Solved

Outlook Web access not working externally

Posted on 2011-09-27
15
283 Views
Last Modified: 2012-05-12
Out Outlook Web Access which used to work now does not. It works internally but from Outside it just gives a while screen. Not even an error. All firewall ports required are open as far as I can tell. Can anyone help?
0
Comment
Question by:Axis52401
  • 9
  • 6
15 Comments
 
LVL 20

Accepted Solution

by:
Hendrik Wiese earned 500 total points
ID: 36711367
Check to ensure that your SSL Certificate did not expire. Also ensure that your users are using HTTPS:// when accessing OWA from outside your orginization. Also check to make sure that your MX Records is still in tact.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36711520
I don't think we ever had an SSL cert. How would I check. The MX records are correct. I tried the OWA with both HTTP and HTTPS
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36711539
Open up IIS on the exchange server and right click on the default website , go to directory security and then click on server certificate ,follow the wizard
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36711649
I'll be dammed there is one and it expires on 7/27/2011. Is there some way of bypassing it for now without renewing. I can't renew it right now. I know some servers run without it and i don't want to spend the days getting approval to renew it only to have it not fix the problem.
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36711723
If it has expired it IS the reason that you cannot access OWA. If you have a certificate server on site you can renew it internally. But I would recommend using a third party provider like DigiCert.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36711739
I just want to remove it, we only have one server this one. I went in and hit remove cert and it said it removed but I still cannot access OWA, does something have to be configired or reset after doing that?
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36711746
You can use the following site as reference to renew the certificate internall:

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36712051
You would have to re-issue the certificate. OWA will not work without the SSL certificate. So follow the suggested link to install your certificate.
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36713089
I got another SSL cert and it still doesn't work. Is there anything else I can try?
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36713101
Are you sure that you used the same domains that was setup on the previous certificate?
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36713124
Yes. I'm sure it is.
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36713139
if you browse to https://yourcasserver/OWA what do you get?

Also try https://www.testexchangeconnectivity.com/ and let me know if it helps?
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36713155
0
 
LVL 2

Author Comment

by:Axis52401
ID: 36713185
The first one I get a blank page.

The second I get the below. What jumps out at me is that is connects to an SSL but it seems to be getting one off our Sonicwall Firewall and not the mail server. The IP address  192.168.168.168 is what the sonicwall comes as out of the box but not what it currently is. Do you think its somehow getting in the way of the transmission to the ssl?




https://www.testexchangeconnectivity.com


ExRCA is testing Exchange ActiveSync.
       The Exchange ActiveSync test failed.
       
      Test Steps
       
      Attempting to resolve the host name mail.mydomain.com in DNS.
       The host name resolved successfully.
       
      Additional Details
      Testing TCP port 443 on host mail.mydomain.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      ExRCA is attempting to obtain the SSL certificate from remote server mail.mydomain.com on port 443.
       ExRCA successfully obtained the remote SSL certificate.
       
      Additional Details
       Remote Certificate Subject: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US, Issuer: CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
      Validating the certificate name.
       Certificate name validation failed.
        Tell me more about this issue and how to resolve it
       
      Additional Details
       Host name mail.mydomain.com doesn't match any name found on the server certificate CN=192.168.168.168, OU=HTTPS Management Certificate for SonicWALL (self-signed), O=HTTPS Management Certificate for SonicWALL (self-signed), L=Sunnyvale, S=California, C=US.
0
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 36713287
In the testexchangeconnectivity it states the following:

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.

So your certificate is not valid. And yes I do think that the sonicWall is responsible for this. I have never worked with sonicWall firewalls so you would have to search their knowledgebase to find out how you should configure the exchange SSL certificate on it.

You can search their knowledgebase here or maybe phone their support department and find out how you should go about it.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now