Solved

ISA Server and Webmail

Posted on 2011-09-12
16
454 Views
Last Modified: 2012-05-12
Morning all,
                   Having a little trouble with a client, they have changed the external IP with an ISP change. after the change the Webmail has stopped working. I have re routed 443/25/80 to the Exchange server and mail is still flowing.

They have an ISA Server

ISA Management
Microsoft Corporation
Version: 3.0.1200.365

Could this be adding any restriction to the incomming traffice, if so were do i need to begin to look?

Many thanks,
0
Comment
Question by:ncomper
16 Comments
 
LVL 11

Expert Comment

by:Sanjay Santoki
Comment Utility
Hello,

Please be sure you have modified OWA publishing rule on ISA server. Also there may be issue with the name resolution so ISA is not forwarding query to appropriate server.

Thanks,
Sanjay Santoki
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
>>I have re routed 443/25/80 to the Exchange server and mail is still flowing.

how do you did that please?


do you changed the web listener on OWA publish rule to listen in the new ip address ? also please click on test rule .... any errors ?
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
Agreed with the above, most likely the listener is not configured on the correct IP.
A very good tool to help is troubleshoot this specific problem is
https://www.testexchangeconnectivity.com
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Thanks for all the comments.

I need to confirm that 443 and 80 are hitting the server what's the best way to do this.

Also when connecting internally to localhost/exchange it seems to resolve the webmail and opens using the external address mailhost.domain.co.uk/exchweb. Is this a DNS issue what might be contributing.

Thanks
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
Best way to check for port 80 and 443 usage is:

1. Check the IIS logs on your exchange server.
Logging could be disabled so you may need to enable it first, then test connectivity and review the logs.
In IIS,
right-click the "default website"
click properties
On the "web site" tab near the bottom, check if "enable logging" is enabled.
Click properties to find the location of the log files, typically that location is c:\windows\system32\logfiles\w3svc1
Files are then appended with the current date.
e.g. exYYMMDD, ex110914.log

2. Check the live monitoring in ISA.
Open ISA management console
Click the monitoring options
Click the Logging tab
Default setting is usually
Log Record type = firewall or web proxy
Log time = Live
Click Start Query and the test and review the incoming and outgoing traffic.
In the results screen, move the slider to the right to see more details per line event.
Look for results under the protocol or destination port columns


Alternatively in ISA, open the monitoring console
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Thanks for your input. I have tried to do the above but i am not seeing any of those options available to me in the ISA Management Console.

Once in the ISA console and have tabs available to me on the right pane, these can be expanded to show the following folders:

Monitoring
 -Alerts
 -Services
 -Sessions
 -Reports
Computer
Access Policy
Publishing
Policy Elements
Cache Configuration
Monitoring Configuration
 -Alerts
 -Logs
 -Report Jobs
Extensions
Network Configuration
Client Configuration

I am not seeing an option to 'Start Query'. Can you elaborate a bit more?
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
My bad, I assumed that everyone was already running 2004 or higher, didn't verify the version number,

For ISA 2000 you can see the options and screens for monitoring.
You're looking for the sessions under the monitoring folder.
http://www.isaserver.org/tutorials/Monitoring_ISA_Server.html
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Its showing 28 active sessions.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
Sorry, but the last time I used ISA 2000 was about 8 years ago, I can't recall all the monitoring options/screens.
Have you tried option 2 above?

Option 3:
run "netstat -n" from a command prompt on the Exchange server.
Your looking for the following lines:
Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    10.1.1.62:80           10.3.153.12:4509       ESTABLISHED
  TCP    10.1.1.62:443           10.3.153.12:4509       ESTABLISHED

The important part is the :80 and :443 in the local address
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Port :80 is showing as established but port :443 is not listed at all in the local addresses.
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
443 will only be available if you have enabled it on IIS which will only be an option if you have a SSL Certificate installed on the server.

On the Exchange Server,
open IIS and navigate to your "Default Web Site"
Right-click "Default Web Site" and click properties
3 lines from the top you should see
TCP Port:
and SSL Port: next to it.
Enter 443
Click OK

SSL should then be enabled.
If you got an error when clicking OK then most likely there is not a valid certificate on that server.
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
All of the above is already setup exactly as you have suggested. IIS, default website with TCP Port 80 and SSL 443. Any ideas where to go next?
0
 
LVL 26

Expert Comment

by:Leon Fester
Comment Utility
Then access your site on https://localhost/exchange

That is a direct connection to the 443 port.
If that works then 443 is listening
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Internally there is no issue, but trying to get to the webmail from an external POV still sees no progress.
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
Comment Utility
Did this ever work before?
Is there a Single Exchange Server or do you have a front-end and back-end configuration?

How did you configure the webmail for publishing on ISA?
Verify the installation requirements from this document
http://support.microsoft.com/kb/290113

Lastly you can test your configuration by visiting the Microsoft site:
https://www.testexchangeconnectivity.com
0
 
LVL 5

Author Comment

by:ncomper
Comment Utility
Our Engineer is off today, ill get him to come backt o you

Thanks
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Utilizing an array to gracefully append to a list of EmailAddresses
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now