DanJourno
asked on
https / outlook anywhere suddenly not working
Hi,
I manage a server thats been running fine for months.
Suddently, all the Outlook Anywhere users couldnt connect to Exchange over HTTPS.
If I go to https://server.company.com/Exchange, it comes up with a certificate warning containing a random URL of www.ktdwvm554ydad2ht3sg.net.
If I try the same but http://server.company.com/exchange it works fine.
I've used wireshark and netstat to try to diagnose what is happening, but when I use https (port 443), wireshark receives nothing. I've double checked too.
I also checked the ADSL router to ensure the virtual port mapping hasnt been messed with, but its all fine.
Any ideas what could be happening with the port 443 traffic?
Thanks
Dan
I manage a server thats been running fine for months.
Suddently, all the Outlook Anywhere users couldnt connect to Exchange over HTTPS.
If I go to https://server.company.com/Exchange, it comes up with a certificate warning containing a random URL of www.ktdwvm554ydad2ht3sg.net.
If I try the same but http://server.company.com/exchange it works fine.
I've used wireshark and netstat to try to diagnose what is happening, but when I use https (port 443), wireshark receives nothing. I've double checked too.
I also checked the ADSL router to ensure the virtual port mapping hasnt been messed with, but its all fine.
Any ideas what could be happening with the port 443 traffic?
Thanks
Dan
ASKER
I checked https://localhost/exchange and thats working fine and serving the right cert.
I also thought it was a proxy issue, however ive checked from multiple locations, and they are all finding the same issue.
Its as if port 443 traffic is being transferred somewhere else.
I also thought it was a proxy issue, however ive checked from multiple locations, and they are all finding the same issue.
Its as if port 443 traffic is being transferred somewhere else.
ASKER
Also, when you tell the browser to ignore the bad cert, OWA doesn't show. Just comes up with the standard server can't be found message.
ok, so somewhere your https traffic is being intercepted, because the server is handling correctly. check the internet settings in IE and ensure there is no proxy listed there, if a proxy is listed there it could change the port so you wouldnt find it in wireshark. try a different web browser which does not read the IE proxy settings.
if you still cant find it, open wireshark, start sniffing and start running a youtube video, look for a LOT of traffic happening on a nonstandard port (not 80 or 443) that will tell you which port your webtraffic is being kicked down.
if you still cant find it, open wireshark, start sniffing and start running a youtube video, look for a LOT of traffic happening on a nonstandard port (not 80 or 443) that will tell you which port your webtraffic is being kicked down.
ASKER
I did the following on the ADSL router in the office that has the exchange server.
Usually the public 443 port is pointed to port 443 on the server's private IP.
I changed the mapping so that public:444 is mapped to server:443. (see attached screenshot)
Now, server:444 works fine and brings up exchange
In theory, 443 shouldnt work at all, but its still bringing up the bad cert.
I've checked from multiple PCs and multiple broadband connections. It makes no sense.
Can an adsl router be corrupted to forward data somewhere else without displaying the forward on the admin panel?
temp.jpg
Usually the public 443 port is pointed to port 443 on the server's private IP.
I changed the mapping so that public:444 is mapped to server:443. (see attached screenshot)
Now, server:444 works fine and brings up exchange
In theory, 443 shouldnt work at all, but its still bringing up the bad cert.
I've checked from multiple PCs and multiple broadband connections. It makes no sense.
Can an adsl router be corrupted to forward data somewhere else without displaying the forward on the admin panel?
temp.jpg
ASKER
ASKER
It must be a virus on 192.168.11.15, but how can I remove the UPnP entries?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I managed to resolve the solution.
it honestly sounds like there is some proxying going on @ the IE level.