Solved

OWA / Companyweb Connection Problem

Posted on 2012-03-13
55
1,681 Views
Last Modified: 2012-04-02
Hi,

I am having a number of issues related to OWA, company web etc. When I try and browse the OWA website using https://server-ip/owa, https://servername/owa or https://servername.domain/owa both are not resolving on both the server and the client PC's internally or externally.

When I use https://localhost/owa this works fine on the server; thou I do get a server certifcate error . I have run nslookup and the response is correct. I have not applied any updates before this error started happening. This in-turn has had a knock on effect that I can not resolve autodiscovery for outlook anywhere.

The server has been setup with a comercial certifcate.
I have ran both the best practicies wizard, and the fix my network and they haven't resolved the problem. Thou did come back with the following errors:

 HTTP Port (TCP 80) Status :  
 The System process should listen on Port 80, but that port is owned by the process.
 
  HTTPS Port (TCP 443) Status :  
 The System process should listen on Port 443, but that port is owned by the process.
 
  HTTPS Port (TCP 987) Status :  
 The System process should listen on Port 987, but that port is owned by the process.
 
  No SSL certificate is configured for the SBS SharePoint site :  
 The SBS SharePoint site is not associated with an SSL certificate. To configure a certificate for the SBS SharePoint site, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. In IIS Manager, double-click Sites, right-click SBS SharePoint, and then click Edit Bindings. In the Site Bindings dialog box, click the type for https on port 987, and click Edit. In the Edit Site Binding dialog box, select the appropriate certificate, and then click OK.
 
  User account does not show in the Windows SBS Console :  
 The user account Sharepoint does not have the attributes that are necessary for it to display in the Windows SBS Console.
 
  User account does not show in the Windows SBS Console :  
 The user account DCS_SERVER does not have the attributes that are necessary for it to display in the Windows SBS Console.


I also checked to see if the SSL port is listening using

netstat -an | findstr :443
TCP    127.0.0.1:443          0.0.0.0:0              LISTENING


I am not sure if this is correct should there be two entries?

I am also experiancing isssues is WSUS - 'the server cannot be found' but this may be as a knock on effect. All sites are running in IIS.

I would be very greatful if someone could advise me of a solution as i'm running out of ideas.

Thanks in advance

James
0
Comment
Question by:JAMESCWELLS
  • 27
  • 27
55 Comments
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37714276
Please use the Connect to Internet Wizzard in SBS and after that go to https://www.testexchangeconnectivity.com/ and post output here ...
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37714395
what version of exchange are you running?
Have you installed any MS updates on the server recently that might have caused this issue?

I'm know this worked before, but make sure ports 80 and 443 are open. go to
www.canyouseeme.org

make sure those two ports are open.
Make sure the 3rd party exchange certificate has not expired. If you navigate to the certificate and double click it it will give you the expiration date.

and as Elmar stated make sure to run a connectivity test at https://www.testexchangeconnectivity.com/

Let me know.

Thanks
0
 

Author Comment

by:JAMESCWELLS
ID: 37714557
Hi Elmar and Vmagan,

I have checked the update logs and when this occured no new updates were installed.
Using canyouseeme.org port 80 & 443 are not open, but these are forwarded on the router to the server and the firewall has the following rules:

World Wide Web Services (HTTP Traffic-In) - Port 80
World Wide Web Services (HTTPS Traffic-In) - Port 443
Secure Socket Tunneling Protocol (SSTP-In) - Port 443

In my routers logs

[LAN access from remote] from 8.23.224.110:28199 to 192.168.10.1:80
[LAN access from remote] from 8.23.224.110:28213 to 192.168.10.1:443

When running the tests -

Outlook Autodiscover

      ExRCA is attempting to test Autodiscover for testaccount@domain.com.
       Testing Autodiscover failed.
       
      Test Steps
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.

The server certicate is upto date.

Thanks
James
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37714930
First check if your autodiscover is configured in dns.
Then deactivate the firewall on Exchange for test and reuse https://www.testexchangeconnectivity.com/
0
 

Author Comment

by:JAMESCWELLS
ID: 37714973
Using  https://localhost/autodiscover/autodiscover.xml on the server came back with the following.

  <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:43:24.8125998" Id="2636412687">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>


Is there another way to check autodiscover?
Thanks
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37715011
Please check your authentication and SSL settings within IIS with your CAS server.

Then you can get your internalURI via powershell command.
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”
(One of my cas was still set to cas.contoso.com or something)
0
 

Author Comment

by:JAMESCWELLS
ID: 37715062
Hi

What should the authentication of the autodiscovery folder be set to in IIS Mangaer.
I also turned off the firewall and used canyouseeme.org again and the ports were still closed. Could it be a service on the server blocking access?

Thanks
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37715063
By the way also check the other url`s
(with set you can configure it, with get you can check it) for example:
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”
Get-AutodiscoverVirtualDirectory | ft identity,internalurl
---
For internal url`s
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “https://your.server/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “https://your.server/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “https://your.server/oab”
Set-owavirtualdirectory –Identity * –internalurl “https://your.server/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “https://your.server/ecp”
---
For external url`s
Set-AutodiscoverVirtualDirectory -Identity * –external url “https://your.server.externalurl/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceexternalUrl “https://your.server.externalurl/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/oab
Set-owavirtualdirectory –Identity * –externalurl “https://your.server.externalurl/owa
Set-ecpvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/ecp
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37715102
any third party firewall or virusscan?
0
 

Author Comment

by:JAMESCWELLS
ID: 37715125
I was able to run the following in the exchanghe console as admin:

Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”

But when running

Get-AutodiscoverVirtualDirectory -Identity * –internalurl

Get-AutodiscoverVirtualDirectory : A parameter cannot be found that matches par
ameter name 'internalurl'.
At line:1 char:58
+ Get-AutodiscoverVirtualDirectory -Identity * -internalurl <<<<
    + CategoryInfo          : InvalidArgument: (:) [Get-AutodiscoverVirtualDir
   ectory], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Exchange.Manage
   ment.SystemConfigurationTasks.GetAutodiscoverVirtualDirectory
0
 

Author Comment

by:JAMESCWELLS
ID: 37715130
I do have Trend Worry Free Bussiness but thats never been a problem before.
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37715155
ohhh, ok. deactivate it for test :-)
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37715159
"Get-AutodiscoverVirtualDirectory | ft identity,internalurl" is the right command
0
 

Author Comment

by:JAMESCWELLS
ID: 37715175
Sorry, typo

SERVER\Autodiscover (SBS Web App... https://mail.server.com/autodiscov....

I also disabled Trend and the Firewall and still

Error: I could not see your service on ##.###.###.## on port (443)
Reason: Connection refused
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37715223
disable the firewall and your TWF services in services.msc and try reboot the server.
0
 

Author Comment

by:JAMESCWELLS
ID: 37715617
Hi,

Sorry it took a while I has to find a point when I could restart the server.
I disabled all trend services and restarted and still get connection refused on port 80 & 443.
:(
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37718692
There must be any Programm... what says IIS Management console about this ports. webservices running on this port (website)?
0
 

Author Comment

by:JAMESCWELLS
ID: 37719250
Hi,

Please see below all my site bindings

http 880 - Default Website
http *8059 - OfficeScan
http *4343 - OfficeScan
http connect*80 -  SBS Client Deployement Applications
http companyweb*80 -  SBS SharePoint
https 987 - SBS SharePoint (commercial mail.domain.com certificate)
http Sites*80 - SBS Web Applications
https *443 - SBS Web Applications (commercial mail.domain.com certificate)
http *4721 - SharePoint Central Administration v3
http *8082 - Smart Scan Server
https *4345 - Smart Scan Server (server.domain.local certificate)
http *16373 - SMEX Web Site

Thanks
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37719269
Shure : "http 880 - Default Website" ?
0
 

Author Comment

by:JAMESCWELLS
ID: 37719284
Sorry Port 80, not enought coffee :)
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37719298
Please do a cmd "netstat -ao" and verify the pids in processexplorer for port 80 and 443.
0
 

Author Comment

by:JAMESCWELLS
ID: 37719326
Sure, these are all entries relating to Port 80 & 443

TCP    127.0.0.1:80           SERVER:0           LISTENING       4
TCP    127.0.0.1:80           SERVER:22485       ESTABLISHED     4
TCP    127.0.0.1:443          SERVER:0           LISTENING       4
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37719337
ok, in iis you should change the listening ip to the right one or use "*" for all ip`s
bindings.JPG
0
 

Author Comment

by:JAMESCWELLS
ID: 37719365
I'm slightly confused, could you tell me which bindings need chaning:
bindings.jpg
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37719372
Default Web Site and SBS Web Applications i think. please stop "sbs web applications", "sbs sharepoint", sbs client depl...." and after that restart "default web site" for test.
0
 

Author Comment

by:JAMESCWELLS
ID: 37719385
Sure, all stopped and default restart.
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37719387
yes, please test it.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:JAMESCWELLS
ID: 37719406
I'm not sure what you mean by test it.
When I use the browse button on the server it goes to http://localhost
This comes up as it normally does.

Do you want me to add all thoose bindings to the default website?
0
 

Author Comment

by:JAMESCWELLS
ID: 37720221
Hi,

Do you think it would be better to backup all users exchnage data to pst files.
Remove all PC's from the domain. Rebuild the server with the same IPs, user names, domain name, servername etc. Reinstall Trend. Alternativley I could install sbs 2011 and rebuild that way.

We only have 12 PC's here and 6 user accounts.
What would you reccomend. I can't use the USB Backups as the backups don't go that far back in time.

Thanks
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720376
i dont think you shuld begin from start. no rebuild is required. you used the internet connection wizard on sbs as my post says?
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720388
what happens if you try the internal ip from a internal client pc. https://ipfromexchange/OWA, http://ipfromexchange ...
0
 

Author Comment

by:JAMESCWELLS
ID: 37720391
I did run the internet connection wizard, and it is still the same only avaible on localhost with port 443 not open on the server. All bindings correct and firewall port open.
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720409
please give me a screenshot of bindigns from default website
0
 

Author Comment

by:JAMESCWELLS
ID: 37720415
When I run
https://192.168.10.1/owa or http://192.168.10.1 on the server I get:

Internet Explorer cannot display the webpage
0
 

Author Comment

by:JAMESCWELLS
ID: 37720432
Default bindings attached
default-bindings.jpg
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720472
can you please bind https * 443 on this site?
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720500
and after that restart www publishingservice ...
0
 

Author Comment

by:JAMESCWELLS
ID: 37720508
I've added that to the bindings stopped and started.
I then went https://192.168.10.1 on the server:

Internet Explorer cannot display the webpage

I also used iisreset /noforce and opened again https://192.168.10.1 on the server with the same response.
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720517
please give me the bindings of all your sites
0
 

Author Comment

by:JAMESCWELLS
ID: 37720531
http *80 - Default Website
https *443 - Default Website (commercial mail.domain.com certificate)
http *8059 - OfficeScan (Disabled)
http *4343 - OfficeScan (Disabled)
http connect*80 -  SBS Client Deployement Applications (Disabled)
http companyweb*80 -  SBS SharePoint (Disabled)
https 987 - SBS SharePoint (commercial mail.domain.com certificate) (Disabled)
http Sites*80 - SBS Web Applications (Disabled)
https *443 - SBS Web Applications (commercial mail.domain.com certificate)(Disabled)
http *4721 - SharePoint Central Administration v3 (Disabled)
http *8082 - Smart Scan Server (Disabled)
https *4345 - Smart Scan Server (server.domain.local certificate) (Disabled)
http *16373 - SMEX Web Site (Disabled)

http://localhost & https://localhost work thou
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720572
please give me a screenshot of your subfolders from default web site.
0
 

Author Comment

by:JAMESCWELLS
ID: 37720611
Please see attached. Thanks
default-folders.jpg
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720625
Ok there must be a "Configuration Wizard for Sharepoint". please run it and after that use the "Fix My Network Wizard" again.
0
 

Author Comment

by:JAMESCWELLS
ID: 37720649
Ok
I'll run

C:\Program Files\Common Files\Microsoft Shared\Web server extensions\12\BIN\psconfig -cmd upgrade -inplace b2b -force

And then the "Fix My Network Wizard"
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720650
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720657
OK!
0
 

Author Comment

by:JAMESCWELLS
ID: 37720931
I've ran the sharepoint wizard and also the fmn wizard this gave me three issues, these were corrected by the wizard. I still get the same issue thou.
fmnw.jpg
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37720967
Can you patch your exchange to actual Service pack and update rollup ?!
0
 

Author Comment

by:JAMESCWELLS
ID: 37721201
Which patch/sp/update rollup would that be?
Currently I  have SP3 for exchange
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37721221
0
 

Author Comment

by:JAMESCWELLS
ID: 37721667
Hi,

Ok I've applied that rollup and still no change. Do you think I should re-run the sharepoint or the fmn wizard?
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37723618
Yes, do that.
0
 

Author Comment

by:JAMESCWELLS
ID: 37724191
I've re-run both wizards, and I still have the same problem
0
 

Accepted Solution

by:
JAMESCWELLS earned 0 total points
ID: 37776125
In the end I re-installed to sbs 2011, corrupt IIS database the main cause.
0
 

Author Closing Comment

by:JAMESCWELLS
ID: 37795051
The only way to ensure everything works
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now