Axis52401
asked on
Outlook Web access not working externally
Out Outlook Web Access which used to work now does not. It works internally but from Outside it just gives a while screen. Not even an error. All firewall ports required are open as far as I can tell. Can anyone help?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open up IIS on the exchange server and right click on the default website , go to directory security and then click on server certificate ,follow the wizard
ASKER
I'll be dammed there is one and it expires on 7/27/2011. Is there some way of bypassing it for now without renewing. I can't renew it right now. I know some servers run without it and i don't want to spend the days getting approval to renew it only to have it not fix the problem.
If it has expired it IS the reason that you cannot access OWA. If you have a certificate server on site you can renew it internally. But I would recommend using a third party provider like DigiCert.
ASKER
I just want to remove it, we only have one server this one. I went in and hit remove cert and it said it removed but I still cannot access OWA, does something have to be configired or reset after doing that?
You can use the following site as reference to renew the certificate internall:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
You would have to re-issue the certificate. OWA will not work without the SSL certificate. So follow the suggested link to install your certificate.
ASKER
I got another SSL cert and it still doesn't work. Is there anything else I can try?
Are you sure that you used the same domains that was setup on the previous certificate?
ASKER
Yes. I'm sure it is.
if you browse to https://yourcasserver/OWA what do you get?
Also try https://www.testexchangeconnectivity.com/ and let me know if it helps?
Also try https://www.testexchangeconnectivity.com/ and let me know if it helps?
Refer to the following link to test remote connectivity: http://www.msexchange.org/articles_tutorials/exchange-server-2007/tools/exchange-server-remote-connectivity-analyzer-tool-part1.html
ASKER
The first one I get a blank page.
The second I get the below. What jumps out at me is that is connects to an SSL but it seems to be getting one off our Sonicwall Firewall and not the mail server. The IP address 192.168.168.168 is what the sonicwall comes as out of the box but not what it currently is. Do you think its somehow getting in the way of the transmission to the ssl?
https://www.testexchangeconnectivity.com
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.mydomain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.mydomain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.mydomain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US, Issuer: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name mail.mydomain.com doesn't match any name found on the server certificate CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
The second I get the below. What jumps out at me is that is connects to an SSL but it seems to be getting one off our Sonicwall Firewall and not the mail server. The IP address 192.168.168.168 is what the sonicwall comes as out of the box but not what it currently is. Do you think its somehow getting in the way of the transmission to the ssl?
https://www.testexchangeconnectivity.com
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name mail.mydomain.com in DNS.
The host name resolved successfully.
Additional Details
Testing TCP port 443 on host mail.mydomain.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server mail.mydomain.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US, Issuer: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
Validating the certificate name.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name mail.mydomain.com doesn't match any name found on the server certificate CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
In the testexchangeconnectivity it states the following:
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
So your certificate is not valid. And yes I do think that the sonicWall is responsible for this. I have never worked with sonicWall firewalls so you would have to search their knowledgebase to find out how you should configure the exchange SSL certificate on it.
You can search their knowledgebase here or maybe phone their support department and find out how you should go about it.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
So your certificate is not valid. And yes I do think that the sonicWall is responsible for this. I have never worked with sonicWall firewalls so you would have to search their knowledgebase to find out how you should configure the exchange SSL certificate on it.
You can search their knowledgebase here or maybe phone their support department and find out how you should go about it.
ASKER