ncomper
asked on
ISA Server and Webmail
Morning all,
Having a little trouble with a client, they have changed the external IP with an ISP change. after the change the Webmail has stopped working. I have re routed 443/25/80 to the Exchange server and mail is still flowing.
They have an ISA Server
ISA Management
Microsoft Corporation
Version: 3.0.1200.365
Could this be adding any restriction to the incomming traffice, if so were do i need to begin to look?
Many thanks,
Having a little trouble with a client, they have changed the external IP with an ISP change. after the change the Webmail has stopped working. I have re routed 443/25/80 to the Exchange server and mail is still flowing.
They have an ISA Server
ISA Management
Microsoft Corporation
Version: 3.0.1200.365
Could this be adding any restriction to the incomming traffice, if so were do i need to begin to look?
Many thanks,
>>I have re routed 443/25/80 to the Exchange server and mail is still flowing.
how do you did that please?
do you changed the web listener on OWA publish rule to listen in the new ip address ? also please click on test rule .... any errors ?
how do you did that please?
do you changed the web listener on OWA publish rule to listen in the new ip address ? also please click on test rule .... any errors ?
Agreed with the above, most likely the listener is not configured on the correct IP.
A very good tool to help is troubleshoot this specific problem is
https://www.testexchangeconnectivity.com
A very good tool to help is troubleshoot this specific problem is
https://www.testexchangeconnectivity.com
ASKER
Thanks for all the comments.
I need to confirm that 443 and 80 are hitting the server what's the best way to do this.
Also when connecting internally to localhost/exchange it seems to resolve the webmail and opens using the external address mailhost.domain.co.uk/exch
Thanks
I need to confirm that 443 and 80 are hitting the server what's the best way to do this.
Also when connecting internally to localhost/exchange it seems to resolve the webmail and opens using the external address mailhost.domain.co.uk/exch
Thanks
Best way to check for port 80 and 443 usage is:
1. Check the IIS logs on your exchange server.
Logging could be disabled so you may need to enable it first, then test connectivity and review the logs.
In IIS,
right-click the "default website"
click properties
On the "web site" tab near the bottom, check if "enable logging" is enabled.
Click properties to find the location of the log files, typically that location is c:\windows\system32\logfil
Files are then appended with the current date.
e.g. exYYMMDD, ex110914.log
2. Check the live monitoring in ISA.
Open ISA management console
Click the monitoring options
Click the Logging tab
Default setting is usually
Log Record type = firewall or web proxy
Log time = Live
Click Start Query and the test and review the incoming and outgoing traffic.
In the results screen, move the slider to the right to see more details per line event.
Look for results under the protocol or destination port columns
Alternatively in ISA, open the monitoring console
1. Check the IIS logs on your exchange server.
Logging could be disabled so you may need to enable it first, then test connectivity and review the logs.
In IIS,
right-click the "default website"
click properties
On the "web site" tab near the bottom, check if "enable logging" is enabled.
Click properties to find the location of the log files, typically that location is c:\windows\system32\logfil
Files are then appended with the current date.
e.g. exYYMMDD, ex110914.log
2. Check the live monitoring in ISA.
Open ISA management console
Click the monitoring options
Click the Logging tab
Default setting is usually
Log Record type = firewall or web proxy
Log time = Live
Click Start Query and the test and review the incoming and outgoing traffic.
In the results screen, move the slider to the right to see more details per line event.
Look for results under the protocol or destination port columns
Alternatively in ISA, open the monitoring console
ASKER
Thanks for your input. I have tried to do the above but i am not seeing any of those options available to me in the ISA Management Console.
Once in the ISA console and have tabs available to me on the right pane, these can be expanded to show the following folders:
Monitoring
-Alerts
-Services
-Sessions
-Reports
Computer
Access Policy
Publishing
Policy Elements
Cache Configuration
Monitoring Configuration
-Alerts
-Logs
-Report Jobs
Extensions
Network Configuration
Client Configuration
I am not seeing an option to 'Start Query'. Can you elaborate a bit more?
Once in the ISA console and have tabs available to me on the right pane, these can be expanded to show the following folders:
Monitoring
-Alerts
-Services
-Sessions
-Reports
Computer
Access Policy
Publishing
Policy Elements
Cache Configuration
Monitoring Configuration
-Alerts
-Logs
-Report Jobs
Extensions
Network Configuration
Client Configuration
I am not seeing an option to 'Start Query'. Can you elaborate a bit more?
My bad, I assumed that everyone was already running 2004 or higher, didn't verify the version number,
For ISA 2000 you can see the options and screens for monitoring.
You're looking for the sessions under the monitoring folder.
http://www.isaserver.org/tutorials/Monitoring_ISA_Server.html
For ISA 2000 you can see the options and screens for monitoring.
You're looking for the sessions under the monitoring folder.
http://www.isaserver.org/tutorials/Monitoring_ISA_Server.html
ASKER
Its showing 28 active sessions.
Sorry, but the last time I used ISA 2000 was about 8 years ago, I can't recall all the monitoring options/screens.
Have you tried option 2 above?
Option 3:
run "netstat -n" from a command prompt on the Exchange server.
Your looking for the following lines:
Active Connections
Proto Local Address Foreign Address State
TCP 10.1.1.62:80 10.3.153.12:4509 ESTABLISHED
TCP 10.1.1.62:443 10.3.153.12:4509 ESTABLISHED
The important part is the :80 and :443 in the local address
Have you tried option 2 above?
Option 3:
run "netstat -n" from a command prompt on the Exchange server.
Your looking for the following lines:
Active Connections
Proto Local Address Foreign Address State
TCP 10.1.1.62:80 10.3.153.12:4509 ESTABLISHED
TCP 10.1.1.62:443 10.3.153.12:4509 ESTABLISHED
The important part is the :80 and :443 in the local address
ASKER
Port :80 is showing as established but port :443 is not listed at all in the local addresses.
443 will only be available if you have enabled it on IIS which will only be an option if you have a SSL Certificate installed on the server.
On the Exchange Server,
open IIS and navigate to your "Default Web Site"
Right-click "Default Web Site" and click properties
3 lines from the top you should see
TCP Port:
and SSL Port: next to it.
Enter 443
Click OK
SSL should then be enabled.
If you got an error when clicking OK then most likely there is not a valid certificate on that server.
On the Exchange Server,
open IIS and navigate to your "Default Web Site"
Right-click "Default Web Site" and click properties
3 lines from the top you should see
TCP Port:
and SSL Port: next to it.
Enter 443
Click OK
SSL should then be enabled.
If you got an error when clicking OK then most likely there is not a valid certificate on that server.
ASKER
All of the above is already setup exactly as you have suggested. IIS, default website with TCP Port 80 and SSL 443. Any ideas where to go next?
Then access your site on https://localhost/exchange
That is a direct connection to the 443 port.
If that works then 443 is listening
That is a direct connection to the 443 port.
If that works then 443 is listening
ASKER
Internally there is no issue, but trying to get to the webmail from an external POV still sees no progress.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Our Engineer is off today, ill get him to come backt o you
Thanks
Thanks
Please be sure you have modified OWA publishing rule on ISA server. Also there may be issue with the name resolution so ISA is not forwarding query to appropriate server.
Thanks,
Sanjay Santoki