Solved

HTTPS on OWA not working.

Posted on 2010-08-13
11
3,130 Views
Last Modified: 2012-05-10
Hi,

I have a client running Server 2008, Exchange 2007, IIS.
I they were able (until recently) to connect to OWA by https://mail.domain.com/owa.
Then it suddenly stopped working. I get an error The web page at https://mail.xxxx.org.uk/owa might be temporarily down or it may have moved permanently to a new web address.
If I turn of SSL I can connect happily via just http. If I turn on SSL it gives me the error. I have checked IP/DNS at ISP and it's OK and resolves to the IP address. I can connect using http://IPAddress/OWA and http://mail.xxx.org.uk/owa so assume it cant be to do with the routing/DNS.
I checked IIS and HTTPS is allowed and run a port scan externally to make sure HTTPS was allowed through the firewall..all tests passed.
If I enable SSL all stops working on OWA even from within IIS where it gives you the option to browse.
I assume it cant me the certificate if I am not getting error messages on the local LAN with outlook??

Any help to shed light on this would be greatly appreciated.
0
Comment
Question by:ritltd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33427624
Are you sure that 443 is going to the Exchange server and not just the router?

Can you get to it internally if you type myexchangeserver.internal.lan.ip/owa? (replace the words for numbers)

Is the site definitely published on 443?  Are there are any other websites on the box that are using 443?

Go into IIS and stop all websites apart from the one you need, check the port bindings in IIS, restart IIS and then try and get to it locally on the server.

if this doesn't work, you can reset the virtual directories by looking here :-
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/32f5654b-7f9d-4043-a126-de8057818438
0
 
LVL 1

Expert Comment

by:leejohn83
ID: 33427676
when you connected to exchange using this URL https://mail.domain.com/owa , I assume that you are connecting directly to the server bypassing your firewall. Please check your firewall policy manager. Please allow your firewall to accept connection using SSL port 443.
0
 

Author Comment

by:ritltd
ID: 33427817
I have checked the router and 443 is definitely going to the server.
I cannot connect even internally to HTTPS only HTTP if I disable SSL.

New to IIS so can you tell me how I go about checking the Bindings??
0
Office 365 Advanced Training for Admins

Special Offer:  Buy 1 course, get 2nd free!  Buy the 'Managing Office 365 Identities & Requirements' course w/ Accelerated TestPrep, and automatically receive the 'Enabling Office 365 Services' course FREE!

 
LVL 11

Expert Comment

by:Coast-IT
ID: 33428010
open up IIS

Select a site in the tree view and click Bindings in the Actions pane.

This brings up the bindings editor which shows you which ports are bound to the site.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33428089
Sounds like something possibly is wrong with your certificate. Have you tried removing the certificate from the workstation first and reinstalling it? How about the server side?
0
 

Author Comment

by:ritltd
ID: 33428092
OK, I can only see Bindings when I am on the Default Web Site.
I have looked at this and it has both http and https
If I edit https the IP address says 'all unassigned' Port 443, Hostname is greyed out and SSL Certificate says not selected.
If I try to select Microsoft Exchange i get an error that says 'unable to find the existing binding to update'
If I view the certificate is says issued to : Server  Issues By: Server and Valid to 19/07/2011.
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 33428374
First take a IIS backup after that you can try bellow steps.

First Remove the certificate using the IIS manager "select “Server Certificates” and take the “Remove” action"

Step 2.
1.Add SSL binding same as per your certificate.

After that Restart IIS and check it.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33428609
rittld > Is that a self signed cert or a UCC/SAN Cert
Did you install any updates through automatic update before OWA stopped working ?
0
 

Author Comment

by:ritltd
ID: 33429109
It is a self signed Cert there may well have been Windows updates applied.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33429153
can you check from add / remove programs with updates checked

Also you can check your windows update history
open IE > Go to windows update > click history on the left tab.

let me know the kbid for the windows update which might have caused this.
0
 

Accepted Solution

by:
ritltd earned 0 total points
ID: 33443947
Hi, Thanks all for your help. I found a good article which has resolved the situation.
Seems that SSL was OK for Exchange but had not been correctly applied to IIS.

http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision Office 365 tenants, synchronize your on-premise Active Directory, and implement Single Sign-On.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question