Go Premium for a chance to win a PS4. Enter to Win


Exchange 2010 - External OWA Access Failing Intermitantly using Host Name only

Posted on 2010-09-23
Medium Priority
Last Modified: 2012-05-10
For periods of a couple hours, randomly, each day, our OWA website is not available externally when referenced via a host name.  During this period of outage, OWA is available if I replace the hostname with the public IP.  I reviewed the IIS logs and there are no entries for the hostname based requests.  Its like IIS is not getting requested at all.  I immediately test local and external IP and IIS logs produce entries (and of couse OWA is viewed in browser).   The message that is produced upon failure is the failed to load error...diagnose your browser, etc.   No errors from IIS.

I made sure the firewall is not blocking and that i have no licensing issues on that.  I have tested hostname resolution and pinged fine during these outages.   We are running server 2008 R2 and Exchange 2010 with rollup 4.  This is a brand new install.  We are running forms based authentication and presently we are using a self signed certificate.  No errors of any reference in system or applications logs to this issue.  We have no critical events at all actually.

Oh yeh...firewall is completely off.  The outages are not during heavy traffic times either...they are random.  Again, only when referencing OWA using a host name.

What am I missing?
Question by:joenetwork
  • 8
  • 6
  • 4
  • +1

Accepted Solution

init2winit_Dan earned 2000 total points
ID: 33743331
How long has DNS been registered? Some ISP take some time to propagate. Can you verify that your hitting the correct server? try ping to the host.domainname.com. Is any other traffic on the port 80, or whatever port your owa is on? Is the firewall on NAT? Also in EMS server configuration under client access then outlook web access. go to properties then under the internal and external url insure your public dns records are correct.
LVL 28

Expert Comment

ID: 33743524
get-clientaccessserver | fl
get-owavirtualdirectory | fl
get-autodiscovervirtualdirectory | fl
get-oabvirtualdirectory | fl

Please post the output of the above commands from Exchange shell.


Author Comment

ID: 33743667
Here is the info requested.   Also, to answer the prior repsonse....it is not a DNS issues as the same user can access and then later in day, it isn't avaialble.   DNS has been propagated for 7 days.  I ping the host, I get proper IP and yet when entered into browser with hostname, no response...an hour later, it works, same browser, same computer, same point of presence.   Also, it is not browser dependent, happens with IE, Firefox, Chrome and MAC Safari.

[PS] C:\Windows\system32>get-clientaccessserver | fl

RunspaceId                           : 601dc5af-3e53-454e-9fab-6c15b7036b03
Name                                 : MAIL
Fqdn                                 : MAIL.YOU.local
OutlookAnywhereEnabled               : False
AutoDiscoverServiceCN                : mail
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://mail.you.local/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=MAIL,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adminis
                                       trative Groups,CN=YOU,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=YOU,
Identity                             : MAIL
Guid                                 : f8f59632-b834-4256-8ff5-141f6066d1a6
ObjectCategory                       : YOU.local/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 9/13/2010 1:51:33 PM
WhenCreated                          : 9/13/2010 1:36:15 PM
WhenChangedUTC                       : 9/13/2010 5:51:33 PM
WhenCreatedUTC                       : 9/13/2010 5:36:15 PM
OrganizationId                       :
OriginatingServer                    : you-dc1.YOU.local

[PS] C:\Windows\system32>get-owavirtualdirectory | fl

RunspaceId                                          : 601dc5af-3e53-454e-9fab-6c15b7036b03
DirectFileAccessOnPublicComputersEnabled            : True
DirectFileAccessOnPrivateComputersEnabled           : True
WebReadyDocumentViewingOnPublicComputersEnabled     : True
WebReadyDocumentViewingOnPrivateComputersEnabled    : True
ForceWebReadyDocumentViewingFirstOnPublicComputers  : False
ForceWebReadyDocumentViewingFirstOnPrivateComputers : False
RemoteDocumentsActionForUnknownServers              : Block
ActionForUnknownFileAndMIMETypes                    : ForceSave
WebReadyFileTypes                                   : {.xlsx, .pptx, .docx, .xls, .rtf, .ppt, .pps, .pdf, .dot, .doc}
WebReadyMimeTypes                                   : {application/vnd.openxmlformats-officedocument.presentationml.pre
                                                      sentation, application/vnd.openxmlformats-officedocument.wordproc
                                                      essingml.document, application/vnd.openxmlformats-officedocument.
                                                      spreadsheetml.sheet, application/vnd.ms-powerpoint, application/x
                                                      -mspowerpoint, application/vnd.ms-excel, application/x-msexcel, a
                                                      pplication/msword, application/pdf}
WebReadyDocumentViewingForAllSupportedTypes         : True
WebReadyDocumentViewingSupportedMimeTypes           : {application/msword, application/vnd.ms-excel, application/x-msex
                                                      cel, application/vnd.ms-powerpoint, application/x-mspowerpoint, a
                                                      pplication/pdf, application/vnd.openxmlformats-officedocument.wor
                                                      dprocessingml.document, application/vnd.openxmlformats-officedocu
                                                      ment.spreadsheetml.sheet, application/vnd.openxmlformats-officedo
WebReadyDocumentViewingSupportedFileTypes           : {.doc, .dot, .rtf, .xls, .ppt, .pps, .pdf, .docx, .xlsx, .pptx}
AllowedFileTypes                                    : {.rpmsg, .xlsx, .xlsm, .xlsb, .tiff, .pptx, .pptm, .ppsx, .ppsm,
                                                      .docx, .docm, .zip, .xls, .wmv, .wma, .wav...}
AllowedMimeTypes                                    : {image/jpeg, image/png, image/gif, image/bmp}
ForceSaveFileTypes                                  : {.vsmacros, .ps2xml, .ps1xml, .mshxml, .gadget, .psc2, .psc1, .as
                                                      px, .wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe...}
ForceSaveMimeTypes                                  : {Application/x-shockwave-flash, Application/octet-stream, Applica
                                                      tion/futuresplash, Application/x-director}
BlockedFileTypes                                    : {.vsmacros, .msh2xml, .msh1xml, .ps2xml, .ps1xml, .mshxml, .gadge
                                                      t, .mhtml, .psc2, .psc1, .msh2, .msh1, .aspx, .xml, .wsh, .wsf...
BlockedMimeTypes                                    : {application/x-javascript, application/javascript, application/ms
                                                      access, x-internet-signup, text/javascript, application/xml, appl
                                                      ication/prg, application/hta, text/scriplet, text/xml}
RemoteDocumentsAllowedServers                       : {}
RemoteDocumentsBlockedServers                       : {}
RemoteDocumentsInternalDomainSuffixList             : {}
FolderPathname                                      :
Url                                                 : {}
LogonFormat                                         : FullDomain
ClientAuthCleanupLevel                              : High
FilterWebBeaconsAndHtmlForms                        : UserFilterChoice
NotificationInterval                                : 120
DefaultTheme                                        :
UserContextTimeout                                  : 60
ExchwebProxyDestination                             :
VirtualDirectoryType                                :
OwaVersion                                          : Exchange2010
ServerName                                          : MAIL
RedirectToOptimalOWAServer                          : True
DefaultClientLanguage                               : 0
LogonAndErrorLanguage                               : 0
UseGB18030                                          : False
UseISO885915                                        : False
OutboundCharset                                     : AutoDetect
GlobalAddressListEnabled                            : True
OrganizationEnabled                                 : True
ExplicitLogonEnabled                                : True
OWALightEnabled                                     : True
DelegateAccessEnabled                               : True
IRMEnabled                                          : True
CalendarEnabled                                     : True
ContactsEnabled                                     : True
TasksEnabled                                        : True
JournalEnabled                                      : True
NotesEnabled                                        : True
RemindersAndNotificationsEnabled                    : True
PremiumClientEnabled                                : True
SpellCheckerEnabled                                 : True
SearchFoldersEnabled                                : True
SignaturesEnabled                                   : True
ThemeSelectionEnabled                               : True
JunkEmailEnabled                                    : True
UMIntegrationEnabled                                : True
WSSAccessOnPublicComputersEnabled                   : True
WSSAccessOnPrivateComputersEnabled                  : True
ChangePasswordEnabled                               : True
UNCAccessOnPublicComputersEnabled                   : True
UNCAccessOnPrivateComputersEnabled                  : True
ActiveSyncIntegrationEnabled                        : True
AllAddressListsEnabled                              : True
RulesEnabled                                        : True
PublicFoldersEnabled                                : True
SMimeEnabled                                        : True
RecoverDeletedItemsEnabled                          : True
InstantMessagingEnabled                             : True
TextMessagingEnabled                                : True
InstantMessagingType                                : None
Exchange2003Url                                     :
LegacyRedirectType                                  : Silent
Name                                                : owa (Default Web Site)
InternalAuthenticationMethods                       : {Basic, Fba}
MetabasePath                                        : IIS://MAIL.YOU.local/W3SVC/1/ROOT/owa
BasicAuthentication                                 : True
WindowsAuthentication                               : False
DigestAuthentication                                : False
FormsAuthentication                                 : True
LiveIdAuthentication                                : False
DefaultDomain                                       : YOU
GzipLevel                                           : High
WebSite                                             : Default Web Site
DisplayName                                         : owa
Path                                                : C:\Exchange\ClientAccess\owa
Server                                              : MAIL
InternalUrl                                         : https://mail.you.local/owa
ExternalUrl                                         : https://mail.domainname.org/owa
ExternalAuthenticationMethods                       : {Fba}
AdminDisplayName                                    :
ExchangeVersion                                     : 0.10 (
DistinguishedName                                   : CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers
                                                      ,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administra
                                                      tive Groups,CN=YOU,CN=Microsoft Exchange,CN=Services,CN=Configura
Identity                                            : MAIL\owa (Default Web Site)
Guid                                                : b5d8cadc-2500-40c5-a577-f68860734e4c
ObjectCategory                                      : YOU.local/Configuration/Schema/ms-Exch-OWA-Virtual-Directory
ObjectClass                                         : {top, msExchVirtualDirectory, msExchOWAVirtualDirectory}
WhenChanged                                         : 9/13/2010 1:39:21 PM
WhenCreated                                         : 9/13/2010 1:39:20 PM
WhenChangedUTC                                      : 9/13/2010 5:39:21 PM
WhenCreatedUTC                                      : 9/13/2010 5:39:20 PM
OrganizationId                                      :
OriginatingServer                                   : you-dc1.YOU.local
IsValid                                             : True

[PS] C:\Windows\system32>get-autodiscovervirtualdirectory | fl

RunspaceId                    : 601dc5af-3e53-454e-9fab-6c15b7036b03
Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication    : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://MAIL.YOU.local/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Exchange\ClientAccess\Autodiscover
Server                        : MAIL
InternalUrl                   :
ExternalUrl                   :
AdminDisplayName              :
ExchangeVersion               : 0.10 (
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange
                                Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=YOU,CN=Microsoft Exc
Identity                      : MAIL\Autodiscover (Default Web Site)
Guid                          : 3a936eef-a911-4d9a-8687-7242b8bf9826
ObjectCategory                : YOU.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 9/13/2010 1:39:40 PM
WhenCreated                   : 9/13/2010 1:39:40 PM
WhenChangedUTC                : 9/13/2010 5:39:40 PM
WhenCreatedUTC                : 9/13/2010 5:39:40 PM
OrganizationId                :
OriginatingServer             : you-dc1.YOU.local
IsValid                       : True

[PS] C:\Windows\system32>get-oabvirtualdirectory | fl

RunspaceId                    : 601dc5af-3e53-454e-9fab-6c15b7036b03
Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : False
BasicAuthentication           : False
WindowsAuthentication         : True
MetabasePath                  : IIS://MAIL.YOU.local/W3SVC/1/ROOT/OAB
Path                          : C:\Exchange\ClientAccess\OAB
Server                        : MAIL
InternalUrl                   : http://mail.you.local/OAB
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   : https://domainname.org/OAB
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.10 (
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administr
                                ative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=YOU,CN=Microsoft Exchange,CN=
Identity                      : MAIL\OAB (Default Web Site)
Guid                          : 603a5cb3-767d-4cca-959a-8e0d2687929f
ObjectCategory                : YOU.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                   : 9/13/2010 1:39:23 PM
WhenCreated                   : 9/13/2010 1:39:22 PM
WhenChangedUTC                : 9/13/2010 5:39:23 PM
WhenCreatedUTC                : 9/13/2010 5:39:22 PM
OrganizationId                :
OriginatingServer             : you-dc1.YOU.local
IsValid                       : True

[PS] C:\Windows\system32>
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Assisted Solution

init2winit_Dan earned 2000 total points
ID: 33743685
Your URL's are incorect.

Author Comment

ID: 33743736
Can you be more specific?  Thanks.
LVL 28

Expert Comment

ID: 33743744
Run this from exchange shell to get your autodiscover going properly.

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:"https://mail.you.local/Autodiscover/Autodiscover.xml"

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:"https://https://mail.domainname.org/Autodiscover/Autodiscover.xml"

Also try this form a workstation and server

start > run > nslookup
set type=all
set q=mx

Post back the output / screenshot

Author Comment

ID: 33743810
Unfortunately, right now the server is working properly.  I ran the MX Record test and it is reporting correctly both internally and externally.

I ran the autodiscover commands.  ALthough, that won't affect OWA will it?
LVL 28

Expert Comment

ID: 33743968
Nope. Thats for consistency.
So did you find out what the issue was ?

Expert Comment

ID: 33744522
as you are the only one that knows the your public dns records and your domain name you need to use the correct settings. that is about as specific as I can help.

Author Comment

ID: 33744881
the problem is intermittent.  It is working now.   but, it won't work later.  I wish i can be more specific.  its very odd that when it isn't working....when I try to call up owa https://mail.domainname.org/owa it doesn't work...yet...at the very same time, when I call up owa https://IP ADDRESS/owa it does work.  Presently, using the host name works.  Later today it won't.   The IP address version always works.  When I review the IIS logs, when it is NOT working, there are no entries for the hostname attempts.  there are entries when the IP address is used.   When it is NOT working, using the hostname, its like there is no web server there at all.  This behavior is true for ALL users at the same time.  In other words, its not based on the point of presence of the user, it seems to be server side related.  This would rule out DNS issues despite how it looks.  Also, when it is NOT working, I can ping the host name at it resolved to the proper IP address.  I am perplexed.
LVL 28

Expert Comment

ID: 33744901
can you do this

from your DC go here
start > run > dnsmgmt.msc
Check if you have an a-record for
mail.domain.org - to point to local IP of your exchange server.
If not - create one.

If your domain is mail.domain.local, then create a dns zone for mail.domain.org and point to LAN IP of exhcange.

Expert Comment

ID: 33744925
that is wild. it may be an internal DNS issue. also have you looked at the possibility of other port80 traffic?

Author Comment

ID: 33750202
I appreciate your comments.  I have everything set correctly.  From the mail server, if I ping, nslookup the host names, they are resolved correctly.  The host name works correctly internally.  Externally, it doesn't work intermittently.   Presently it doesn't work.  All other websites hosted on this server also don't work.   It has really nothing to do with exchange.  

Expert Comment

ID: 33750489
Do you have any other port 80 traffic?
at this point  would try a reboot of the firewall and or try to reconfig firewall
LVL 11

Expert Comment

ID: 33769463
Err this isnt a firewall issue nor is it a port 80 issue, since everything works internally all the time (due to the DNS records), also it works with the public ip address so why should this have anything to do with port 80 ?

Joe, basically it always works internally ? Externally it works sometimes, and when its down it still works once you put in the public ip address/owa ? So the it always works externally if you use the ip address instead of the name ?

Can I ask if you have your reverse lookup zones in order ? .in-addr.arpa and have the correct PTR records created that points towards your exchange server ?

Also I would like you to try using autodiscover.yourdomain.com and see if it works correctly ? Try this as well (autodiscover.yourdomain.com) when you notice that OWA isnt responding to the name, and see if autodiscover resolved the name.

Also check in your DNS records if you have Autodiscover set up as  a New Zone (and NOT have autodiscover set up under your domain zone) this is by best practice from microsoft.

In your internal DNS you should have the following:
-Your MX records (not necessery but recommendable)
-Under forward lookup zones -> you have records called "autodsicover.yourdomain.com" and in this zone you should have A record that points to your public exchange ip address
-Since it always works with the name internally we dont have to go thru the internal ip host a records
-that you have .in-addr.arpa records under reverse lookup zones and that you have PTR records here pointing to your internal ip address of the exchange server.

Author Comment

ID: 33769763
Thanks JuusoConnecta, I will check all that.  Be back later today.

Expert Comment

ID: 33770259
Well why it could be a port issue is if your have your FIREWALL point 80 traffic from OUTSIDE that could be a factor and it could work all day long from internal it is most likely a firewall issue or an issues from the outside presents to internal.

Expert Comment

ID: 33770356
this site will test many of the parameters that are needed to insure proper communication.
LVL 11

Expert Comment

ID: 33770459
If it works with the ip address and and not the DNS name how is that specific statement related against port 80 issue ?

If the external traffic always works with the ip address, http://webmail.domain.com for example which runs on IIS on the exchange server and has a redirect to https://webmail.domain.com/owa, which goes thru port 443.

If the external traffic always gets to the default web site using http with public ip address? Or have I missunderstood something ?

Assisted Solution

init2winit_Dan earned 2000 total points
ID: 33770562
Good point I was under the impression that IP was failing as well intermittently just not at same time as FQDN. at that if ip is not failing at all, i still believe it is not on the exchange server at all and most likely a firewall issue or internal DNS. the best suggestion would be run the Microsoft test site during a fail window. might get some more insight to where the breakdown is.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question