• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3654
  • Last Modified:

HTTPS on OWA not working.

Hi,

I have a client running Server 2008, Exchange 2007, IIS.
I they were able (until recently) to connect to OWA by https://mail.domain.com/owa.
Then it suddenly stopped working. I get an error The web page at https://mail.xxxx.org.uk/owa might be temporarily down or it may have moved permanently to a new web address.
If I turn of SSL I can connect happily via just http. If I turn on SSL it gives me the error. I have checked IP/DNS at ISP and it's OK and resolves to the IP address. I can connect using http://IPAddress/OWA and http://mail.xxx.org.uk/owa so assume it cant be to do with the routing/DNS.
I checked IIS and HTTPS is allowed and run a port scan externally to make sure HTTPS was allowed through the firewall..all tests passed.
If I enable SSL all stops working on OWA even from within IIS where it gives you the option to browse.
I assume it cant me the certificate if I am not getting error messages on the local LAN with outlook??

Any help to shed light on this would be greatly appreciated.
0
ritltd
Asked:
ritltd
  • 4
  • 2
  • 2
  • +3
1 Solution
 
Coast-ITCommented:
Are you sure that 443 is going to the Exchange server and not just the router?

Can you get to it internally if you type myexchangeserver.internal.lan.ip/owa? (replace the words for numbers)

Is the site definitely published on 443?  Are there are any other websites on the box that are using 443?

Go into IIS and stop all websites apart from the one you need, check the port bindings in IIS, restart IIS and then try and get to it locally on the server.

if this doesn't work, you can reset the virtual directories by looking here :-
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/32f5654b-7f9d-4043-a126-de8057818438
0
 
leejohn83Commented:
when you connected to exchange using this URL https://mail.domain.com/owa , I assume that you are connecting directly to the server bypassing your firewall. Please check your firewall policy manager. Please allow your firewall to accept connection using SSL port 443.
0
 
ritltdAuthor Commented:
I have checked the router and 443 is definitely going to the server.
I cannot connect even internally to HTTPS only HTTP if I disable SSL.

New to IIS so can you tell me how I go about checking the Bindings??
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Coast-ITCommented:
open up IIS

Select a site in the tree view and click Bindings in the Actions pane.

This brings up the bindings editor which shows you which ports are bound to the site.
0
 
sosinc3Commented:
Sounds like something possibly is wrong with your certificate. Have you tried removing the certificate from the workstation first and reinstalling it? How about the server side?
0
 
ritltdAuthor Commented:
OK, I can only see Bindings when I am on the Default Web Site.
I have looked at this and it has both http and https
If I edit https the IP address says 'all unassigned' Port 443, Hostname is greyed out and SSL Certificate says not selected.
If I try to select Microsoft Exchange i get an error that says 'unable to find the existing binding to update'
If I view the certificate is says issued to : Server  Issues By: Server and Valid to 19/07/2011.
0
 
Satya PathakLead Technical ConsultantCommented:
First take a IIS backup after that you can try bellow steps.

First Remove the certificate using the IIS manager "select “Server Certificates” and take the “Remove” action"

Step 2.
1.Add SSL binding same as per your certificate.

After that Restart IIS and check it.

0
 
sunnyc7Commented:
rittld > Is that a self signed cert or a UCC/SAN Cert
Did you install any updates through automatic update before OWA stopped working ?
0
 
ritltdAuthor Commented:
It is a self signed Cert there may well have been Windows updates applied.
0
 
sunnyc7Commented:
can you check from add / remove programs with updates checked

Also you can check your windows update history
open IE > Go to windows update > click history on the left tab.

let me know the kbid for the windows update which might have caused this.
0
 
ritltdAuthor Commented:
Hi, Thanks all for your help. I found a good article which has resolved the situation.
Seems that SSL was OK for Exchange but had not been correctly applied to IIS.

http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 4
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now