Outlook Web Access OWA not working in Exchange 2010

I brought a new server 2008 into our SBS 2003 environment.  We finally have it up and running with message flowing for Outlook and cell phone users.  When we go to the website https://<ourdomain.com>/owa the site comes up and we can enter our username and password.  When we submit this, the next page that comes up is completely blank except for two words in the upper left corner saying: Bad Request.  So there's obviously a disconnect between IIS and Exchange and it probably simple but I'm not that experienced in IIS/Exchange setup and troubleshooting.
jhuntiiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteCommented:
0
jhuntiiAuthor Commented:
OK, I checked the headers for the Default Site (the only site I have) and there are no headers set for HTTP nor HTTPS.  In looking at the basic settings of the Exchweb folder and owa folder, there is a test button.  The test for both say that authentication is OK, but that Authorization is questionable with this info:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.
and:
The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

I checked the physical location and Authenticated Users, System, and Administrators group all have right to the owa folder.  Any other things to check?  Could it still be trying to look at the 2003 owa site?  I have the firewall forwarding everything to this new server.  Thanks.
0
Shreedhar EtteCommented:
Does owa working internally?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

jhuntiiAuthor Commented:
No, it does not.  It gives the same error 400 Bad Request.
0
oztrodamusCommented:
Hi jhuntii,

At this point I think it would be eaiser for you to delete and recreate your Exchange virtual directories. Don't worry it's not difficult. Just follow the MS instructions provided below. Once the directories are recreated you will need to follow up and reset the security permissions on the virtual directories. All is explained int he KB article.

If there is any point in the KB you don't understand just ask.

http://support.microsoft.com/kb/883380
0
Shreedhar EtteCommented:
0
jhuntiiAuthor Commented:
OK, I know I been away for a while.  If I need to open a new thread, I can.
Shreedhar, I was incorrect.  OWA Does work internally, but not externally.  Must be a firewall issue??
0
oztrodamusCommented:
Please check your External OWA settings

- Open EMS and go to Server Configuration
- Click on the Client Access tab and find your OWA connector
- Look at the properties of the connector and make sure your External URL matches one of the subject alternative names on your UCC certificate
- Open IIS and make sure the UCC certificate is bound to the website your using for your OWA virtual directories
- Scroll down to the OWA virtual directory, click on SSL Settings and make sure SSL Required is check markes and client certificates is set to Ignore
- Highlight the OWA virtual directory, click on Authentication, and verify Basic Authentication is enabled, all other forms of authentication should be disabled on the OWA virtual directory
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Shreedhar EtteCommented:
As OWA working internally just check the firewall settings to see whether the external owa requests are getting forwarded to the server.
0
jhuntiiAuthor Commented:
Oztrodamus, followed your suggestions and also in the Application Development section, selected SMTP-Email in the OWA virtual directory in IIS and under the section of Deliver email to SMTP server, checked Localhost checkbox (was not checked), and selected Windows authentication.  And, OWA is working!  :)  Yeah!!
I do have a question about the Authentication settings in the Security section that you mention.  You said to set to Basic authentication and turn the rest off.  Shouldn't this be Windows authentication to access OWA??
0
oztrodamusCommented:
Hi jhuntii,

Glad to hear it's working :)

The recommended setting is Basic Authentication. You don't have to worry about security, because even though the password is sent in clear text it's encrypted by virtue of the fact you're connected via an IPSec tunnel.

You can use Windows Authentication if you want to, but it severely restricts the flexibility of OWA. It would require that all PC's using OWA be members of your authentication domain. And the only benefit it would provide is transparent login, which in turn would prevent you from signing in with an alternate account. I think you give up too much with no real added benfit to use it.

Cheers,
0
jhuntiiAuthor Commented:
Thanks again very much. :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.