Exchange 2010 External OWA Problem

I have just set up Exchange 2010 and am trying to get OWA to work correctly. It will work from the LAN with https://servername/owa. It does not work from https://webmail.mycompany.com. I have a public DNS record set and a NAT Policy to convert the public IP to the private IP. I cannot get the external URL to work from either external or internal. Anyone know why this could be?

In the install, I did not specify this as Internet facing. But I figured as long as specified the OWA external address in the EMC that it should still work.
MCSFAsked:
Who is Participating?
 
sunnyc7Connect With a Mentor Commented:
you mentioned here http:#33544718 that 443 fails, hence I wanted to focus on firewall and see if NAT is working and forwarding 443 to exchange internal IP.

UCC/SAN Cert - is required for autodiscover and other exchange services.
You can get one from digicert here
www.digicert.com/easy-csr/exchange2007.htm

or Godaddy.
0
 
kpoochiCommented:
What is the error you are getting externally.
0
 
MCSFAuthor Commented:
In Firefox I'm getting "the connection timed out" and in IE I'm getting "Internet Explorer cannot display the webpage".
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
MCSFAuthor Commented:
One more thing. I currently do not have an SSL cert as the cert will have to be moved from our current production server to this one when we migrate. That shouldn't matter should it?
0
 
kpoochiCommented:
Yes of course, certificate matters a lot for Https communication. Since we are able to access OWA locally using https at we would've got a certificate binded to DWS


Do you have Firewall or ISA where certificate is installed?
0
 
MCSFAuthor Commented:
No, certificate is currently on a 2003 fron-end server. Will be moved to 2010 CAS server.
0
 
Neil RussellTechnical Development LeadCommented:
First step, go here and test.
https://www.testexchangeconnectivity.com/ 
0
 
MCSFAuthor Commented:
I've used that tool several times, but I don't see which tool would help test OWA. Which one should I use? We won't be using Outlook Anywhere or external autodiscover at this time.
0
 
sunnyc7Commented:
get-owavirtualdirectory | fl
If your externalURL is blank - it wont work form outside.
0
 
kpoochiCommented:
Neilsr, we do not have any test for OWA in https://www.testexchangeconnectivity.com/ ...

MCSE,

Please move the certificate to CAS server as in a mixed envt of 2003 and 2007 CAS takes precedence than FE server. So, we should be able to resolve once we move the certificate to CAS server.

0
 
MCSFAuthor Commented:
The external URL is listed correctly as https://webmail.mydomain.com/owa
0
 
MCSFAuthor Commented:
I could move the cert, but then everyone would be cut off from OWA as they are all still on 2003 and I don't have a legacy cert. Even if I don't have a cert, shouldn't it at least give me a certificate warning? It doesn't even seem to be getting there.
0
 
Neil RussellTechnical Development LeadCommented:
@kpoochi
What do you mean "We dont have any test for....." ? Hello?
 
0
 
sunnyc7Commented:
a) www.canyouseeme.org
Check if 443 is open
b) did you install UCC/SAN Cert.
c) Can you post a screenshot of the error when accessing OWA externally ?

thanks
0
 
MCSFAuthor Commented:
a.) At that website it is testing our WAN IP, so 443 fails. This is a private IP that has NAT. The NAT rule is open to 80 and 443.
b.) What is a UCC/SAN Cert?
c.) screenshot attached
screen.jpg
0
 
kpoochiCommented:
Check whether the port is open....do nslookup for webmail.mydomain.com and check where it is pointing to..
0
 
MCSFAuthor Commented:
I did an nslookup from the outside and it resolved to the correct public IP address.
0
 
kpoochiCommented:
Do u have proxy in ur clients? Check the internet connection in our clients....
0
 
MCSFAuthor Commented:
No proxy. Is there anything in particular I need to worry about in IIS?
0
 
kpoochiCommented:
Since internally it is working fine, it should not be a problem in IIS or anything on the Exchange server.....

Try browsing webmail.mydomain.com/owa internally and check (make sure you have a host (A) record for webmail in your internal DNS)
0
 
MCSFAuthor Commented:
No, the external URL does not work internally either.
0
 
kpoochiCommented:
Do you have host headers set on Default Web Site in IIS... If yes remove the host headers and make sure the bindings are set properly to IP address as "All Unassigned"
0
 
MCSFAuthor Commented:
Where would I check for host headers under Default Website?
0
 
MCSFAuthor Commented:
I am using IIS 7 by the way.
0
 
kpoochiCommented:
In IIS, select Default Website... Right hand side, click on Bindings select port 80 and click edit... Host header box should be empty and IP should be "All Unassigned"

Check the same for port 443
0
 
MCSFAuthor Commented:
Port 80: IP address is All Unassigned with no hostname
Port 443: IP address is All Unassigned with no hostname and SSL certificate is listed as Microsoft Exchange.
0
 
kpoochiCommented:
View certificate and check Issue to name
0
 
MCSFAuthor Commented:
The certificate was issued by the Exchange server - Server1. Internally when connecting to internal URL I got a certificate error, but it worked. Is there some reason why the certificate would be required just to test the external URL?
0
 
sunnyc7Commented:
Can we focus on your firewall and see if its actually forwarding 443

If that doesn't work all iis stuff is moot
0
 
MCSFAuthor Commented:
Called our firewall vendor and as it turns out it was an incorrect rule on the firewall for external access. Also had to create a loopback NAT policy for internal to work on the external address.
0
 
sunnyc7Commented:
Life is good :)
0
 
sunnyc7Commented:
thanks for the points !!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.