SBS 2003 - Exchange remote web access - unabe to access over the internet

Posted on 2011-09-22
Last Modified: 2012-08-13

For some reason we can't access https://wan-ip/Exchange on one of our servers.
This worked fine until a few weeks ago. Internally (https://servername/Exchange) it works just fine. I've been searching alot for a solution but it seems nothing works.

Its a simple setup.
A linksys WAG54GS router (
that has DMZ enabled for the server IP (SBS 2003).

I've tested to manually set the ports on the router but no joy.
IE/Firefox/Chrome respond that the website didn't respond in time..

I checked all the perissions in IIS and compaired them wirh a working server,
It seems to me that all the settings are correct.
oh, and I  ran CEICW again and again trying to fix it, (no errors appear)

Question by:Benderama
LVL 11

Accepted Solution

louisreeves earned 500 total points
ID: 36580070
Based on what you are saying, it sounds like you have excluded OWA and the server from being the problem. IF OWA works internally, that says alot. Provided you have the settijngs correct for external access, you should be good to go there. I have had instances where the rotuer just stopped forwarding the port. Try doin a reset and see if that helps. I dont know if you are using a certificate but if so, that changes the equation. Make sure the IIS binding is associated with the port. try using your public IP as https://publicip/exchange and see if you get a page. if you do, then you have it narrowed down to DNS> I have heard if you have a name problem, you can put a random name into the connect to internet wizard and then run it again and put the name back and it may take care of a name problem. If your issue still lingers with using the IP then I think you have a routing problem of some type IE domiain registrar, router. etc.... if you have checked everything and you know for a fact that its not

1. DNS
2. Certificate bindings
3. External recored domain registrar related
4. Rotuer/firewall
5. virtual directories are all correct

The I would concider rebuilding your virtual directories- My vote is its a firewall or something.

: SBS2003, Exchange 2003 & Mobile ActiveSync


This is top to bottom- setting to look at acoss all diectoies

I.Please verify Authentication settings by the following steps.

For Exchange-oma virtual directory:

1. Open IIS Manager

2. Open properties of virtual directory Exchange-oma

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Enabled Basic authentication

Enabled Integrated Windows authentication

Disabled anonymous access

Note:If you need to use SSL on the Exchange virtual directory, you may
create the Exchange-OMA virtual directory for the OMA and ActiveSync and
don't use SSL on the Exchange-OMA virtual directory.

For OMA virtual directory and Microsoft-Server-ActiveSync virtual directory:

1. Open IIS Manager

2. Open properties of OMA virtual directory and Microsoft-Server-ActiveSync
virtual directory respectively.

3. Select Directory Security tab

4. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods

Uncheck Enable anonymous access

Uncheck Integrated Windows authentication

Check Basic authentication

After that, please restart the IIS Admin Service (services.msc) and then
verify the issue.

II. if issue still occur, refer to the KB article 883380 to rebuild the
DS2MB of IIS server and manually create exchange-oma VD to see if the issue

Step 1: Rebuild the DS2MB of IIS server. To do so:

1. Go to Internet Services Manager and delete the following virtual






2. Open Metabase Explorer and expand LM > DS2MB > HighWaterMarks > GUID

3. Double click the entry which has a 5-digit number in the data folder in
the right pane of the GUID folder.

4. Replace the number in the Data field with 0 (zero) and then click OK.
Close Metaedit

5. Run services.msc and right click IIS Admin Service, and then click
Restart to restart the service.

6. Restart the System Attendant. After that, these virtual directories can
be created.

7. Then please re-run CEICW to configure network connection.

More detailed information is addressed in the following article:

883380 How to reset the default virtual directories for Outlook Web Access
in Exchange Server 2003

I hope this helps some.


Author Closing Comment

ID: 36580364
Thanks for a great reply,

In all the solutions I've read everyone said to look in the
exchange virtual directory. Now I see my problem was in the exchange-oma directory. Under security, it was set to access denied to all accept a few IP adresses. I think someone manually changed this because all the local client IP's where filled in. Weird..

Thanks louisreeves

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Duplicated remover for Exchange mailboxes 11 67
SBS2008  and SQL 10 72
SBS 2011 Rollup 18 79
Increase size of DHCP scope? 16 61
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now