Solved

OWA page cannot be found on some ISP provider's connection

Posted on 2010-09-15
23
721 Views
Last Modified: 2012-05-10
sbs2008 server, with owa enabled.
Works fine on computers connected to the same ISP as the server, doesn't work on computers connected on another ISP.

I asked to bring the computers that cannot connect to the company, they connected without problem so it cannot be computer settings.

I'm using ssl and the domain is not directly hosted on the sbs server.

any ideas???
0
Comment
Question by:postsuave
  • 11
  • 11
23 Comments
 
LVL 14

Accepted Solution

by:
Shabarinath Ramadasan earned 250 total points
ID: 33680354
Its a problem with your ISP or the user's ISP.
Assume that incomplete route is creating the issue.

Please speak with your ISP first and see if that helps.

good luck
Shaba
0
 

Author Comment

by:postsuave
ID: 33680361
i cannot speak with the ISP, it's a huge company, they won't listen...
i must say i do not use a VPN tunnel for the connections, maybe it may work with a vpn tunnel? Is this easy to test?
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33680366
Sounds like it could be a DNS issue of some kind.

Does it affect users from every other ISP or is it just one?

Can they connect (albeit they'll get certificate errors) to the IP address? https://ipaddress/owa ?

Presume the same machines can connect to other sites that use https?

First point of call is definately your ISP.
0
 

Author Comment

by:postsuave
ID: 33680376
i tried connecting like https://ipaddress/owa > didn't work on problem isp...
0
 
LVL 25

Assisted Solution

by:Tony1044
Tony1044 earned 250 total points
ID: 33680531
So it's just the one ISP?

That could get interesting but I would suggest a call to them.
0
 

Author Comment

by:postsuave
ID: 33680563
would there be a difference if an VPN tunnel is used? Is that easy to test?
I'd rather not spend 17days listening to crap music and talking to morons on the phone resulting in nothing...
0
 

Author Comment

by:postsuave
ID: 33680580
update: i tried a third ISP, didn't work also.
It seems like connections are only made on the same ISP as the server...
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33680595
When you say a VPN tunnel is being used could you give a bit more detail?

If one of your users drops the VPN connection, can they then connect to OWA?
0
 

Author Comment

by:postsuave
ID: 33680611
i have not yet tried using vpn yet. The idea is that maybe the ISP blocks incoming connections from out of their own LAN. I don't know if there are additional port connections being used with OWA and if there's a difference in port use when using OWA while connected by a VPN tunnel?
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33680639
Ah ok.

VPN might solve the issue but I can't imagine why an ISP would block port 443!

Do you get any errors if you put your mail domain into www.mxtoolbox.com ? It's free to use.

If you want to mail me your OWA url I can have a look from here if you want, too?

Tony***@***Johncock***.***co***.***.uk Needless to say, just remove the ***
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33680661
Just a thought - you're not blocking port 443 on your externally facing firewall, are you?

What happens if you try to browse to your OWA page on 80 - ie http not https?
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 

Author Comment

by:postsuave
ID: 33680868
this is the address: https://connect.foo.be/owa
i'm curious to know if you can connect!
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33681149
I cannot connect either - I can resolve the address ok with NSLOOKUP - I'll post the address it resolves to as you've already put the domain and we can ask one of the admins to obfuscate them later.

I get:

x.x.141.220 < - Is this correct?

Are you sure there isn't a firewall causing issues? I would turn off the Windows Firewall service temporarily and do a check first to rule that out but also check your internet facing firewall to ensure it's forwarding port 443 properly to your SBS server
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33681169
Has it ever worked externally, by the way?
0
 

Author Comment

by:postsuave
ID: 33681278
the ip is correct!
it does work for about 10 clients who's internet connection is on the same ISP without problem.
i think it might be a firewall of the ISP that's blocking connections?

Is it meaningful to test disabling the firewall when connections from other computers do work?
0
 

Author Comment

by:postsuave
ID: 33681341
update: disabled advanced firewall on sbs 2008 server > same problem.
outward facing firewall can't be a problem because the ip adress of the server is  configured DMZ...
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33681722
Ok so users on the same ISP connect through fine but users from others do not.

Has it always been like this, or has it just recently begun?

I have never heard of any ISP blocking 443 before. 25, yes but not 443 - I would suggest a chat with your ISP is in order because it really does look as though they're blocking something they shouldn't be!
0
 

Author Comment

by:postsuave
ID: 33681838
it has always been like this...
there is one thing that could be relevant:
the company doesn't have a fixed ip yet so uses dyndns.
the ip adress gets resolved like this: remotevansichen.dyndns.org
because this is a really ugly address, i created a subdomain in CPANEL on the webserver that hosts their website (yet another server), to redirect requests from connect.foo.be to https://remotefoo.foodns.org.
The ssl certificate is valid for connect.foo.be, and not for the foodns address. Could this be a problem?

the isp is really huge so i can't imagine that 443 is completely blocked...
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33682078
I would just like to recap on your configuration as I see it so please correct me if I have any of this wrong:

You host Exchange internally on SBS 2008;
Your web domain is hosted externally;
You have no static IP address but redirect from connect.foo.be to your foodns https://remotefoo.foodns.org name?
You have a valid SSL cert (from someone like Verisign/Thawte/GoDaddy etc?)
You have your internet facing firewall configured so that the SBS server is effectively in the DMZ?

From what I can see, the foodns side is working and redirecting properly but I cannot conncet to your server by either SSL or HTTP.

I have previously used dynamic DNS with DNS Exit and their client (similar to DynDNS) without any major issue beyond mail occasionally being blocked because it comes from a dynamic range - I'd really get a static IP.

Even though it's configured to be in a DMZ could you try setting a firewall rule to forward 443 to your SBS server please?
0
 

Author Comment

by:postsuave
ID: 33682251
problem solved... ISP blocks all ports under 1024. Customer should pay more for connection that doesn't block ports...
crap ISP!

Could you please obfuscate the ip / dns names? Then i will reward points.

Thank you!
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33682363
I don't personally have the ability to do that as I'm not at the relevant level yet but one of the admins can be asked.

Glad it's sorted.

I suspect that if you approach your ISP about a business solution, you will be able to get a block of static IP's and no ports will be blocked.

Out of interest, which part of Belgium are you from? I worked in Mons for a while with Microsoft.
0
 
LVL 25

Expert Comment

by:Tony1044
ID: 33682375
I've put a request in for the IP/Domain to be obfuscated.
0
 

Author Comment

by:postsuave
ID: 33682633
about 70 miles from Mons, region Hasselt. you can find me on link e din on this email geoffrey**@***insight dot be
thanks for the help!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Easy CSR creation in Exchange 2007,2010 and 2013
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The purpose of this video is to demonstrate how to set up a Mailchimp campaign. This will include styling and adding elements to a newsletter/email. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchim…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now