Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 329
  • Last Modified:

Outlook Web access not working externally

Out Outlook Web Access which used to work now does not. It works internally but from Outside it just gives a while screen. Not even an error. All firewall ports required are open as far as I can tell. Can anyone help?
0
Axis52401
Asked:
Axis52401
  • 9
  • 6
1 Solution
 
Hendrik WieseCommented:
Check to ensure that your SSL Certificate did not expire. Also ensure that your users are using HTTPS:// when accessing OWA from outside your orginization. Also check to make sure that your MX Records is still in tact.
0
 
Axis52401Security AnalystAuthor Commented:
I don't think we ever had an SSL cert. How would I check. The MX records are correct. I tried the OWA with both HTTP and HTTPS
0
 
Hendrik WieseCommented:
Open up IIS on the exchange server and right click on the default website , go to directory security and then click on server certificate ,follow the wizard
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Axis52401Security AnalystAuthor Commented:
I'll be dammed there is one and it expires on 7/27/2011. Is there some way of bypassing it for now without renewing. I can't renew it right now. I know some servers run without it and i don't want to spend the days getting approval to renew it only to have it not fix the problem.
0
 
Hendrik WieseCommented:
If it has expired it IS the reason that you cannot access OWA. If you have a certificate server on site you can renew it internally. But I would recommend using a third party provider like DigiCert.
0
 
Axis52401Security AnalystAuthor Commented:
I just want to remove it, we only have one server this one. I went in and hit remove cert and it said it removed but I still cannot access OWA, does something have to be configired or reset after doing that?
0
 
Hendrik WieseCommented:
You can use the following site as reference to renew the certificate internall:

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
0
 
Hendrik WieseCommented:
You would have to re-issue the certificate. OWA will not work without the SSL certificate. So follow the suggested link to install your certificate.
0
 
Axis52401Security AnalystAuthor Commented:
I got another SSL cert and it still doesn't work. Is there anything else I can try?
0
 
Hendrik WieseCommented:
Are you sure that you used the same domains that was setup on the previous certificate?
0
 
Axis52401Security AnalystAuthor Commented:
Yes. I'm sure it is.
0
 
Hendrik WieseCommented:
if you browse to https://yourcasserver/OWA what do you get?

Also try https://www.testexchangeconnectivity.com/ and let me know if it helps?
0
 
Hendrik WieseCommented:
0
 
Axis52401Security AnalystAuthor Commented:
The first one I get a blank page.

The second I get the below. What jumps out at me is that is connects to an SSL but it seems to be getting one off our Sonicwall Firewall and not the mail server. The IP address  192.168.168.168 is what the sonicwall comes as out of the box but not what it currently is. Do you think its somehow getting in the way of the transmission to the ssl?




https://www.testexchangeconnectivity.com


ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.mydomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.mydomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.mydomain.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US, Issuer: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name mail.mydomain.com doesn't match any name found on the server certificate CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
0
 
Hendrik WieseCommented:
In the testexchangeconnectivity it states the following:

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.

So your certificate is not valid. And yes I do think that the sonicWall is responsible for this. I have never worked with sonicWall firewalls so you would have to search their knowledgebase to find out how you should configure the exchange SSL certificate on it.

You can search their knowledgebase here or maybe phone their support department and find out how you should go about it.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now