Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 640
  • Last Modified:

Exchange 2007 OWA - Works internally, but not externally

I feel like I am missing something simple.

I replaced a server running an inexpensive mail server program with a new Windows 2008 server with MS Exchange 2007.  The only thing that is not working os OWA.  I can access OWA with no problems from the network.  When I try to access it from outside, however, I get the "Page cannont be displayed" error.

I have reviewed the PIX firewall settings and we have both ports 80 and 443 open and directed to the Exchange server.  Is there something on the Exchange server that needs to be changed to permit access from off the network?

Thanks

0
tcampbell_nc
Asked:
tcampbell_nc
  • 8
  • 5
  • 2
1 Solution
 
LLMorrissonCommented:
Is the URL for OWA the same internally as externally, or different?

Make sure the service URLs for the outlook web app are appropriately correct on your server config, client access role.
0
 
tcampbell_ncAuthor Commented:
They are different.  The internal has the FDQN of the server.  The external was blank.  I filled it in with the Internet address that resolves to our webmail access.  It still does not work.  Do I need to stop Exchange and restart it for that setting to take effect?
0
 
LLMorrissonCommented:
Do you used a self-signed certificate or a real one?
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
tcampbell_ncAuthor Commented:
Self Signed
0
 
ChopperCenturyCommented:
Is the outside URL and IP address registered with the correct DNS A record through your domain registrar?
The outside facing address of your Exchange will need only port 443 permitted for outside traffic on your PIX.
The outside address with need to be NAT'd to your inside address of the Exchange Server....preferably to an Exchange 2003 Front End Server (but it is ok if you only have one server).
0
 
tcampbell_ncAuthor Commented:
Yes.

The outside Address is registered with an A Record.  NAT in in place on the PIX.  Only one server.
0
 
ChopperCenturyCommented:
Under the Authentication tab inside the properties of owa....check the box for Basic Authentication
0
 
tcampbell_ncAuthor Commented:
Not getting to an authentication screen.
0
 
ChopperCenturyCommented:
From the outside....if you ping https://webmail.me.com (your information), does it resolve to the outside ip address you have NAT'd to the Exchange server?
If Yes, is your External URL configuration in owa properties set to https://webmail.me.com/owa?

0
 
tcampbell_ncAuthor Commented:
Yes for the ping.

Sort of for the External url setting.  It was empty.  Now it is correct, but I have not had a chance to restart the server yet.  Does that setting require a restart?
0
 
ChopperCenturyCommented:
Exchange 2010 will prompt you if you need to restart the server or IIS after changes are made. If you received no prompt then you should be good.
0
 
tcampbell_ncAuthor Commented:
I have Exchange 2007


Just restarted the server.  No change.
0
 
ChopperCenturyCommented:
You might try a port scanner on the outside ip address to make sure you are able to get to port 443 on the exchange server.
0
 
tcampbell_ncAuthor Commented:
Chopper,

You may have just solved my problem.  The port scanner showed that port 443 was not responding.  A much closer look at my PIX firewall config showed a typo on the Permit for https.  There is a 168 instead of a 169 in the outside IP address.  

I'll be back on site tomorrow to see if this was my problem.
0
 
tcampbell_ncAuthor Commented:
OWA is functioning now.  I located a typo in the PIX firewall after confirming there was no port 443 access to the server.

Thanks
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 8
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now