Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

OWA page cannot be found on some ISP provider's connection

Posted on 2010-09-15
23
Medium Priority
?
787 Views
Last Modified: 2012-05-10
sbs2008 server, with owa enabled.
Works fine on computers connected to the same ISP as the server, doesn't work on computers connected on another ISP.

I asked to bring the computers that cannot connect to the company, they connected without problem so it cannot be computer settings.

I'm using ssl and the domain is not directly hosted on the sbs server.

any ideas???
0
Comment
Question by:postsuave
  • 11
  • 11
23 Comments
 
LVL 14

Accepted Solution

by:
Shabarinath Ramadasan earned 1000 total points
ID: 33680354
Its a problem with your ISP or the user's ISP.
Assume that incomplete route is creating the issue.

Please speak with your ISP first and see if that helps.

good luck
Shaba
0
 

Author Comment

by:postsuave
ID: 33680361
i cannot speak with the ISP, it's a huge company, they won't listen...
i must say i do not use a VPN tunnel for the connections, maybe it may work with a vpn tunnel? Is this easy to test?
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33680366
Sounds like it could be a DNS issue of some kind.

Does it affect users from every other ISP or is it just one?

Can they connect (albeit they'll get certificate errors) to the IP address? https://ipaddress/owa ?

Presume the same machines can connect to other sites that use https?

First point of call is definately your ISP.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:postsuave
ID: 33680376
i tried connecting like https://ipaddress/owa > didn't work on problem isp...
0
 
LVL 26

Assisted Solution

by:Tony J
Tony J earned 1000 total points
ID: 33680531
So it's just the one ISP?

That could get interesting but I would suggest a call to them.
0
 

Author Comment

by:postsuave
ID: 33680563
would there be a difference if an VPN tunnel is used? Is that easy to test?
I'd rather not spend 17days listening to crap music and talking to morons on the phone resulting in nothing...
0
 

Author Comment

by:postsuave
ID: 33680580
update: i tried a third ISP, didn't work also.
It seems like connections are only made on the same ISP as the server...
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33680595
When you say a VPN tunnel is being used could you give a bit more detail?

If one of your users drops the VPN connection, can they then connect to OWA?
0
 

Author Comment

by:postsuave
ID: 33680611
i have not yet tried using vpn yet. The idea is that maybe the ISP blocks incoming connections from out of their own LAN. I don't know if there are additional port connections being used with OWA and if there's a difference in port use when using OWA while connected by a VPN tunnel?
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33680639
Ah ok.

VPN might solve the issue but I can't imagine why an ISP would block port 443!

Do you get any errors if you put your mail domain into www.mxtoolbox.com ? It's free to use.

If you want to mail me your OWA url I can have a look from here if you want, too?

Tony***@***Johncock***.***co***.***.uk Needless to say, just remove the ***
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33680661
Just a thought - you're not blocking port 443 on your externally facing firewall, are you?

What happens if you try to browse to your OWA page on 80 - ie http not https?
0
 

Author Comment

by:postsuave
ID: 33680868
this is the address: https://connect.foo.be/owa
i'm curious to know if you can connect!
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33681149
I cannot connect either - I can resolve the address ok with NSLOOKUP - I'll post the address it resolves to as you've already put the domain and we can ask one of the admins to obfuscate them later.

I get:

x.x.141.220 < - Is this correct?

Are you sure there isn't a firewall causing issues? I would turn off the Windows Firewall service temporarily and do a check first to rule that out but also check your internet facing firewall to ensure it's forwarding port 443 properly to your SBS server
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33681169
Has it ever worked externally, by the way?
0
 

Author Comment

by:postsuave
ID: 33681278
the ip is correct!
it does work for about 10 clients who's internet connection is on the same ISP without problem.
i think it might be a firewall of the ISP that's blocking connections?

Is it meaningful to test disabling the firewall when connections from other computers do work?
0
 

Author Comment

by:postsuave
ID: 33681341
update: disabled advanced firewall on sbs 2008 server > same problem.
outward facing firewall can't be a problem because the ip adress of the server is  configured DMZ...
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33681722
Ok so users on the same ISP connect through fine but users from others do not.

Has it always been like this, or has it just recently begun?

I have never heard of any ISP blocking 443 before. 25, yes but not 443 - I would suggest a chat with your ISP is in order because it really does look as though they're blocking something they shouldn't be!
0
 

Author Comment

by:postsuave
ID: 33681838
it has always been like this...
there is one thing that could be relevant:
the company doesn't have a fixed ip yet so uses dyndns.
the ip adress gets resolved like this: remotevansichen.dyndns.org
because this is a really ugly address, i created a subdomain in CPANEL on the webserver that hosts their website (yet another server), to redirect requests from connect.foo.be to https://remotefoo.foodns.org.
The ssl certificate is valid for connect.foo.be, and not for the foodns address. Could this be a problem?

the isp is really huge so i can't imagine that 443 is completely blocked...
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33682078
I would just like to recap on your configuration as I see it so please correct me if I have any of this wrong:

You host Exchange internally on SBS 2008;
Your web domain is hosted externally;
You have no static IP address but redirect from connect.foo.be to your foodns https://remotefoo.foodns.org name?
You have a valid SSL cert (from someone like Verisign/Thawte/GoDaddy etc?)
You have your internet facing firewall configured so that the SBS server is effectively in the DMZ?

From what I can see, the foodns side is working and redirecting properly but I cannot conncet to your server by either SSL or HTTP.

I have previously used dynamic DNS with DNS Exit and their client (similar to DynDNS) without any major issue beyond mail occasionally being blocked because it comes from a dynamic range - I'd really get a static IP.

Even though it's configured to be in a DMZ could you try setting a firewall rule to forward 443 to your SBS server please?
0
 

Author Comment

by:postsuave
ID: 33682251
problem solved... ISP blocks all ports under 1024. Customer should pay more for connection that doesn't block ports...
crap ISP!

Could you please obfuscate the ip / dns names? Then i will reward points.

Thank you!
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33682363
I don't personally have the ability to do that as I'm not at the relevant level yet but one of the admins can be asked.

Glad it's sorted.

I suspect that if you approach your ISP about a business solution, you will be able to get a block of static IP's and no ports will be blocked.

Out of interest, which part of Belgium are you from? I worked in Mons for a while with Microsoft.
0
 
LVL 26

Expert Comment

by:Tony J
ID: 33682375
I've put a request in for the IP/Domain to be obfuscated.
0
 

Author Comment

by:postsuave
ID: 33682633
about 70 miles from Mons, region Hasselt. you can find me on link e din on this email geoffrey**@***insight dot be
thanks for the help!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question