OWA page cannot be found on some ISP provider's connection

sbs2008 server, with owa enabled.
Works fine on computers connected to the same ISP as the server, doesn't work on computers connected on another ISP.

I asked to bring the computers that cannot connect to the company, they connected without problem so it cannot be computer settings.

I'm using ssl and the domain is not directly hosted on the sbs server.

any ideas???
postsuaveAsked:
Who is Participating?
 
Shabarinath RamadasanInfrastructure ArchitectCommented:
Its a problem with your ISP or the user's ISP.
Assume that incomplete route is creating the issue.

Please speak with your ISP first and see if that helps.

good luck
Shaba
0
 
postsuaveAuthor Commented:
i cannot speak with the ISP, it's a huge company, they won't listen...
i must say i do not use a VPN tunnel for the connections, maybe it may work with a vpn tunnel? Is this easy to test?
0
 
Tony JLead Technical ArchitectCommented:
Sounds like it could be a DNS issue of some kind.

Does it affect users from every other ISP or is it just one?

Can they connect (albeit they'll get certificate errors) to the IP address? https://ipaddress/owa ?

Presume the same machines can connect to other sites that use https?

First point of call is definately your ISP.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
postsuaveAuthor Commented:
i tried connecting like https://ipaddress/owa > didn't work on problem isp...
0
 
Tony JLead Technical ArchitectCommented:
So it's just the one ISP?

That could get interesting but I would suggest a call to them.
0
 
postsuaveAuthor Commented:
would there be a difference if an VPN tunnel is used? Is that easy to test?
I'd rather not spend 17days listening to crap music and talking to morons on the phone resulting in nothing...
0
 
postsuaveAuthor Commented:
update: i tried a third ISP, didn't work also.
It seems like connections are only made on the same ISP as the server...
0
 
Tony JLead Technical ArchitectCommented:
When you say a VPN tunnel is being used could you give a bit more detail?

If one of your users drops the VPN connection, can they then connect to OWA?
0
 
postsuaveAuthor Commented:
i have not yet tried using vpn yet. The idea is that maybe the ISP blocks incoming connections from out of their own LAN. I don't know if there are additional port connections being used with OWA and if there's a difference in port use when using OWA while connected by a VPN tunnel?
0
 
Tony JLead Technical ArchitectCommented:
Ah ok.

VPN might solve the issue but I can't imagine why an ISP would block port 443!

Do you get any errors if you put your mail domain into www.mxtoolbox.com ? It's free to use.

If you want to mail me your OWA url I can have a look from here if you want, too?

Tony***@***Johncock***.***co***.***.uk Needless to say, just remove the ***
0
 
Tony JLead Technical ArchitectCommented:
Just a thought - you're not blocking port 443 on your externally facing firewall, are you?

What happens if you try to browse to your OWA page on 80 - ie http not https?
0
 
postsuaveAuthor Commented:
this is the address: https://connect.foo.be/owa
i'm curious to know if you can connect!
0
 
Tony JLead Technical ArchitectCommented:
I cannot connect either - I can resolve the address ok with NSLOOKUP - I'll post the address it resolves to as you've already put the domain and we can ask one of the admins to obfuscate them later.

I get:

x.x.141.220 < - Is this correct?

Are you sure there isn't a firewall causing issues? I would turn off the Windows Firewall service temporarily and do a check first to rule that out but also check your internet facing firewall to ensure it's forwarding port 443 properly to your SBS server
0
 
Tony JLead Technical ArchitectCommented:
Has it ever worked externally, by the way?
0
 
postsuaveAuthor Commented:
the ip is correct!
it does work for about 10 clients who's internet connection is on the same ISP without problem.
i think it might be a firewall of the ISP that's blocking connections?

Is it meaningful to test disabling the firewall when connections from other computers do work?
0
 
postsuaveAuthor Commented:
update: disabled advanced firewall on sbs 2008 server > same problem.
outward facing firewall can't be a problem because the ip adress of the server is  configured DMZ...
0
 
Tony JLead Technical ArchitectCommented:
Ok so users on the same ISP connect through fine but users from others do not.

Has it always been like this, or has it just recently begun?

I have never heard of any ISP blocking 443 before. 25, yes but not 443 - I would suggest a chat with your ISP is in order because it really does look as though they're blocking something they shouldn't be!
0
 
postsuaveAuthor Commented:
it has always been like this...
there is one thing that could be relevant:
the company doesn't have a fixed ip yet so uses dyndns.
the ip adress gets resolved like this: remotevansichen.dyndns.org
because this is a really ugly address, i created a subdomain in CPANEL on the webserver that hosts their website (yet another server), to redirect requests from connect.foo.be to https://remotefoo.foodns.org.
The ssl certificate is valid for connect.foo.be, and not for the foodns address. Could this be a problem?

the isp is really huge so i can't imagine that 443 is completely blocked...
0
 
Tony JLead Technical ArchitectCommented:
I would just like to recap on your configuration as I see it so please correct me if I have any of this wrong:

You host Exchange internally on SBS 2008;
Your web domain is hosted externally;
You have no static IP address but redirect from connect.foo.be to your foodns https://remotefoo.foodns.org name?
You have a valid SSL cert (from someone like Verisign/Thawte/GoDaddy etc?)
You have your internet facing firewall configured so that the SBS server is effectively in the DMZ?

From what I can see, the foodns side is working and redirecting properly but I cannot conncet to your server by either SSL or HTTP.

I have previously used dynamic DNS with DNS Exit and their client (similar to DynDNS) without any major issue beyond mail occasionally being blocked because it comes from a dynamic range - I'd really get a static IP.

Even though it's configured to be in a DMZ could you try setting a firewall rule to forward 443 to your SBS server please?
0
 
postsuaveAuthor Commented:
problem solved... ISP blocks all ports under 1024. Customer should pay more for connection that doesn't block ports...
crap ISP!

Could you please obfuscate the ip / dns names? Then i will reward points.

Thank you!
0
 
Tony JLead Technical ArchitectCommented:
I don't personally have the ability to do that as I'm not at the relevant level yet but one of the admins can be asked.

Glad it's sorted.

I suspect that if you approach your ISP about a business solution, you will be able to get a block of static IP's and no ports will be blocked.

Out of interest, which part of Belgium are you from? I worked in Mons for a while with Microsoft.
0
 
Tony JLead Technical ArchitectCommented:
I've put a request in for the IP/Domain to be obfuscated.
0
 
postsuaveAuthor Commented:
about 70 miles from Mons, region Hasselt. you can find me on link e din on this email geoffrey**@***insight dot be
thanks for the help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.