We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Exchange 2010 Outlook Web Access Setup

dangermouse1977
on
Medium Priority
9,375 Views
Last Modified: 2012-05-11
Another Exchange 2010 question from me....

With my exchange server now running correctly and mail flowing as it should, my thoughts are turning to getting the environment set up in such a way that my laptop users can access their e-mail when they are outside of the office and perhaps other users can use a web client to access mail?

My firewall has been set up to open the relevent ports and I thought that I had configured OWA correctly within exchange, alas it doesn't work.

Externally
navigating to https://mail.mydomain.com gives an IIS7 screen
navigating to https://mx_record_ip/owa gives HTTP error code 500
pinging mail_server_name.my_domain responds with the correct IP address etc

from my internal network
navigating to http://mail_server_name/owa gives a 403 forbidden error

At one point yesterday I had an OWA error about an invalid theme in folder arctc but I can't remember what address I used to get that error?

I'm lost now, anyone got any advice on what to do to make OWA work?
Comment
Watch Question

there might be an iis issue: http://support.microsoft.com/kb/301428

Author

Commented:
Thanks for the link, unfortunately it doesn't apply to IIS 7 which is the version that I am running
what happens if you try https://internal-server-ip/owa ?
from inside the network
first when you browse the default URL will be

https://mailexample.com/owa 

you have to add /owa to the URL

In your exchange server. go to Server Configuration > Client Access > Outlokk Web Access

right Click OWA (Default web site) properties ; then confirm that the External URL is on the above format

Usually you will see the internal look like this https://servername/owa 

the external should be : https://externalservername.com/owa

Do you have ISA server in between or the users requests are directly forwarded to the Exchange Client Access server (CA)?

Author

Commented:
NPinfotech
When I try https://internal_server_ip/owa from inside the network, I get a page that says

Server Error (accross the top in a black bar)
then
401 - Unathorizes: Access is denied due to invalid credentials
You do not have permission to view this directory or page using the credentials that you supplied.

Author

Commented:
Fireline... hello again!!

Currently we have a bit of a mismatch on the page you note... which I suspect is causing my issue:

internal URL is https://mail_server_name.fbd.com/owa

external URL is https://mail.freddbloggsdriving.com/owa



For anyone else reading this, I had a previous issue with exchange setup where I had a mixture of the FQDN (freddbloggsdriving.com) and the abbreviated form (fbd.com) now sorted in terms of general mail flow, but apparently not owa.

We are not running ISA server, as far as I know user requests are forwarded directly (if you want me to check then tell me where!!)


OK it seems that it is not working internally then it will not work for sure externally

Can you login to Exchange Client Access (CA) Server and from there; just type in the URL :

http://localhost - see if you can get IIS page - revert with the result

https://localhost/OWA - see if you get anything  - revert with the result

If nothing then you have to check the IIS services on the CA server; what is the version of MS OS on Exchange CA server you are using

You will find IIS management console under Administraive tools - check that it is started or from Service.msc

Author

Commented:
OK... firstly by Exchange CA server, I assume you mean the server that has Exchange running on it.... if so then I get the following

http://localhost - this gives me a page saying

Server Error in Application "Default Web Site" at the top in a blue bar
Error summary
HTTP Error 403.4 - Forbidden
The Page you are trying to access is secured with Secure Sockets Layer (SSL)
Detailed Error Information
Module :IIS Web Core  
Requested URL :http://localhost:80/
notification :begin request  
Physical Path :C:\inetpub/wwwroot

http://localhost/owa gives the same error

Then I tried the secure version
https://localhost and https://localhost/owa

These give me initially a certificate navigation blocked page, saying that there's a problem with the website's security certificate....... if I click continue to this website (not recommended) then

https://localhost gives me a splash screen saying IIS7 with the word welcome in multiple languages

https://localhost/owa takes about 3 minutes then eventually gives me a page that says in plain text "An error occurred and your request couldn't be completed. If the problem continues, contact your helpdesk with this HTTP Status Code: 500
If I click show details then under a section titled request I get
URL: https://localhost:443/owa

Exception
exeption type :system web http exception

call stack
no callstack available.

The server is a brand new DL380G7 running Windows Server 2008 R2 Standard with SP1

within services, IIS Admin starts automatically and is started now
under administrative tools on the start menu, I have 2 entries for IIS

IIS 6.0 Manager
IIS Manager

Hope all that helps!!
In your IIS log files you should be able to narrow down more specific error codes (401.1, or 500.3, for example).  Here is an article about how to find more specific errror codes in iis7, and links on how to troublesshoot them:
http://support.microsoft.com/kb/943891/en-us
for instance, 403.4 is a code that means you need to use https.  were you able to get the specific 500 error from the logs?

Author

Commented:
The only error codes that I seem to be able to find in the logs are 403.1 and 403.5
Execute access fobidden and SSL 128 required respectively

Also 500.0 which is defined as "module or ISAPI error occurred"
for 403.1, try http://support.microsoft.com/kb/942065, then test your owa connection

for 403.5, try http://support.microsoft.com/kb/942069, then test your owa connection

for 500.0, try http://support.microsoft.com/kb/942031

Author

Commented:
OK,

I've followed those instructions and I'm actually missing some of the sections mentioned, though I did set the handler mappings to "execute" and I unticked the require 128bit encryption box

I now have the following results.

http://localhost gives the same IIS splash page
http://localhost/owa gives a "server error in application 'default website/OWA"
          HTTP error 401.2 unathorised

https://localhost gives the IIS splash page
https://localhost/owa gives the same 401.2 error above.

Author

Commented:
Following the link for error 401.2 I went to

http://support.microsoft.com/kb/942043

However, the resolution listed mentions navigating to IIS / WWW Services / Security
it seems that I don't have those options within windows components as mentioned in the doc.
Do you have an authentication method selected? http://support.microsoft.com/kb/253667

Author

Commented:
Unfortunately that article references IIS6 and we're running IIS7 so I can't follow those instructions (there's no properties option available for the "default web site")
However there is an authentication icon, opening that section reveals

Anonymous Authentication ans Windows Authentication are both enabled.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
OK

Following your instructions,
The server name (under client access) is DUMS02

On the authentication tab, "use one or more standard authentication methods" is selected, but none of the options are ticked.

You are correct, I am using Server 2008 R2 with Service Pack 1

 IIS Manager, and then expand the server name node > sites > default web site > hook over OWA virtual directory: check authentiation settings:
This shows me that all authentication options are "disabled"

IIS / SSL = SSL is currently not ticked.
This is the error you are getting

so do this on the Exchnage management cosole (the first point )

for authentication "use one or more standard authentication methods" keep using this but under it

tick both Integrated windows and Basic authentication


and on the IIS server under authenticaiton enable both Windows authentication and Basic - Disable Anonymous


Then confirm that SSL setting is enabled


then try testing https://localhost/owa and do the other test from external


Please revert back with the results
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
OK, have followed fireline's instructions (I'd rather not have to uninstall and re-install things until I absolutely have to)

Internally (from the server itself)

https://localhost/owa
A white page saying "outlook web app didn't initialise - invalid theme info file in folder arctc - root element is missing

internally (from another desktop on the LAN)
Internet explorer cannot display the webpage

Externally

https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen

http://mail.domainname.com/owa
Page cannot be displayed

https://mx_IP_address/owa
Same invalid theme errror as above

thoughts???

Commented:
"Externally

https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen

http://mail.domainname.com/owa
Page cannot be displayed"

once you install and enable  thirdy party SSL certificates the will go, in order to troubleshoot run below commands on EMS

Get-OwaVirtualDirectory | fl Id*,*url*
Get-ClientAccessServer | fl Id*,*uri*
---------------------------------------------
a part from above, reistalling owa should not not be a issue if owa is not working properly.



Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
It looks a little like the error noted in the site above, but not identical.

Interestingly we may be getting closer!

When I navigate to https://mail.domainname.com/owa 
I initially get a page that warns me about a certificate error, when I click continue anyway
I get a logon box appear that wants my username and password.

I've tried the format domain\username but the page just times out - it seems I now have connectivity from outside to my mail server, but the authentication isn't quite happening!

From the internal network, https://mailservername/owa gives an immediate page saying invalid theme info in arctc again

Author

Commented:
More developments.

I figured out how to updatecas.ps1 and did that.... no joy
then worked out how to remove and re-install OWA - did that.

Now I get a logon request box both from a network PC and an external connection.
Input a username and password and I get

server error in '/owa' application

Could not load file or assembly "microsoft.exchange.diagnostics, version 14.0.0.0 culture neutral

an unhandled exception error occurred?

Author

Commented:
That got rid of the "server error in /owa" issue

However I now get the invalid theme info file in folder arctc error that I was originally having.

Author

Commented:
it seems my themes error is caused by the fact that all the files in the themes folder have a size value of 0 bytes.
Unfortunately they also have that value on my install media (a download as MS no longer ship CDs)

Is there anywhere I can re-download the theme from, or would someone be kind enough to zip and mail their arctc folder to me?

Author

Commented:
Obtained a copy of the themes directory, replaced my existing themes folders and now I get no errors, just blank white pages when i navigate to https://mail_server/owa from inside network
and https://mail.my_domain.com/owa from outside

Author

Commented:
Further update

I now have a situation where from both inside and outside my network I am asked for a username and password and then my mailbox appears.

Unfortunatey it is shown as if it was an image, it's not possible to open any mails, reply, delete, change folders etc etc
Restart Exchange server and then try again

Author

Commented:
Finally sorted now
After 8 hours over the last 2 days on the phone to Microsoft support it's now finally working.

The changed a number of the binary files, replaced my entire OWA subfolder, uninstalled and re-installed the CA role and changed a number of config files within IIS as well as altering the SSL settings there.

I've accepted multiple solutions as you both helped me get further down the line than I was.... thanks.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.