dangermouse1977
asked on
Exchange 2010 Outlook Web Access Setup
Another Exchange 2010 question from me....
With my exchange server now running correctly and mail flowing as it should, my thoughts are turning to getting the environment set up in such a way that my laptop users can access their e-mail when they are outside of the office and perhaps other users can use a web client to access mail?
My firewall has been set up to open the relevent ports and I thought that I had configured OWA correctly within exchange, alas it doesn't work.
Externally
navigating to https://mail.mydomain.com gives an IIS7 screen
navigating to https://mx_record_ip/owa gives HTTP error code 500
pinging mail_server_name.my_domain
from my internal network
navigating to http://mail_server_name/owa gives a 403 forbidden error
At one point yesterday I had an OWA error about an invalid theme in folder arctc but I can't remember what address I used to get that error?
I'm lost now, anyone got any advice on what to do to make OWA work?
With my exchange server now running correctly and mail flowing as it should, my thoughts are turning to getting the environment set up in such a way that my laptop users can access their e-mail when they are outside of the office and perhaps other users can use a web client to access mail?
My firewall has been set up to open the relevent ports and I thought that I had configured OWA correctly within exchange, alas it doesn't work.
Externally
navigating to https://mail.mydomain.com gives an IIS7 screen
navigating to https://mx_record_ip/owa gives HTTP error code 500
pinging mail_server_name.my_domain
from my internal network
navigating to http://mail_server_name/owa gives a 403 forbidden error
At one point yesterday I had an OWA error about an invalid theme in folder arctc but I can't remember what address I used to get that error?
I'm lost now, anyone got any advice on what to do to make OWA work?
npinfotech
there might be an iis issue: http://support.microsoft.com/kb/301428
ASKER
Thanks for the link, unfortunately it doesn't apply to IIS 7 which is the version that I am running
what happens if you try https://internal-server-ip/owa ?
from inside the network
first when you browse the default URL will be
https://mailexample.com/owa
you have to add /owa to the URL
In your exchange server. go to Server Configuration > Client Access > Outlokk Web Access
right Click OWA (Default web site) properties ; then confirm that the External URL is on the above format
Usually you will see the internal look like this https://servername/owa
the external should be : https://externalservername.com/owa
Do you have ISA server in between or the users requests are directly forwarded to the Exchange Client Access server (CA)?
https://mailexample.com/owa
you have to add /owa to the URL
In your exchange server. go to Server Configuration > Client Access > Outlokk Web Access
right Click OWA (Default web site) properties ; then confirm that the External URL is on the above format
Usually you will see the internal look like this https://servername/owa
the external should be : https://externalservername.com/owa
Do you have ISA server in between or the users requests are directly forwarded to the Exchange Client Access server (CA)?
ASKER
NPinfotech
When I try https://internal_server_ip/owa from inside the network, I get a page that says
Server Error (accross the top in a black bar)
then
401 - Unathorizes: Access is denied due to invalid credentials
You do not have permission to view this directory or page using the credentials that you supplied.
When I try https://internal_server_ip/owa from inside the network, I get a page that says
Server Error (accross the top in a black bar)
then
401 - Unathorizes: Access is denied due to invalid credentials
You do not have permission to view this directory or page using the credentials that you supplied.
ASKER
Fireline... hello again!!
Currently we have a bit of a mismatch on the page you note... which I suspect is causing my issue:
internal URL is https://mail_server_name.fbd.com/owa
external URL is https://mail.freddbloggsdriving.com/owa
For anyone else reading this, I had a previous issue with exchange setup where I had a mixture of the FQDN (freddbloggsdriving.com) and the abbreviated form (fbd.com) now sorted in terms of general mail flow, but apparently not owa.
We are not running ISA server, as far as I know user requests are forwarded directly (if you want me to check then tell me where!!)
Currently we have a bit of a mismatch on the page you note... which I suspect is causing my issue:
internal URL is https://mail_server_name.fbd.com/owa
external URL is https://mail.freddbloggsdriving.com/owa
For anyone else reading this, I had a previous issue with exchange setup where I had a mixture of the FQDN (freddbloggsdriving.com) and the abbreviated form (fbd.com) now sorted in terms of general mail flow, but apparently not owa.
We are not running ISA server, as far as I know user requests are forwarded directly (if you want me to check then tell me where!!)
OK it seems that it is not working internally then it will not work for sure externally
Can you login to Exchange Client Access (CA) Server and from there; just type in the URL :
http://localhost - see if you can get IIS page - revert with the result
https://localhost/OWA - see if you get anything - revert with the result
If nothing then you have to check the IIS services on the CA server; what is the version of MS OS on Exchange CA server you are using
You will find IIS management console under Administraive tools - check that it is started or from Service.msc
ASKER
OK... firstly by Exchange CA server, I assume you mean the server that has Exchange running on it.... if so then I get the following
http://localhost - this gives me a page saying
Server Error in Application "Default Web Site" at the top in a blue bar
Error summary
HTTP Error 403.4 - Forbidden
The Page you are trying to access is secured with Secure Sockets Layer (SSL)
Detailed Error Information
Module :IIS Web Core
Requested URL :http://localhost:80/
notification :begin request
Physical Path :C:\inetpub/wwwroot
http://localhost/owa gives the same error
Then I tried the secure version
https://localhost and https://localhost/owa
These give me initially a certificate navigation blocked page, saying that there's a problem with the website's security certificate....... if I click continue to this website (not recommended) then
https://localhost gives me a splash screen saying IIS7 with the word welcome in multiple languages
https://localhost/owa takes about 3 minutes then eventually gives me a page that says in plain text "An error occurred and your request couldn't be completed. If the problem continues, contact your helpdesk with this HTTP Status Code: 500
If I click show details then under a section titled request I get
URL: https://localhost:443/owa
Exception
exeption type :system web http exception
call stack
no callstack available.
The server is a brand new DL380G7 running Windows Server 2008 R2 Standard with SP1
within services, IIS Admin starts automatically and is started now
under administrative tools on the start menu, I have 2 entries for IIS
IIS 6.0 Manager
IIS Manager
Hope all that helps!!
http://localhost - this gives me a page saying
Server Error in Application "Default Web Site" at the top in a blue bar
Error summary
HTTP Error 403.4 - Forbidden
The Page you are trying to access is secured with Secure Sockets Layer (SSL)
Detailed Error Information
Module :IIS Web Core
Requested URL :http://localhost:80/
notification :begin request
Physical Path :C:\inetpub/wwwroot
http://localhost/owa gives the same error
Then I tried the secure version
https://localhost and https://localhost/owa
These give me initially a certificate navigation blocked page, saying that there's a problem with the website's security certificate....... if I click continue to this website (not recommended) then
https://localhost gives me a splash screen saying IIS7 with the word welcome in multiple languages
https://localhost/owa takes about 3 minutes then eventually gives me a page that says in plain text "An error occurred and your request couldn't be completed. If the problem continues, contact your helpdesk with this HTTP Status Code: 500
If I click show details then under a section titled request I get
URL: https://localhost:443/owa
Exception
exeption type :system web http exception
call stack
no callstack available.
The server is a brand new DL380G7 running Windows Server 2008 R2 Standard with SP1
within services, IIS Admin starts automatically and is started now
under administrative tools on the start menu, I have 2 entries for IIS
IIS 6.0 Manager
IIS Manager
Hope all that helps!!
In your IIS log files you should be able to narrow down more specific error codes (401.1, or 500.3, for example). Here is an article about how to find more specific errror codes in iis7, and links on how to troublesshoot them:
http://support.microsoft.com/kb/943891/en-us
http://support.microsoft.com/kb/943891/en-us
for instance, 403.4 is a code that means you need to use https. were you able to get the specific 500 error from the logs?
ASKER
The only error codes that I seem to be able to find in the logs are 403.1 and 403.5
Execute access fobidden and SSL 128 required respectively
Also 500.0 which is defined as "module or ISAPI error occurred"
Execute access fobidden and SSL 128 required respectively
Also 500.0 which is defined as "module or ISAPI error occurred"
for 403.1, try http://support.microsoft.com/kb/942065, then test your owa connection
for 403.5, try http://support.microsoft.com/kb/942069, then test your owa connection
for 500.0, try http://support.microsoft.com/kb/942031
for 403.5, try http://support.microsoft.com/kb/942069, then test your owa connection
for 500.0, try http://support.microsoft.com/kb/942031
ASKER
OK,
I've followed those instructions and I'm actually missing some of the sections mentioned, though I did set the handler mappings to "execute" and I unticked the require 128bit encryption box
I now have the following results.
http://localhost gives the same IIS splash page
http://localhost/owa gives a "server error in application 'default website/OWA"
HTTP error 401.2 unathorised
https://localhost gives the IIS splash page
https://localhost/owa gives the same 401.2 error above.
I've followed those instructions and I'm actually missing some of the sections mentioned, though I did set the handler mappings to "execute" and I unticked the require 128bit encryption box
I now have the following results.
http://localhost gives the same IIS splash page
http://localhost/owa gives a "server error in application 'default website/OWA"
HTTP error 401.2 unathorised
https://localhost gives the IIS splash page
https://localhost/owa gives the same 401.2 error above.
ASKER
Following the link for error 401.2 I went to
http://support.microsoft.com/kb/942043
However, the resolution listed mentions navigating to IIS / WWW Services / Security
it seems that I don't have those options within windows components as mentioned in the doc.
http://support.microsoft.com/kb/942043
However, the resolution listed mentions navigating to IIS / WWW Services / Security
it seems that I don't have those options within windows components as mentioned in the doc.
Do you have an authentication method selected? http://support.microsoft.com/kb/253667
ASKER
Unfortunately that article references IIS6 and we're running IIS7 so I can't follow those instructions (there's no properties option available for the "default web site")
However there is an authentication icon, opening that section reveals
Anonymous Authentication ans Windows Authentication are both enabled.
However there is an authentication icon, opening that section reveals
Anonymous Authentication ans Windows Authentication are both enabled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK
Following your instructions,
The server name (under client access) is DUMS02
On the authentication tab, "use one or more standard authentication methods" is selected, but none of the options are ticked.
You are correct, I am using Server 2008 R2 with Service Pack 1
IIS Manager, and then expand the server name node > sites > default web site > hook over OWA virtual directory: check authentiation settings:
This shows me that all authentication options are "disabled"
IIS / SSL = SSL is currently not ticked.
Following your instructions,
The server name (under client access) is DUMS02
On the authentication tab, "use one or more standard authentication methods" is selected, but none of the options are ticked.
You are correct, I am using Server 2008 R2 with Service Pack 1
IIS Manager, and then expand the server name node > sites > default web site > hook over OWA virtual directory: check authentiation settings:
This shows me that all authentication options are "disabled"
IIS / SSL = SSL is currently not ticked.
This is the error you are getting
so do this on the Exchnage management cosole (the first point )
for authentication "use one or more standard authentication methods" keep using this but under it
tick both Integrated windows and Basic authentication
and on the IIS server under authenticaiton enable both Windows authentication and Basic - Disable Anonymous
Then confirm that SSL setting is enabled
then try testing https://localhost/owa and do the other test from external
Please revert back with the results
so do this on the Exchnage management cosole (the first point )
for authentication "use one or more standard authentication methods" keep using this but under it
tick both Integrated windows and Basic authentication
and on the IIS server under authenticaiton enable both Windows authentication and Basic - Disable Anonymous
Then confirm that SSL setting is enabled
then try testing https://localhost/owa and do the other test from external
Please revert back with the results
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, have followed fireline's instructions (I'd rather not have to uninstall and re-install things until I absolutely have to)
Internally (from the server itself)
https://localhost/owa
A white page saying "outlook web app didn't initialise - invalid theme info file in folder arctc - root element is missing
internally (from another desktop on the LAN)
Internet explorer cannot display the webpage
Externally
https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen
http://mail.domainname.com/owa
Page cannot be displayed
https://mx_IP_address/owa
Same invalid theme errror as above
thoughts???
Internally (from the server itself)
https://localhost/owa
A white page saying "outlook web app didn't initialise - invalid theme info file in folder arctc - root element is missing
internally (from another desktop on the LAN)
Internet explorer cannot display the webpage
Externally
https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen
http://mail.domainname.com/owa
Page cannot be displayed
https://mx_IP_address/owa
Same invalid theme errror as above
thoughts???
"Externally
https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen
http://mail.domainname.com/owa
Page cannot be displayed"
once you install and enable thirdy party SSL certificates the will go, in order to troubleshoot run below commands on EMS
Get-OwaVirtualDirectory | fl Id*,*url*
Get-ClientAccessServer | fl Id*,*uri*
--------------------------
a part from above, reistalling owa should not not be a issue if owa is not working properly.
https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen
http://mail.domainname.com/owa
Page cannot be displayed"
once you install and enable thirdy party SSL certificates the will go, in order to troubleshoot run below commands on EMS
Get-OwaVirtualDirectory | fl Id*,*url*
Get-ClientAccessServer | fl Id*,*uri*
--------------------------
a part from above, reistalling owa should not not be a issue if owa is not working properly.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It looks a little like the error noted in the site above, but not identical.
Interestingly we may be getting closer!
When I navigate to https://mail.domainname.com/owa
I initially get a page that warns me about a certificate error, when I click continue anyway
I get a logon box appear that wants my username and password.
I've tried the format domain\username but the page just times out - it seems I now have connectivity from outside to my mail server, but the authentication isn't quite happening!
From the internal network, https://mailservername/owa gives an immediate page saying invalid theme info in arctc again
Interestingly we may be getting closer!
When I navigate to https://mail.domainname.com/owa
I initially get a page that warns me about a certificate error, when I click continue anyway
I get a logon box appear that wants my username and password.
I've tried the format domain\username but the page just times out - it seems I now have connectivity from outside to my mail server, but the authentication isn't quite happening!
From the internal network, https://mailservername/owa gives an immediate page saying invalid theme info in arctc again
ASKER
More developments.
I figured out how to updatecas.ps1 and did that.... no joy
then worked out how to remove and re-install OWA - did that.
Now I get a logon request box both from a network PC and an external connection.
Input a username and password and I get
server error in '/owa' application
Could not load file or assembly "microsoft.exchange.diagno
an unhandled exception error occurred?
I figured out how to updatecas.ps1 and did that.... no joy
then worked out how to remove and re-install OWA - did that.
Now I get a logon request box both from a network PC and an external connection.
Input a username and password and I get
server error in '/owa' application
Could not load file or assembly "microsoft.exchange.diagno
an unhandled exception error occurred?
ASKER
That got rid of the "server error in /owa" issue
However I now get the invalid theme info file in folder arctc error that I was originally having.
However I now get the invalid theme info file in folder arctc error that I was originally having.
ASKER
it seems my themes error is caused by the fact that all the files in the themes folder have a size value of 0 bytes.
Unfortunately they also have that value on my install media (a download as MS no longer ship CDs)
Is there anywhere I can re-download the theme from, or would someone be kind enough to zip and mail their arctc folder to me?
Unfortunately they also have that value on my install media (a download as MS no longer ship CDs)
Is there anywhere I can re-download the theme from, or would someone be kind enough to zip and mail their arctc folder to me?
ASKER
Obtained a copy of the themes directory, replaced my existing themes folders and now I get no errors, just blank white pages when i navigate to https://mail_server/owa from inside network
and https://mail.my_domain.com/owa from outside
and https://mail.my_domain.com/owa from outside
ASKER
Further update
I now have a situation where from both inside and outside my network I am asked for a username and password and then my mailbox appears.
Unfortunatey it is shown as if it was an image, it's not possible to open any mails, reply, delete, change folders etc etc
I now have a situation where from both inside and outside my network I am asked for a username and password and then my mailbox appears.
Unfortunatey it is shown as if it was an image, it's not possible to open any mails, reply, delete, change folders etc etc
Restart Exchange server and then try again
ASKER
Finally sorted now
After 8 hours over the last 2 days on the phone to Microsoft support it's now finally working.
The changed a number of the binary files, replaced my entire OWA subfolder, uninstalled and re-installed the CA role and changed a number of config files within IIS as well as altering the SSL settings there.
I've accepted multiple solutions as you both helped me get further down the line than I was.... thanks.
After 8 hours over the last 2 days on the phone to Microsoft support it's now finally working.
The changed a number of the binary files, replaced my entire OWA subfolder, uninstalled and re-installed the CA role and changed a number of config files within IIS as well as altering the SSL settings there.
I've accepted multiple solutions as you both helped me get further down the line than I was.... thanks.