Learn how to a build a cloud-first strategyRegister Now


Internal access to external webmail

Posted on 2011-10-19
Medium Priority
Last Modified: 2012-05-12
I'm trying to get our external webmail functional internally.  I've added mail.mycompany.com as a forward lookup zone in DNS.  I've got the affiliated A record which is the same as the host.  I've got the reverse lookup setup to point back to the internal IP address. I get the login prompt. However after 3 tries I get HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS)
I've removed the reverse lookup for mail.mycompany.com and get the login prompt. 3 strikes and Error: Access is denied.
Any assistance that gets me passed this hurdle is greatlyappreciated.
Question by:TereciaBurgess
  • 5
  • 4
LVL 21

Expert Comment

by:Hendrik Wiese
ID: 36995129
Ok first things first.

1. Have you got a UCC SSL certificate setup? It should at least include: mail.yourcomopany.com, autodiscover.yourcompany.com and servername.company.com
2. Ensure that all services are assigned to the certificate.
3. What have you got in front of your server? ISA, TMG or Edge?

Let me know then we can go through the next step.
LVL 28

Expert Comment

ID: 36995153
Instead of using DNS, trying creating a NAT Policy in your firewall to do this ?
Let me know what firewall are you using ?

Author Comment

ID: 36995359
I should add that if I use servername/exchange or serverip/exchange internally, I can get to webmail.  I'm pretty sure this is a DNS issue.
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

LVL 28

Expert Comment

ID: 36995377
It is.
But NAT policy does a better job at this, than just Adding zones in Forward look up zone and then adding A-record to lan ip of exchange.

Let me know your firewall.
For Sonicwall Enhanced / Standard OS - Making these changes are piece of cake

Author Comment

ID: 36995445
Sunnyc7, we do not have access to the router.  This is a small business with only 2 people in the office on a DSL connection.  We need to make the changes on the server in DNS.
LVL 28

Expert Comment

ID: 36996521
ok, if that's the case, then you do not have much of an option other than what you already did.

You can inspect the DNS with dcdiag /v /e /TEST:DNS
You can also check by ping
ping mail.domain.com and see if you get a lan ip
You can Add that IP in DHCP exclusion list, so that there is no conflict.

Author Comment

ID: 36996552
DCdiag test of DNS passed.
Ping mail.mycompany.com returns e-mail server internal address
IP address is included in exclusion list of DHCP

I'm leaning toward IIS at this point.  Seems I need to be able to put \exchange after my server name in the DNS (which cannot be done) to get past the issues with the login prompt.
LVL 28

Expert Comment

ID: 36997327
Can you post a screenshot of the error please.

Accepted Solution

TereciaBurgess earned 0 total points
ID: 37001619
All, Got it working!
The problem was in IIS:
Directory Security
Authentication and Access Control
Removed "Integrated Windows Authentication"

My colleague in the office helped me find this solution.  Thank you Sunnyc7 for your assistance and patience.

Author Closing Comment

ID: 37023079
Turns out one of the people in my office had the solution for me.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question