Exchange 2010 - External OWA Access Failing Intermitantly using Host Name only

For periods of a couple hours, randomly, each day, our OWA website is not available externally when referenced via a host name.  During this period of outage, OWA is available if I replace the hostname with the public IP.  I reviewed the IIS logs and there are no entries for the hostname based requests.  Its like IIS is not getting requested at all.  I immediately test local and external IP and IIS logs produce entries (and of couse OWA is viewed in browser).   The message that is produced upon failure is the failed to load error...diagnose your browser, etc.   No errors from IIS.

I made sure the firewall is not blocking and that i have no licensing issues on that.  I have tested hostname resolution and pinged fine during these outages.   We are running server 2008 R2 and Exchange 2010 with rollup 4.  This is a brand new install.  We are running forms based authentication and presently we are using a self signed certificate.  No errors of any reference in system or applications logs to this issue.  We have no critical events at all actually.

Oh yeh...firewall is completely off.  The outages are not during heavy traffic times either...they are random.  Again, only when referencing OWA using a host name.

What am I missing?
Who is Participating?

Improve company productivity with a Business Account.Sign Up

init2winit_DanConnect With a Mentor Commented:
How long has DNS been registered? Some ISP take some time to propagate. Can you verify that your hitting the correct server? try ping to the Is any other traffic on the port 80, or whatever port your owa is on? Is the firewall on NAT? Also in EMS server configuration under client access then outlook web access. go to properties then under the internal and external url insure your public dns records are correct.
get-clientaccessserver | fl
get-owavirtualdirectory | fl
get-autodiscovervirtualdirectory | fl
get-oabvirtualdirectory | fl

Please post the output of the above commands from Exchange shell.

joenetworkAuthor Commented:
Here is the info requested.   Also, to answer the prior is not a DNS issues as the same user can access and then later in day, it isn't avaialble.   DNS has been propagated for 7 days.  I ping the host, I get proper IP and yet when entered into browser with hostname, no hour later, it works, same browser, same computer, same point of presence.   Also, it is not browser dependent, happens with IE, Firefox, Chrome and MAC Safari.

[PS] C:\Windows\system32>get-clientaccessserver | fl

RunspaceId                           : 601dc5af-3e53-454e-9fab-6c15b7036b03
Name                                 : MAIL
Fqdn                                 : MAIL.YOU.local
OutlookAnywhereEnabled               : False
AutoDiscoverServiceCN                : mail
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       :
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {Default-First-Site-Name}
AlternateServiceAccountConfiguration :
IsValid                              : True
ExchangeVersion                      : 0.1 (8.0.535.0)
DistinguishedName                    : CN=MAIL,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Adminis
                                       trative Groups,CN=YOU,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=YOU,
Identity                             : MAIL
Guid                                 : f8f59632-b834-4256-8ff5-141f6066d1a6
ObjectCategory                       : YOU.local/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
WhenChanged                          : 9/13/2010 1:51:33 PM
WhenCreated                          : 9/13/2010 1:36:15 PM
WhenChangedUTC                       : 9/13/2010 5:51:33 PM
WhenCreatedUTC                       : 9/13/2010 5:36:15 PM
OrganizationId                       :
OriginatingServer                    : you-dc1.YOU.local

[PS] C:\Windows\system32>get-owavirtualdirectory | fl

RunspaceId                                          : 601dc5af-3e53-454e-9fab-6c15b7036b03
DirectFileAccessOnPublicComputersEnabled            : True
DirectFileAccessOnPrivateComputersEnabled           : True
WebReadyDocumentViewingOnPublicComputersEnabled     : True
WebReadyDocumentViewingOnPrivateComputersEnabled    : True
ForceWebReadyDocumentViewingFirstOnPublicComputers  : False
ForceWebReadyDocumentViewingFirstOnPrivateComputers : False
RemoteDocumentsActionForUnknownServers              : Block
ActionForUnknownFileAndMIMETypes                    : ForceSave
WebReadyFileTypes                                   : {.xlsx, .pptx, .docx, .xls, .rtf, .ppt, .pps, .pdf, .dot, .doc}
WebReadyMimeTypes                                   : {application/vnd.openxmlformats-officedocument.presentationml.pre
                                                      sentation, application/vnd.openxmlformats-officedocument.wordproc
                                                      essingml.document, application/vnd.openxmlformats-officedocument.
                                                      spreadsheetml.sheet, application/, application/x
                                                      -mspowerpoint, application/, application/x-msexcel, a
                                                      pplication/msword, application/pdf}
WebReadyDocumentViewingForAllSupportedTypes         : True
WebReadyDocumentViewingSupportedMimeTypes           : {application/msword, application/, application/x-msex
                                                      cel, application/, application/x-mspowerpoint, a
                                                      pplication/pdf, application/vnd.openxmlformats-officedocument.wor
                                                      dprocessingml.document, application/vnd.openxmlformats-officedocu
                                                      ment.spreadsheetml.sheet, application/vnd.openxmlformats-officedo
WebReadyDocumentViewingSupportedFileTypes           : {.doc, .dot, .rtf, .xls, .ppt, .pps, .pdf, .docx, .xlsx, .pptx}
AllowedFileTypes                                    : {.rpmsg, .xlsx, .xlsm, .xlsb, .tiff, .pptx, .pptm, .ppsx, .ppsm,
                                                      .docx, .docm, .zip, .xls, .wmv, .wma, .wav...}
AllowedMimeTypes                                    : {image/jpeg, image/png, image/gif, image/bmp}
ForceSaveFileTypes                                  : {.vsmacros, .ps2xml, .ps1xml, .mshxml, .gadget, .psc2, .psc1, .as
                                                      px, .wsh, .wsf, .wsc, .vsw, .vst, .vss, .vbs, .vbe...}
ForceSaveMimeTypes                                  : {Application/x-shockwave-flash, Application/octet-stream, Applica
                                                      tion/futuresplash, Application/x-director}
BlockedFileTypes                                    : {.vsmacros, .msh2xml, .msh1xml, .ps2xml, .ps1xml, .mshxml, .gadge
                                                      t, .mhtml, .psc2, .psc1, .msh2, .msh1, .aspx, .xml, .wsh, .wsf...
BlockedMimeTypes                                    : {application/x-javascript, application/javascript, application/ms
                                                      access, x-internet-signup, text/javascript, application/xml, appl
                                                      ication/prg, application/hta, text/scriplet, text/xml}
RemoteDocumentsAllowedServers                       : {}
RemoteDocumentsBlockedServers                       : {}
RemoteDocumentsInternalDomainSuffixList             : {}
FolderPathname                                      :
Url                                                 : {}
LogonFormat                                         : FullDomain
ClientAuthCleanupLevel                              : High
FilterWebBeaconsAndHtmlForms                        : UserFilterChoice
NotificationInterval                                : 120
DefaultTheme                                        :
UserContextTimeout                                  : 60
ExchwebProxyDestination                             :
VirtualDirectoryType                                :
OwaVersion                                          : Exchange2010
ServerName                                          : MAIL
RedirectToOptimalOWAServer                          : True
DefaultClientLanguage                               : 0
LogonAndErrorLanguage                               : 0
UseGB18030                                          : False
UseISO885915                                        : False
OutboundCharset                                     : AutoDetect
GlobalAddressListEnabled                            : True
OrganizationEnabled                                 : True
ExplicitLogonEnabled                                : True
OWALightEnabled                                     : True
DelegateAccessEnabled                               : True
IRMEnabled                                          : True
CalendarEnabled                                     : True
ContactsEnabled                                     : True
TasksEnabled                                        : True
JournalEnabled                                      : True
NotesEnabled                                        : True
RemindersAndNotificationsEnabled                    : True
PremiumClientEnabled                                : True
SpellCheckerEnabled                                 : True
SearchFoldersEnabled                                : True
SignaturesEnabled                                   : True
ThemeSelectionEnabled                               : True
JunkEmailEnabled                                    : True
UMIntegrationEnabled                                : True
WSSAccessOnPublicComputersEnabled                   : True
WSSAccessOnPrivateComputersEnabled                  : True
ChangePasswordEnabled                               : True
UNCAccessOnPublicComputersEnabled                   : True
UNCAccessOnPrivateComputersEnabled                  : True
ActiveSyncIntegrationEnabled                        : True
AllAddressListsEnabled                              : True
RulesEnabled                                        : True
PublicFoldersEnabled                                : True
SMimeEnabled                                        : True
RecoverDeletedItemsEnabled                          : True
InstantMessagingEnabled                             : True
TextMessagingEnabled                                : True
InstantMessagingType                                : None
Exchange2003Url                                     :
LegacyRedirectType                                  : Silent
Name                                                : owa (Default Web Site)
InternalAuthenticationMethods                       : {Basic, Fba}
MetabasePath                                        : IIS://MAIL.YOU.local/W3SVC/1/ROOT/owa
BasicAuthentication                                 : True
WindowsAuthentication                               : False
DigestAuthentication                                : False
FormsAuthentication                                 : True
LiveIdAuthentication                                : False
DefaultDomain                                       : YOU
GzipLevel                                           : High
WebSite                                             : Default Web Site
DisplayName                                         : owa
Path                                                : C:\Exchange\ClientAccess\owa
Server                                              : MAIL
InternalUrl                                         :
ExternalUrl                                         :
ExternalAuthenticationMethods                       : {Fba}
AdminDisplayName                                    :
ExchangeVersion                                     : 0.10 (
DistinguishedName                                   : CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers
                                                      ,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administra
                                                      tive Groups,CN=YOU,CN=Microsoft Exchange,CN=Services,CN=Configura
Identity                                            : MAIL\owa (Default Web Site)
Guid                                                : b5d8cadc-2500-40c5-a577-f68860734e4c
ObjectCategory                                      : YOU.local/Configuration/Schema/ms-Exch-OWA-Virtual-Directory
ObjectClass                                         : {top, msExchVirtualDirectory, msExchOWAVirtualDirectory}
WhenChanged                                         : 9/13/2010 1:39:21 PM
WhenCreated                                         : 9/13/2010 1:39:20 PM
WhenChangedUTC                                      : 9/13/2010 5:39:21 PM
WhenCreatedUTC                                      : 9/13/2010 5:39:20 PM
OrganizationId                                      :
OriginatingServer                                   : you-dc1.YOU.local
IsValid                                             : True

[PS] C:\Windows\system32>get-autodiscovervirtualdirectory | fl

RunspaceId                    : 601dc5af-3e53-454e-9fab-6c15b7036b03
Name                          : Autodiscover (Default Web Site)
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
ExternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated, WSSecurity}
LiveIdSpNegoAuthentication    : False
WSSecurityAuthentication      : True
LiveIdBasicAuthentication     : False
BasicAuthentication           : True
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://MAIL.YOU.local/W3SVC/1/ROOT/Autodiscover
Path                          : C:\Exchange\ClientAccess\Autodiscover
Server                        : MAIL
InternalUrl                   :
ExternalUrl                   :
AdminDisplayName              :
ExchangeVersion               : 0.10 (
DistinguishedName             : CN=Autodiscover (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange
                                Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=YOU,CN=Microsoft Exc
Identity                      : MAIL\Autodiscover (Default Web Site)
Guid                          : 3a936eef-a911-4d9a-8687-7242b8bf9826
ObjectCategory                : YOU.local/Configuration/Schema/ms-Exch-Auto-Discover-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchAutoDiscoverVirtualDirectory}
WhenChanged                   : 9/13/2010 1:39:40 PM
WhenCreated                   : 9/13/2010 1:39:40 PM
WhenChangedUTC                : 9/13/2010 5:39:40 PM
WhenCreatedUTC                : 9/13/2010 5:39:40 PM
OrganizationId                :
OriginatingServer             : you-dc1.YOU.local
IsValid                       : True

[PS] C:\Windows\system32>get-oabvirtualdirectory | fl

RunspaceId                    : 601dc5af-3e53-454e-9fab-6c15b7036b03
Name                          : OAB (Default Web Site)
PollInterval                  : 480
OfflineAddressBooks           : {}
RequireSSL                    : False
BasicAuthentication           : False
WindowsAuthentication         : True
MetabasePath                  : IIS://MAIL.YOU.local/W3SVC/1/ROOT/OAB
Path                          : C:\Exchange\ClientAccess\OAB
Server                        : MAIL
InternalUrl                   :
InternalAuthenticationMethods : {WindowsIntegrated}
ExternalUrl                   :
ExternalAuthenticationMethods : {WindowsIntegrated}
AdminDisplayName              :
ExchangeVersion               : 0.10 (
DistinguishedName             : CN=OAB (Default Web Site),CN=HTTP,CN=Protocols,CN=MAIL,CN=Servers,CN=Exchange Administr
                                ative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=YOU,CN=Microsoft Exchange,CN=
Identity                      : MAIL\OAB (Default Web Site)
Guid                          : 603a5cb3-767d-4cca-959a-8e0d2687929f
ObjectCategory                : YOU.local/Configuration/Schema/ms-Exch-OAB-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchOABVirtualDirectory}
WhenChanged                   : 9/13/2010 1:39:23 PM
WhenCreated                   : 9/13/2010 1:39:22 PM
WhenChangedUTC                : 9/13/2010 5:39:23 PM
WhenCreatedUTC                : 9/13/2010 5:39:22 PM
OrganizationId                :
OriginatingServer             : you-dc1.YOU.local
IsValid                       : True

[PS] C:\Windows\system32>
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

init2winit_DanConnect With a Mentor Commented:
Your URL's are incorect.
joenetworkAuthor Commented:
Can you be more specific?  Thanks.
Run this from exchange shell to get your autodiscover going properly.

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -InternalUrl:""

Get-AutodiscoverVirtualDirectory | set-AutodiscoverVirtualDirectory -ExternalUrl:"https://"

Also try this form a workstation and server

start > run > nslookup
set type=all
set q=mx

Post back the output / screenshot
joenetworkAuthor Commented:
Unfortunately, right now the server is working properly.  I ran the MX Record test and it is reporting correctly both internally and externally.

I ran the autodiscover commands.  ALthough, that won't affect OWA will it?
Nope. Thats for consistency.
So did you find out what the issue was ?
as you are the only one that knows the your public dns records and your domain name you need to use the correct settings. that is about as specific as I can help.
joenetworkAuthor Commented:
the problem is intermittent.  It is working now.   but, it won't work later.  I wish i can be more specific.  its very odd that when it isn't working....when I try to call up owa it doesn't the very same time, when I call up owa https://IP ADDRESS/owa it does work.  Presently, using the host name works.  Later today it won't.   The IP address version always works.  When I review the IIS logs, when it is NOT working, there are no entries for the hostname attempts.  there are entries when the IP address is used.   When it is NOT working, using the hostname, its like there is no web server there at all.  This behavior is true for ALL users at the same time.  In other words, its not based on the point of presence of the user, it seems to be server side related.  This would rule out DNS issues despite how it looks.  Also, when it is NOT working, I can ping the host name at it resolved to the proper IP address.  I am perplexed.
can you do this

from your DC go here
start > run > dnsmgmt.msc
Check if you have an a-record for - to point to local IP of your exchange server.
If not - create one.

If your domain is mail.domain.local, then create a dns zone for and point to LAN IP of exhcange.
that is wild. it may be an internal DNS issue. also have you looked at the possibility of other port80 traffic?
joenetworkAuthor Commented:
I appreciate your comments.  I have everything set correctly.  From the mail server, if I ping, nslookup the host names, they are resolved correctly.  The host name works correctly internally.  Externally, it doesn't work intermittently.   Presently it doesn't work.  All other websites hosted on this server also don't work.   It has really nothing to do with exchange.  
Do you have any other port 80 traffic?
at this point  would try a reboot of the firewall and or try to reconfig firewall
Err this isnt a firewall issue nor is it a port 80 issue, since everything works internally all the time (due to the DNS records), also it works with the public ip address so why should this have anything to do with port 80 ?

Joe, basically it always works internally ? Externally it works sometimes, and when its down it still works once you put in the public ip address/owa ? So the it always works externally if you use the ip address instead of the name ?

Can I ask if you have your reverse lookup zones in order ? and have the correct PTR records created that points towards your exchange server ?

Also I would like you to try using and see if it works correctly ? Try this as well ( when you notice that OWA isnt responding to the name, and see if autodiscover resolved the name.

Also check in your DNS records if you have Autodiscover set up as  a New Zone (and NOT have autodiscover set up under your domain zone) this is by best practice from microsoft.

In your internal DNS you should have the following:
-Your MX records (not necessery but recommendable)
-Under forward lookup zones -> you have records called "" and in this zone you should have A record that points to your public exchange ip address
-Since it always works with the name internally we dont have to go thru the internal ip host a records
-that you have records under reverse lookup zones and that you have PTR records here pointing to your internal ip address of the exchange server.
joenetworkAuthor Commented:
Thanks JuusoConnecta, I will check all that.  Be back later today.
Well why it could be a port issue is if your have your FIREWALL point 80 traffic from OUTSIDE that could be a factor and it could work all day long from internal it is most likely a firewall issue or an issues from the outside presents to internal.
this site will test many of the parameters that are needed to insure proper communication.
If it works with the ip address and and not the DNS name how is that specific statement related against port 80 issue ?

If the external traffic always works with the ip address, for example which runs on IIS on the exchange server and has a redirect to, which goes thru port 443.

If the external traffic always gets to the default web site using http with public ip address? Or have I missunderstood something ?
init2winit_DanConnect With a Mentor Commented:
Good point I was under the impression that IP was failing as well intermittently just not at same time as FQDN. at that if ip is not failing at all, i still believe it is not on the exchange server at all and most likely a firewall issue or internal DNS. the best suggestion would be run the Microsoft test site during a fail window. might get some more insight to where the breakdown is.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.