SBS 2003 - Exchange remote web access - unabe to access over the internet

Posted on 2011-09-22
Last Modified: 2012-08-13

For some reason we can't access https://wan-ip/Exchange on one of our servers.
This worked fine until a few weeks ago. Internally (https://servername/Exchange) it works just fine. I've been searching alot for a solution but it seems nothing works.

Its a simple setup.
A linksys WAG54GS router (
that has DMZ enabled for the server IP (SBS 2003).

I've tested to manually set the ports on the router but no joy.
IE/Firefox/Chrome respond that the website didn't respond in time..

I checked all the perissions in IIS and compaired them wirh a working server,
It seems to me that all the settings are correct.
oh, and I  ran CEICW again and again trying to fix it, (no errors appear)

Question by:Benderama
LVL 11

Accepted Solution

louisreeves earned 500 total points
ID: 36580070
Based on what you are saying, it sounds like you have excluded OWA and the server from being the problem. IF OWA works internally, that says alot. Provided you have the settijngs correct for external access, you should be good to go there. I have had instances where the rotuer just stopped forwarding the port. Try doin a reset and see if that helps. I dont know if you are using a certificate but if so, that changes the equation. Make sure the IIS binding is associated with the port. try using your public IP as https://publicip/exchange and see if you get a page. if you do, then you have it narrowed down to DNS> I have heard if you have a name problem, you can put a random name into the connect to internet wizard and then run it again and put the name back and it may take care of a name problem. If your issue still lingers with using the IP then I think you have a routing problem of some type IE domiain registrar, router. etc.... if you have checked everything and you know for a fact that its not

1. DNS
2. Certificate bindings
3. External recored domain registrar related
4. Rotuer/firewall
5. virtual directories are all correct

The I would concider rebuilding your virtual directories- My vote is its a firewall or something.

: SBS2003, Exchange 2003 & Mobile ActiveSync


This is top to bottom- setting to look at acoss all diectoies

I.Please verify Authentication settings by the following steps.

For Exchange-oma virtual directory:

1. Open IIS Manager

2. Open properties of virtual directory Exchange-oma

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Enabled Basic authentication

Enabled Integrated Windows authentication

Disabled anonymous access

Note:If you need to use SSL on the Exchange virtual directory, you may
create the Exchange-OMA virtual directory for the OMA and ActiveSync and
don't use SSL on the Exchange-OMA virtual directory.

For OMA virtual directory and Microsoft-Server-ActiveSync virtual directory:

1. Open IIS Manager

2. Open properties of OMA virtual directory and Microsoft-Server-ActiveSync
virtual directory respectively.

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Uncheck Enable anonymous access

Uncheck Integrated Windows authentication

Check Basic authentication

After that, please restart the IIS Admin Service (services.msc) and then
verify the issue.

II. if issue still occur, refer to the KB article 883380 to rebuild the
DS2MB of IIS server and manually create exchange-oma VD to see if the issue

Step 1: Rebuild the DS2MB of IIS server. To do so:

1. Go to Internet Services Manager and delete the following virtual






2. Open Metabase Explorer and expand LM > DS2MB > HighWaterMarks > GUID

3. Double click the entry which has a 5-digit number in the data folder in
the right pane of the GUID folder.

4. Replace the number in the Data field with 0 (zero) and then click OK.
Close Metaedit

5. Run services.msc and right click IIS Admin Service, and then click
Restart to restart the service.

6. Restart the System Attendant. After that, these virtual directories can
be created.

7. Then please re-run CEICW to configure network connection.

More detailed information is addressed in the following article:

883380 How to reset the default virtual directories for Outlook Web Access
in Exchange Server 2003

I hope this helps some.


Author Closing Comment

ID: 36580364
Thanks for a great reply,

In all the solutions I've read everyone said to look in the
exchange virtual directory. Now I see my problem was in the exchange-oma directory. Under security, it was set to access denied to all accept a few IP adresses. I think someone manually changed this because all the local client IP's where filled in. Weird..

Thanks louisreeves

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer:…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question