Solved

Outlook Web access not working externally

Posted on 2011-09-27
15
315 Views
Last Modified: 2012-05-12
Out Outlook Web Access which used to work now does not. It works internally but from Outside it just gives a while screen. Not even an error. All firewall ports required are open as far as I can tell. Can anyone help?
0
Comment
Question by:Axis52401
  • 9
  • 6
15 Comments
 
LVL 21

Accepted Solution

by:
Hendrik Wiese earned 500 total points
ID: 36711367
Check to ensure that your SSL Certificate did not expire. Also ensure that your users are using HTTPS:// when accessing OWA from outside your orginization. Also check to make sure that your MX Records is still in tact.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36711520
I don't think we ever had an SSL cert. How would I check. The MX records are correct. I tried the OWA with both HTTP and HTTPS
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36711539
Open up IIS on the exchange server and right click on the default website , go to directory security and then click on server certificate ,follow the wizard
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 2

Author Comment

by:Axis52401
ID: 36711649
I'll be dammed there is one and it expires on 7/27/2011. Is there some way of bypassing it for now without renewing. I can't renew it right now. I know some servers run without it and i don't want to spend the days getting approval to renew it only to have it not fix the problem.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36711723
If it has expired it IS the reason that you cannot access OWA. If you have a certificate server on site you can renew it internally. But I would recommend using a third party provider like DigiCert.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36711739
I just want to remove it, we only have one server this one. I went in and hit remove cert and it said it removed but I still cannot access OWA, does something have to be configired or reset after doing that?
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36711746
You can use the following site as reference to renew the certificate internall:

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36712051
You would have to re-issue the certificate. OWA will not work without the SSL certificate. So follow the suggested link to install your certificate.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36713089
I got another SSL cert and it still doesn't work. Is there anything else I can try?
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36713101
Are you sure that you used the same domains that was setup on the previous certificate?
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36713124
Yes. I'm sure it is.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36713139
if you browse to https://yourcasserver/OWA what do you get?

Also try https://www.testexchangeconnectivity.com/ and let me know if it helps?
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36713155
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36713185
The first one I get a blank page.

The second I get the below. What jumps out at me is that is connects to an SSL but it seems to be getting one off our Sonicwall Firewall and not the mail server. The IP address  192.168.168.168 is what the sonicwall comes as out of the box but not what it currently is. Do you think its somehow getting in the way of the transmission to the ssl?




https://www.testexchangeconnectivity.com


ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.mydomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.mydomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.mydomain.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US, Issuer: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name mail.mydomain.com doesn't match any name found on the server certificate CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
0
 
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36713287
In the testexchangeconnectivity it states the following:

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.

So your certificate is not valid. And yes I do think that the sonicWall is responsible for this. I have never worked with sonicWall firewalls so you would have to search their knowledgebase to find out how you should configure the exchange SSL certificate on it.

You can search their knowledgebase here or maybe phone their support department and find out how you should go about it.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In-place Upgrading Dirsync to Azure AD Connect
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question