• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9000
  • Last Modified:

Exchange 2010 Outlook Web Access Setup

Another Exchange 2010 question from me....

With my exchange server now running correctly and mail flowing as it should, my thoughts are turning to getting the environment set up in such a way that my laptop users can access their e-mail when they are outside of the office and perhaps other users can use a web client to access mail?

My firewall has been set up to open the relevent ports and I thought that I had configured OWA correctly within exchange, alas it doesn't work.

Externally
navigating to https://mail.mydomain.com gives an IIS7 screen
navigating to https://mx_record_ip/owa gives HTTP error code 500
pinging mail_server_name.my_domain responds with the correct IP address etc

from my internal network
navigating to http://mail_server_name/owa gives a 403 forbidden error

At one point yesterday I had an OWA error about an invalid theme in folder arctc but I can't remember what address I used to get that error?

I'm lost now, anyone got any advice on what to do to make OWA work?
0
dangermouse1977
Asked:
dangermouse1977
  • 17
  • 8
  • 6
  • +1
3 Solutions
 
npinfotechCommented:
there might be an iis issue: http://support.microsoft.com/kb/301428
0
 
dangermouse1977Author Commented:
Thanks for the link, unfortunately it doesn't apply to IIS 7 which is the version that I am running
0
 
npinfotechCommented:
what happens if you try https://internal-server-ip/owa ?
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
npinfotechCommented:
from inside the network
0
 
fireline1082Commented:
first when you browse the default URL will be

https://mailexample.com/owa 

you have to add /owa to the URL

In your exchange server. go to Server Configuration > Client Access > Outlokk Web Access

right Click OWA (Default web site) properties ; then confirm that the External URL is on the above format

Usually you will see the internal look like this https://servername/owa 

the external should be : https://externalservername.com/owa

Do you have ISA server in between or the users requests are directly forwarded to the Exchange Client Access server (CA)?
0
 
dangermouse1977Author Commented:
NPinfotech
When I try https://internal_server_ip/owa from inside the network, I get a page that says

Server Error (accross the top in a black bar)
then
401 - Unathorizes: Access is denied due to invalid credentials
You do not have permission to view this directory or page using the credentials that you supplied.
0
 
dangermouse1977Author Commented:
Fireline... hello again!!

Currently we have a bit of a mismatch on the page you note... which I suspect is causing my issue:

internal URL is https://mail_server_name.fbd.com/owa

external URL is https://mail.freddbloggsdriving.com/owa



For anyone else reading this, I had a previous issue with exchange setup where I had a mixture of the FQDN (freddbloggsdriving.com) and the abbreviated form (fbd.com) now sorted in terms of general mail flow, but apparently not owa.

We are not running ISA server, as far as I know user requests are forwarded directly (if you want me to check then tell me where!!)
0
 
fireline1082Commented:


OK it seems that it is not working internally then it will not work for sure externally

Can you login to Exchange Client Access (CA) Server and from there; just type in the URL :

http://localhost - see if you can get IIS page - revert with the result

https://localhost/OWA - see if you get anything  - revert with the result

If nothing then you have to check the IIS services on the CA server; what is the version of MS OS on Exchange CA server you are using

You will find IIS management console under Administraive tools - check that it is started or from Service.msc

0
 
dangermouse1977Author Commented:
OK... firstly by Exchange CA server, I assume you mean the server that has Exchange running on it.... if so then I get the following

http://localhost - this gives me a page saying

Server Error in Application "Default Web Site" at the top in a blue bar
Error summary
HTTP Error 403.4 - Forbidden
The Page you are trying to access is secured with Secure Sockets Layer (SSL)
Detailed Error Information
Module :IIS Web Core  
Requested URL :http://localhost:80/
notification :begin request  
Physical Path :C:\inetpub/wwwroot

http://localhost/owa gives the same error

Then I tried the secure version
https://localhost and https://localhost/owa

These give me initially a certificate navigation blocked page, saying that there's a problem with the website's security certificate....... if I click continue to this website (not recommended) then

https://localhost gives me a splash screen saying IIS7 with the word welcome in multiple languages

https://localhost/owa takes about 3 minutes then eventually gives me a page that says in plain text "An error occurred and your request couldn't be completed. If the problem continues, contact your helpdesk with this HTTP Status Code: 500
If I click show details then under a section titled request I get
URL: https://localhost:443/owa

Exception
exeption type :system web http exception

call stack
no callstack available.

The server is a brand new DL380G7 running Windows Server 2008 R2 Standard with SP1

within services, IIS Admin starts automatically and is started now
under administrative tools on the start menu, I have 2 entries for IIS

IIS 6.0 Manager
IIS Manager

Hope all that helps!!
0
 
npinfotechCommented:
In your IIS log files you should be able to narrow down more specific error codes (401.1, or 500.3, for example).  Here is an article about how to find more specific errror codes in iis7, and links on how to troublesshoot them:
http://support.microsoft.com/kb/943891/en-us
0
 
npinfotechCommented:
for instance, 403.4 is a code that means you need to use https.  were you able to get the specific 500 error from the logs?
0
 
dangermouse1977Author Commented:
The only error codes that I seem to be able to find in the logs are 403.1 and 403.5
Execute access fobidden and SSL 128 required respectively

Also 500.0 which is defined as "module or ISAPI error occurred"
0
 
npinfotechCommented:
for 403.1, try http://support.microsoft.com/kb/942065, then test your owa connection

for 403.5, try http://support.microsoft.com/kb/942069, then test your owa connection

for 500.0, try http://support.microsoft.com/kb/942031

0
 
dangermouse1977Author Commented:
OK,

I've followed those instructions and I'm actually missing some of the sections mentioned, though I did set the handler mappings to "execute" and I unticked the require 128bit encryption box

I now have the following results.

http://localhost gives the same IIS splash page
http://localhost/owa gives a "server error in application 'default website/OWA"
          HTTP error 401.2 unathorised

https://localhost gives the IIS splash page
https://localhost/owa gives the same 401.2 error above.
0
 
dangermouse1977Author Commented:
Following the link for error 401.2 I went to

http://support.microsoft.com/kb/942043

However, the resolution listed mentions navigating to IIS / WWW Services / Security
it seems that I don't have those options within windows components as mentioned in the doc.
0
 
npinfotechCommented:
Do you have an authentication method selected? http://support.microsoft.com/kb/253667
0
 
dangermouse1977Author Commented:
Unfortunately that article references IIS6 and we're running IIS7 so I can't follow those instructions (there's no properties option available for the "default web site")
However there is an authentication icon, opening that section reveals

Anonymous Authentication ans Windows Authentication are both enabled.
0
 
fireline1082Commented:
Hi ,

Sorry for the delay in following up as I was quite busy

I mean by the CA server; it is Client Access Server; I am not sure if you install Exchange roles in only one box (not recommended) or to multiple box (recommended)

first to get the name of your Exchange Client Access - Open Exchnage Management Console [ Start - All programs  - Microsoft Exchange server - Exchnage Management Console]

Then expand Server Configuration node - hook over client Access and then on the right panel (top one)

You will notice the server name there - see the attached screenshot



I need you to provide these details to me on this CA server

go to Exchange Management Console > Server Configuration > Client Access > OWA (Default web site)

and then righrt click properties - Authentication tab

Please tell me what is configured on the authentication tab


I think you are using win 2008 becuase Exchange 2010 can be only installed on Win 2008 - So from Server Manager > Roles > Web server (IIS)
> IIS Manager

and then expand the server name node > sites > default web site > hook over OWA virtual directory

and then from the right panel  double click the authetication and provide me what is configured there


Usually for OWA, they configure it with Forms-based authentication with SSL - Therefore, on the same IIS panel (OWA virtual directory) you need to check that SSL setting
is enabled by ticking Require SSL


 How to get the CA server name
0
 
dangermouse1977Author Commented:
OK

Following your instructions,
The server name (under client access) is DUMS02

On the authentication tab, "use one or more standard authentication methods" is selected, but none of the options are ticked.

You are correct, I am using Server 2008 R2 with Service Pack 1

 IIS Manager, and then expand the server name node > sites > default web site > hook over OWA virtual directory: check authentiation settings:
This shows me that all authentication options are "disabled"

IIS / SSL = SSL is currently not ticked.
0
 
fireline1082Commented:
This is the error you are getting

so do this on the Exchnage management cosole (the first point )

for authentication "use one or more standard authentication methods" keep using this but under it

tick both Integrated windows and Basic authentication


and on the IIS server under authenticaiton enable both Windows authentication and Basic - Disable Anonymous


Then confirm that SSL setting is enabled


then try testing https://localhost/owa and do the other test from external


Please revert back with the results
0
 
itubafCommented:
dear,

you have two issues,

1) Internal
2) External

Internal,

1) no need to modify any setting, uninstall OWA role, then install again. use default owa link it should work. then buy SSL certificates from third party, install and enable.


External,
1) create one role for OWA in your firewall/router , allowing HTTPS from external to internal, and create NAT.  
0
 
dangermouse1977Author Commented:
OK, have followed fireline's instructions (I'd rather not have to uninstall and re-install things until I absolutely have to)

Internally (from the server itself)

https://localhost/owa
A white page saying "outlook web app didn't initialise - invalid theme info file in folder arctc - root element is missing

internally (from another desktop on the LAN)
Internet explorer cannot display the webpage

Externally

https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen

http://mail.domainname.com/owa
Page cannot be displayed

https://mx_IP_address/owa
Same invalid theme errror as above

thoughts???
0
 
itubafCommented:
"Externally

https://mail.domainname.com/owa
Warns about a certificate error then IIS7 splash screen

http://mail.domainname.com/owa
Page cannot be displayed"

once you install and enable  thirdy party SSL certificates the will go, in order to troubleshoot run below commands on EMS

Get-OwaVirtualDirectory | fl Id*,*url*
Get-ClientAccessServer | fl Id*,*uri*
---------------------------------------------
a part from above, reistalling owa should not not be a issue if owa is not working properly.



0
 
fireline1082Commented:
Forget to tell that you need to restart IIS services after doing the changes - may be it worth even to reboot the server to completely make sure that even Exchange services are restarted

Other that that, may be the re-intsall option should be considered may be some missing binary files in your exchange installation as you mentioned the system shows missing elements on the page

does it look like the error explained on this page
http://www.vincenzosciarra.tk/2010/08/10/exchange-2010-owa-issue-outlook-web-app-didnt-initialize/
0
 
dangermouse1977Author Commented:
It looks a little like the error noted in the site above, but not identical.

Interestingly we may be getting closer!

When I navigate to https://mail.domainname.com/owa 
I initially get a page that warns me about a certificate error, when I click continue anyway
I get a logon box appear that wants my username and password.

I've tried the format domain\username but the page just times out - it seems I now have connectivity from outside to my mail server, but the authentication isn't quite happening!

From the internal network, https://mailservername/owa gives an immediate page saying invalid theme info in arctc again
0
 
dangermouse1977Author Commented:
More developments.

I figured out how to updatecas.ps1 and did that.... no joy
then worked out how to remove and re-install OWA - did that.

Now I get a logon request box both from a network PC and an external connection.
Input a username and password and I get

server error in '/owa' application

Could not load file or assembly "microsoft.exchange.diagnostics, version 14.0.0.0 culture neutral

an unhandled exception error occurred?
0
 
dangermouse1977Author Commented:
That got rid of the "server error in /owa" issue

However I now get the invalid theme info file in folder arctc error that I was originally having.

0
 
dangermouse1977Author Commented:
it seems my themes error is caused by the fact that all the files in the themes folder have a size value of 0 bytes.
Unfortunately they also have that value on my install media (a download as MS no longer ship CDs)

Is there anywhere I can re-download the theme from, or would someone be kind enough to zip and mail their arctc folder to me?

0
 
dangermouse1977Author Commented:
Obtained a copy of the themes directory, replaced my existing themes folders and now I get no errors, just blank white pages when i navigate to https://mail_server/owa from inside network
and https://mail.my_domain.com/owa from outside
0
 
dangermouse1977Author Commented:
Further update

I now have a situation where from both inside and outside my network I am asked for a username and password and then my mailbox appears.

Unfortunatey it is shown as if it was an image, it's not possible to open any mails, reply, delete, change folders etc etc
0
 
fireline1082Commented:
Restart Exchange server and then try again
0
 
dangermouse1977Author Commented:
Finally sorted now
After 8 hours over the last 2 days on the phone to Microsoft support it's now finally working.

The changed a number of the binary files, replaced my entire OWA subfolder, uninstalled and re-installed the CA role and changed a number of config files within IIS as well as altering the SSL settings there.

I've accepted multiple solutions as you both helped me get further down the line than I was.... thanks.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 17
  • 8
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now