Solved

HTTPS on OWA not working.

Posted on 2010-08-13
11
2,754 Views
Last Modified: 2012-05-10
Hi,

I have a client running Server 2008, Exchange 2007, IIS.
I they were able (until recently) to connect to OWA by https://mail.domain.com/owa.
Then it suddenly stopped working. I get an error The web page at https://mail.xxxx.org.uk/owa might be temporarily down or it may have moved permanently to a new web address.
If I turn of SSL I can connect happily via just http. If I turn on SSL it gives me the error. I have checked IP/DNS at ISP and it's OK and resolves to the IP address. I can connect using http://IPAddress/OWA and http://mail.xxx.org.uk/owa so assume it cant be to do with the routing/DNS.
I checked IIS and HTTPS is allowed and run a port scan externally to make sure HTTPS was allowed through the firewall..all tests passed.
If I enable SSL all stops working on OWA even from within IIS where it gives you the option to browse.
I assume it cant me the certificate if I am not getting error messages on the local LAN with outlook??

Any help to shed light on this would be greatly appreciated.
0
Comment
Question by:ritltd
  • 4
  • 2
  • 2
  • +3
11 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33427624
Are you sure that 443 is going to the Exchange server and not just the router?

Can you get to it internally if you type myexchangeserver.internal.lan.ip/owa? (replace the words for numbers)

Is the site definitely published on 443?  Are there are any other websites on the box that are using 443?

Go into IIS and stop all websites apart from the one you need, check the port bindings in IIS, restart IIS and then try and get to it locally on the server.

if this doesn't work, you can reset the virtual directories by looking here :-
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/32f5654b-7f9d-4043-a126-de8057818438
0
 
LVL 1

Expert Comment

by:leejohn83
ID: 33427676
when you connected to exchange using this URL https://mail.domain.com/owa , I assume that you are connecting directly to the server bypassing your firewall. Please check your firewall policy manager. Please allow your firewall to accept connection using SSL port 443.
0
 

Author Comment

by:ritltd
ID: 33427817
I have checked the router and 443 is definitely going to the server.
I cannot connect even internally to HTTPS only HTTP if I disable SSL.

New to IIS so can you tell me how I go about checking the Bindings??
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33428010
open up IIS

Select a site in the tree view and click Bindings in the Actions pane.

This brings up the bindings editor which shows you which ports are bound to the site.
0
 
LVL 5

Expert Comment

by:sosinc3
ID: 33428089
Sounds like something possibly is wrong with your certificate. Have you tried removing the certificate from the workstation first and reinstalling it? How about the server side?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:ritltd
ID: 33428092
OK, I can only see Bindings when I am on the Default Web Site.
I have looked at this and it has both http and https
If I edit https the IP address says 'all unassigned' Port 443, Hostname is greyed out and SSL Certificate says not selected.
If I try to select Microsoft Exchange i get an error that says 'unable to find the existing binding to update'
If I view the certificate is says issued to : Server  Issues By: Server and Valid to 19/07/2011.
0
 
LVL 20

Expert Comment

by:SatyaPathak
ID: 33428374
First take a IIS backup after that you can try bellow steps.

First Remove the certificate using the IIS manager "select “Server Certificates” and take the “Remove” action"

Step 2.
1.Add SSL binding same as per your certificate.

After that Restart IIS and check it.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33428609
rittld > Is that a self signed cert or a UCC/SAN Cert
Did you install any updates through automatic update before OWA stopped working ?
0
 

Author Comment

by:ritltd
ID: 33429109
It is a self signed Cert there may well have been Windows updates applied.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33429153
can you check from add / remove programs with updates checked

Also you can check your windows update history
open IE > Go to windows update > click history on the left tab.

let me know the kbid for the windows update which might have caused this.
0
 

Accepted Solution

by:
ritltd earned 0 total points
ID: 33443947
Hi, Thanks all for your help. I found a good article which has resolved the situation.
Seems that SSL was OK for Exchange but had not been correctly applied to IIS.

http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now