?
Solved

https / outlook anywhere suddenly not working

Posted on 2011-10-31
9
Medium Priority
?
672 Views
Last Modified: 2012-05-12
Hi,

I manage a server thats been running fine for months.

Suddently, all the Outlook Anywhere users couldnt connect to Exchange over HTTPS.
If I go to https://server.company.com/Exchange, it comes up with a certificate warning containing a random URL of www.ktdwvm554ydad2ht3sg.net.
If I try the same but http://server.company.com/exchange it works fine.

I've used wireshark and netstat to try to diagnose what is happening, but when I use https (port 443), wireshark receives nothing. I've double checked too.
I also checked the ADSL router to ensure the virtual port mapping hasnt been messed with, but its all fine.

Any ideas what could be happening with the port 443 traffic?

Thanks
Dan
0
Comment
Question by:DanJourno
  • 7
  • 2
9 Comments
 
LVL 4

Expert Comment

by:xanandu
ID: 37058760
try on the server itself to go to https://localhost/exchange to see whats going on, if you get the error message there, ensure that the SSL certificate that is attached to the OWA site is infact the cert that you authorized originally. if it is not, you have a problem where a certificate has been changed without you knowing, and you have to look at who has access to this kind of system modification. If you do not get the error, ensure that the client that you are using to connect to OWA is not running through a proxy, explicit or implicit (check network settings in IE for proxy settings, if no proxy try a different network connection (different ISP ideally))

it honestly sounds like there is some proxying going on @ the IE level.
0
 
LVL 5

Author Comment

by:DanJourno
ID: 37058773
I checked https://localhost/exchange and thats working fine and serving the right cert.

I also thought it was a proxy issue, however ive checked from multiple locations, and they are all finding the same issue.

Its as if port 443 traffic is being transferred somewhere else.
0
 
LVL 5

Author Comment

by:DanJourno
ID: 37058818
Also, when you tell the browser to ignore the bad cert, OWA doesn't show. Just comes up with the standard server can't be found message.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Expert Comment

by:xanandu
ID: 37058824
ok, so somewhere your https traffic is being intercepted, because the server is handling correctly. check the internet settings in IE and ensure there is no proxy listed there, if a proxy is listed there it could change the port so you wouldnt find it in wireshark. try a different web browser which does not read the IE proxy settings.

if you still cant find it, open wireshark, start sniffing and start running a youtube video, look for a LOT of traffic happening on a nonstandard port (not 80 or 443) that will tell you which port your webtraffic is being kicked down.
0
 
LVL 5

Author Comment

by:DanJourno
ID: 37058878
I did the following on the ADSL router in the office that has the exchange server.

Usually the public 443 port is pointed to port 443 on the server's private IP.

I changed the mapping so that public:444 is mapped to server:443. (see attached screenshot)

Now, server:444 works fine and brings up exchange
In theory, 443 shouldnt work at all, but its still bringing up the bad cert.

I've checked from multiple PCs and multiple broadband connections. It makes no sense.

Can an adsl router be corrupted to forward data somewhere else without displaying the forward on the admin panel?
temp.jpg
0
 
LVL 5

Author Comment

by:DanJourno
ID: 37058939
Just found this on the router!

No idea what its doing there.

test.jpg
0
 
LVL 5

Author Comment

by:DanJourno
ID: 37058963
It must be a virus on 192.168.11.15, but how can I remove the UPnP entries?
0
 
LVL 5

Accepted Solution

by:
DanJourno earned 0 total points
ID: 37059094
One of the users on the network installed TOR (https://www.torproject.org) and it created the UPnP entries.

Ive uninstalled it and restarted the router. All ok now.

Thanks for your help.
0
 
LVL 5

Author Closing Comment

by:DanJourno
ID: 37087310
I managed to resolve the solution.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am posting this in case anyone runs into similar issues that I did, this may save you a lot of grief: Condition: 1. Your NetBIOS domain name contains an ampersand " & " character.  (e.g. AT&T) 2. You've tried to run any Microsoft installation…
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question