Solved

OWA not functioning on new server

Posted on 2011-02-25
9
490 Views
Last Modified: 2012-05-11
I am using Exchange 2003 in Windows 2003 Server standard with a Cisco PIX firewall.

I am migrating Exchange 2003 servers.  I believe I have cloned the setup from the old server to the new one.  I have moved all the mailboxes, and I have the internal Outlook clients and external Pop3/SMTP clients sending and receiving email.  

However I cannot get OWA to work.  If I go the https://Server.domain.com from an external computer, I get the IIS under construction message, which make me believe that the port forwarding is correct.  But if I go to https://Server.domain.com/exchange/mailboxname I get "Internet explorer cannot display the webpage".  Sometimes when I first type the complete URL is asks me to authenicate before giving me the "Internet explorer cannot display the webpage" error message.

If I use OWA on an internal client with either the internal IP address or internal FQDN, OWA works, but with a certificate error because the servernames do not match, but it has all functionality and can send and receive email.

This makes me think that the clients from outside the building and not being authenicated correctly.

RPC over HTTP seems to be working, which makes me think all the port forwarding is correct and it is an authenication problem.

Any ideas on what I should check.  The client is wanting his email working.

Thanks Jeff
0
Comment
Question by:dabassguy1
  • 7
  • 2
9 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34986066
Have you redirected port 443 to the new servers IP instead of the old one?

From the server itself if you browse to https://localhost/exchange what do you get?

Have you moved all the mailboxes?
0
 

Author Comment

by:dabassguy1
ID: 34986124
Thank you for your quck response.

I have redirected the port to the new server instead of the old one.

I have moved all the mailboxes.

I have been working on this by RDP and that server just quit accepting my RDP client, so I cannot try the localhost exchange thing til I go in in the morning it looks like.  Its working as the exchange server, and I can access it with a remote computer management to look at the event logs, but it will not accept my RDP session.

Guess I have to shelve this until tommorrow.

0
 

Author Comment

by:dabassguy1
ID: 34988827
There was a NIC card driver issue that caused the lack of RDP, which has been fixed.  

But this situation is the same,

I get the same thing when I browse to https://localhost/exchange.  It comes up and gives  me a certificate error and then I get the "Internet explorer cannot display the webpage" message.

Since Rpc Over Http is working that means the SSL stuff has to be working as well.

When I take a browser to the external interface for the first time, it gives me the OWA login, and after entering valid login information the "cannot display the webpage" message comes up.  Any attempts to access the OWA server on again in that session immediately get the "cannot display" message.

0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34989318
Do you have multiple NIC's? If so then this is not a supported configuration and you will need to bind the IIS services to a single IP which is also unsupported.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:dabassguy1
ID: 34989436
There are two NICs in the machine, but one is disabled.

Is IIS binding still required?  How does one do that?

0
 

Author Comment

by:dabassguy1
ID: 34992462
More info.

I have perused the IIS logs and found that the logins are failing (401) in the logs for the OWA logins that come from outside the buidling.

The sucessful OWA logins that come from inside start with an unsucessfull logim (401) with a re-direct (302) another failure (401) and then a success.  Both the re-direct (302) and the successful login (200) have the DOMAIN\USer in the log line and the failures do not.

Any suggestions?
0
 

Author Comment

by:dabassguy1
ID: 34992922
If I enable FBA on the exchange server, and login in with DOMAIN/USER, OWA works.  We can't use FBA cause of the outlook mobile stuff, but I thought I would try.

When turning off FBA and re-booting, we are back to OWA not working.  

The mobile stuff never works.
0
 

Accepted Solution

by:
dabassguy1 earned 0 total points
ID: 35000142
Comparing the IIS metabase between the old server and the new server the AuthFlag parameter was 6 on the new server and 2 on the old.  A change of AuthFlags and now OWA is working like a champ.

The active sync stuff is a different matter tho, but this was a OWA Question
0
 

Author Closing Comment

by:dabassguy1
ID: 35042636
Decided to go poking around in Metabase explorer due to lack of responses and stumbled on the parameter that made it work.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now