Internal access to external webmail

I'm trying to get our external webmail functional internally.  I've added as a forward lookup zone in DNS.  I've got the affiliated A record which is the same as the host.  I've got the reverse lookup setup to point back to the internal IP address. I get the login prompt. However after 3 tries I get HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)
I've removed the reverse lookup for and get the login prompt. 3 strikes and Error: Access is denied.
Any assistance that gets me passed this hurdle is greatlyappreciated.
Who is Participating?
TereciaBurgessConnect With a Mentor Author Commented:
All, Got it working!
The problem was in IIS:
Directory Security
Authentication and Access Control
Removed "Integrated Windows Authentication"

My colleague in the office helped me find this solution.  Thank you Sunnyc7 for your assistance and patience.
Hendrik WieseInformation Security ManagerCommented:
Ok first things first.

1. Have you got a UCC SSL certificate setup? It should at least include:, and
2. Ensure that all services are assigned to the certificate.
3. What have you got in front of your server? ISA, TMG or Edge?

Let me know then we can go through the next step.
Instead of using DNS, trying creating a NAT Policy in your firewall to do this ?
Let me know what firewall are you using ?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

TereciaBurgessAuthor Commented:
I should add that if I use servername/exchange or serverip/exchange internally, I can get to webmail.  I'm pretty sure this is a DNS issue.
It is.
But NAT policy does a better job at this, than just Adding zones in Forward look up zone and then adding A-record to lan ip of exchange.

Let me know your firewall.
For Sonicwall Enhanced / Standard OS - Making these changes are piece of cake
TereciaBurgessAuthor Commented:
Sunnyc7, we do not have access to the router.  This is a small business with only 2 people in the office on a DSL connection.  We need to make the changes on the server in DNS.
ok, if that's the case, then you do not have much of an option other than what you already did.

You can inspect the DNS with dcdiag /v /e /TEST:DNS
You can also check by ping
ping and see if you get a lan ip
You can Add that IP in DHCP exclusion list, so that there is no conflict.
TereciaBurgessAuthor Commented:
DCdiag test of DNS passed.
Ping returns e-mail server internal address
IP address is included in exclusion list of DHCP

I'm leaning toward IIS at this point.  Seems I need to be able to put \exchange after my server name in the DNS (which cannot be done) to get past the issues with the login prompt.
Can you post a screenshot of the error please.
TereciaBurgessAuthor Commented:
Turns out one of the people in my office had the solution for me.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.