brought a new server 2008 into our SBS 2003 environment.  We finally have it up and running with message flowing for Outlook and cell phone users.  When we go to the website https://<ourdomain.com>/owa the site comes up and we can enter our username and password.  When we submit this, the next page that comes up is completely blank except for two words in the upper left corner saying: Bad Request.  So there's obviously a disconnect between IIS and Exchange and it probably simple but I'm not that experienced in IIS/Exchange setup and troubleshooting.
jhuntiiAsked:
Who is Participating?
 
oztrodamusCommented:
Please check your External OWA settings

- Open EMS and go to Server Configuration
- Click on the Client Access tab and find your OWA connector
- Look at the properties of the connector and make sure your External URL matches one of the subject alternative names on your UCC certificate
- Open IIS and make sure the UCC certificate is bound to the website your using for your OWA virtual directories
- Scroll down to the OWA virtual directory, click on SSL Settings and make sure SSL Required is check markes and client certificates is set to Ignore
- Highlight the OWA virtual directory, click on Authentication, and verify Basic Authentication is enabled, all other forms of authentication should be disabled on the OWA virtual directory
0
 
Shreedhar EtteCommented:
0
 
jhuntiiAuthor Commented:
OK, I checked the headers for the Default Site (the only site I have) and there are no headers set for HTTP nor HTTPS.  In looking at the basic settings of the Exchweb folder and owa folder, there is a test button.  The test for both say that authentication is OK, but that Authorization is questionable with this info:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
and:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

I checked the physical location and Authenticated Users, System, and Administrators group all have right to the owa folder.  Any other things to check?  Could it still be trying to look at the 2003 owa site?  I have the firewall forwarding everything to this new server.  Thanks.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Shreedhar EtteCommented:
Does owa working internally?
0
 
jhuntiiAuthor Commented:
No, it does not.  It gives the same error 400 Bad Request.
0
 
oztrodamusCommented:
Hi jhuntii,

At this point I think it would be eaiser for you to delete and recreate your Exchange virtual directories. Don't worry it's not difficult. Just follow the MS instructions provided below. Once the directories are recreated you will need to follow up and reset the security permissions on the virtual directories. All is explained int he KB article.

If there is any point in the KB you don't understand just ask.

http://support.microsoft.com/kb/883380
0
 
Shreedhar EtteCommented:
0
 
jhuntiiAuthor Commented:
OK, I know I been away for a while.  If I need to open a new thread, I can.
Shreedhar, I was incorrect.  OWA Does work internally, but not externally.  Must be a firewall issue??
0
 
Shreedhar EtteCommented:
As OWA working internally just check the firewall settings to see whether the external owa requests are getting forwarded to the server.
0
 
jhuntiiAuthor Commented:
Oztrodamus, followed your suggestions and also in the Application Development section, selected SMTP-Email in the OWA virtual directory in IIS and under the section of Deliver email to SMTP server, checked Localhost checkbox (was not checked), and selected Windows authentication.  And, OWA is working!  :)  Yeah!!
I do have a question about the Authentication settings in the Security section that you mention.  You said to set to Basic authentication and turn the rest off.  Shouldn't this be Windows authentication to access OWA??
0
 
oztrodamusCommented:
Hi jhuntii,

Glad to hear it's working :)

The recommended setting is Basic Authentication. You don't have to worry about security, because even though the password is sent in clear text it's encrypted by virtue of the fact you're connected via an IPSec tunnel.

You can use Windows Authentication if you want to, but it severely restricts the flexibility of OWA. It would require that all PC's using OWA be members of your authentication domain. And the only benefit it would provide is transparent login, which in turn would prevent you from signing in with an alternate account. I think you give up too much with no real added benfit to use it.

Cheers,
0
 
jhuntiiAuthor Commented:
Thanks again very much. :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.