OWA / Companyweb Connection Problem

Hi,

I am having a number of issues related to OWA, company web etc. When I try and browse the OWA website using https://server-ip/owa, https://servername/owa or https://servername.domain/owa both are not resolving on both the server and the client PC's internally or externally.

When I use https://localhost/owa this works fine on the server; thou I do get a server certifcate error . I have run nslookup and the response is correct. I have not applied any updates before this error started happening. This in-turn has had a knock on effect that I can not resolve autodiscovery for outlook anywhere.

The server has been setup with a comercial certifcate.
I have ran both the best practicies wizard, and the fix my network and they haven't resolved the problem. Thou did come back with the following errors:

 HTTP Port (TCP 80) Status :  
 The System process should listen on Port 80, but that port is owned by the process.
 
  HTTPS Port (TCP 443) Status :  
 The System process should listen on Port 443, but that port is owned by the process.
 
  HTTPS Port (TCP 987) Status :  
 The System process should listen on Port 987, but that port is owned by the process.
 
  No SSL certificate is configured for the SBS SharePoint site :  
 The SBS SharePoint site is not associated with an SSL certificate. To configure a certificate for the SBS SharePoint site, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. In IIS Manager, double-click Sites, right-click SBS SharePoint, and then click Edit Bindings. In the Site Bindings dialog box, click the type for https on port 987, and click Edit. In the Edit Site Binding dialog box, select the appropriate certificate, and then click OK.
 
  User account does not show in the Windows SBS Console :  
 The user account Sharepoint does not have the attributes that are necessary for it to display in the Windows SBS Console.
 
  User account does not show in the Windows SBS Console :  
 The user account DCS_SERVER does not have the attributes that are necessary for it to display in the Windows SBS Console.


I also checked to see if the SSL port is listening using

netstat -an | findstr :443
TCP    127.0.0.1:443          0.0.0.0:0              LISTENING


I am not sure if this is correct should there be two entries?

I am also experiancing isssues is WSUS - 'the server cannot be found' but this may be as a knock on effect. All sites are running in IIS.

I would be very greatful if someone could advise me of a solution as i'm running out of ideas.

Thanks in advance

James
JAMESCWELLSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Elmar KoschkaSenior System EngineerCommented:
Please use the Connect to Internet Wizzard in SBS and after that go to https://www.testexchangeconnectivity.com/ and post output here ...
0
vmaganCommented:
what version of exchange are you running?
Have you installed any MS updates on the server recently that might have caused this issue?

I'm know this worked before, but make sure ports 80 and 443 are open. go to
www.canyouseeme.org 

make sure those two ports are open.
Make sure the 3rd party exchange certificate has not expired. If you navigate to the certificate and double click it it will give you the expiration date.

and as Elmar stated make sure to run a connectivity test at https://www.testexchangeconnectivity.com/

Let me know.

Thanks
0
JAMESCWELLSAuthor Commented:
Hi Elmar and Vmagan,

I have checked the update logs and when this occured no new updates were installed.
Using canyouseeme.org port 80 & 443 are not open, but these are forwarded on the router to the server and the firewall has the following rules:

World Wide Web Services (HTTP Traffic-In) - Port 80
World Wide Web Services (HTTPS Traffic-In) - Port 443
Secure Socket Tunneling Protocol (SSTP-In) - Port 443

In my routers logs

[LAN access from remote] from 8.23.224.110:28199 to 192.168.10.1:80
[LAN access from remote] from 8.23.224.110:28213 to 192.168.10.1:443

When running the tests -

Outlook Autodiscover

      ExRCA is attempting to test Autodiscover for testaccount@domain.com.
       Testing Autodiscover failed.
       
      Test Steps
      Attempting each method of contacting the Autodiscover service.
       The Autodiscover service couldn't be contacted successfully by any method.

The server certicate is upto date.

Thanks
James
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Elmar KoschkaSenior System EngineerCommented:
First check if your autodiscover is configured in dns.
Then deactivate the firewall on Exchange for test and reuse https://www.testexchangeconnectivity.com/
0
JAMESCWELLSAuthor Commented:
Using  https://localhost/autodiscover/autodiscover.xml on the server came back with the following.

  <?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:43:24.8125998" Id="2636412687">
  <ErrorCode>600</ErrorCode>
  <Message>Invalid Request</Message>
  <DebugData />
  </Error>
  </Response>
  </Autodiscover>


Is there another way to check autodiscover?
Thanks
0
Elmar KoschkaSenior System EngineerCommented:
Please check your authentication and SSL settings within IIS with your CAS server.

Then you can get your internalURI via powershell command.
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”
(One of my cas was still set to cas.contoso.com or something)
0
JAMESCWELLSAuthor Commented:
Hi

What should the authentication of the autodiscovery folder be set to in IIS Mangaer.
I also turned off the firewall and used canyouseeme.org again and the ports were still closed. Could it be a service on the server blocking access?

Thanks
0
Elmar KoschkaSenior System EngineerCommented:
By the way also check the other url`s
(with set you can configure it, with get you can check it) for example:
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”
Get-AutodiscoverVirtualDirectory | ft identity,internalurl
---
For internal url`s
Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceInternalUri “https://your.server/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –internalurl “https://your.server/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –internalurl “https://your.server/oab”
Set-owavirtualdirectory –Identity * –internalurl “https://your.server/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “https://your.server/ecp”
---
For external url`s
Set-AutodiscoverVirtualDirectory -Identity * –external url “https://your.server.externalurl/autodiscover/autodiscover.xml”
Set-ClientAccessServer –Identity * –AutodiscoverServiceexternalUrl “https://your.server.externalurl/autodiscover/autodiscover.xml”
Set-webservicesvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/ews/exchange.asmx”
Set-oabvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/oab”
Set-owavirtualdirectory –Identity * –externalurl “https://your.server.externalurl/owa”
Set-ecpvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/ecp”
0
Elmar KoschkaSenior System EngineerCommented:
any third party firewall or virusscan?
0
JAMESCWELLSAuthor Commented:
I was able to run the following in the exchanghe console as admin:

Set-AutodiscoverVirtualDirectory -Identity * –internalurl “https://your.server/autodiscover/autodiscover.xml”

But when running

Get-AutodiscoverVirtualDirectory -Identity * –internalurl

Get-AutodiscoverVirtualDirectory : A parameter cannot be found that matches par
ameter name 'internalurl'.
At line:1 char:58
+ Get-AutodiscoverVirtualDirectory -Identity * -internalurl <<<<
    + CategoryInfo          : InvalidArgument: (:) [Get-AutodiscoverVirtualDir
   ectory], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Exchange.Manage
   ment.SystemConfigurationTasks.GetAutodiscoverVirtualDirectory
0
JAMESCWELLSAuthor Commented:
I do have Trend Worry Free Bussiness but thats never been a problem before.
0
Elmar KoschkaSenior System EngineerCommented:
ohhh, ok. deactivate it for test :-)
0
Elmar KoschkaSenior System EngineerCommented:
"Get-AutodiscoverVirtualDirectory | ft identity,internalurl" is the right command
0
JAMESCWELLSAuthor Commented:
Sorry, typo

SERVER\Autodiscover (SBS Web App... https://mail.server.com/autodiscov....

I also disabled Trend and the Firewall and still

Error: I could not see your service on ##.###.###.## on port (443)
Reason: Connection refused
0
Elmar KoschkaSenior System EngineerCommented:
disable the firewall and your TWF services in services.msc and try reboot the server.
0
JAMESCWELLSAuthor Commented:
Hi,

Sorry it took a while I has to find a point when I could restart the server.
I disabled all trend services and restarted and still get connection refused on port 80 & 443.
:(
0
Elmar KoschkaSenior System EngineerCommented:
There must be any Programm... what says IIS Management console about this ports. webservices running on this port (website)?
0
JAMESCWELLSAuthor Commented:
Hi,

Please see below all my site bindings

http 880 - Default Website
http *8059 - OfficeScan
http *4343 - OfficeScan
http connect*80 -  SBS Client Deployement Applications
http companyweb*80 -  SBS SharePoint
https 987 - SBS SharePoint (commercial mail.domain.com certificate)
http Sites*80 - SBS Web Applications
https *443 - SBS Web Applications (commercial mail.domain.com certificate)
http *4721 - SharePoint Central Administration v3
http *8082 - Smart Scan Server
https *4345 - Smart Scan Server (server.domain.local certificate)
http *16373 - SMEX Web Site

Thanks
0
Elmar KoschkaSenior System EngineerCommented:
Shure : "http 880 - Default Website" ?
0
JAMESCWELLSAuthor Commented:
Sorry Port 80, not enought coffee :)
0
Elmar KoschkaSenior System EngineerCommented:
Please do a cmd "netstat -ao" and verify the pids in processexplorer for port 80 and 443.
0
JAMESCWELLSAuthor Commented:
Sure, these are all entries relating to Port 80 & 443

TCP    127.0.0.1:80           SERVER:0           LISTENING       4
TCP    127.0.0.1:80           SERVER:22485       ESTABLISHED     4
TCP    127.0.0.1:443          SERVER:0           LISTENING       4
0
Elmar KoschkaSenior System EngineerCommented:
ok, in iis you should change the listening ip to the right one or use "*" for all ip`s
bindings.JPG
0
JAMESCWELLSAuthor Commented:
I'm slightly confused, could you tell me which bindings need chaning:
bindings.jpg
0
Elmar KoschkaSenior System EngineerCommented:
Default Web Site and SBS Web Applications i think. please stop "sbs web applications", "sbs sharepoint", sbs client depl...." and after that restart "default web site" for test.
0
JAMESCWELLSAuthor Commented:
Sure, all stopped and default restart.
0
Elmar KoschkaSenior System EngineerCommented:
yes, please test it.
0
JAMESCWELLSAuthor Commented:
I'm not sure what you mean by test it.
When I use the browse button on the server it goes to http://localhost
This comes up as it normally does.

Do you want me to add all thoose bindings to the default website?
0
JAMESCWELLSAuthor Commented:
Hi,

Do you think it would be better to backup all users exchnage data to pst files.
Remove all PC's from the domain. Rebuild the server with the same IPs, user names, domain name, servername etc. Reinstall Trend. Alternativley I could install sbs 2011 and rebuild that way.

We only have 12 PC's here and 6 user accounts.
What would you reccomend. I can't use the USB Backups as the backups don't go that far back in time.

Thanks
0
Elmar KoschkaSenior System EngineerCommented:
i dont think you shuld begin from start. no rebuild is required. you used the internet connection wizard on sbs as my post says?
0
Elmar KoschkaSenior System EngineerCommented:
what happens if you try the internal ip from a internal client pc. https://ipfromexchange/OWA, http://ipfromexchange ...
0
JAMESCWELLSAuthor Commented:
I did run the internet connection wizard, and it is still the same only avaible on localhost with port 443 not open on the server. All bindings correct and firewall port open.
0
Elmar KoschkaSenior System EngineerCommented:
please give me a screenshot of bindigns from default website
0
JAMESCWELLSAuthor Commented:
When I run
https://192.168.10.1/owa or http://192.168.10.1 on the server I get:

Internet Explorer cannot display the webpage
0
JAMESCWELLSAuthor Commented:
Default bindings attached
default-bindings.jpg
0
Elmar KoschkaSenior System EngineerCommented:
can you please bind https * 443 on this site?
0
Elmar KoschkaSenior System EngineerCommented:
and after that restart www publishingservice ...
0
JAMESCWELLSAuthor Commented:
I've added that to the bindings stopped and started.
I then went https://192.168.10.1 on the server:

Internet Explorer cannot display the webpage

I also used iisreset /noforce and opened again https://192.168.10.1 on the server with the same response.
0
Elmar KoschkaSenior System EngineerCommented:
please give me the bindings of all your sites
0
JAMESCWELLSAuthor Commented:
http *80 - Default Website
https *443 - Default Website (commercial mail.domain.com certificate)
http *8059 - OfficeScan (Disabled)
http *4343 - OfficeScan (Disabled)
http connect*80 -  SBS Client Deployement Applications (Disabled)
http companyweb*80 -  SBS SharePoint (Disabled)
https 987 - SBS SharePoint (commercial mail.domain.com certificate) (Disabled)
http Sites*80 - SBS Web Applications (Disabled)
https *443 - SBS Web Applications (commercial mail.domain.com certificate)(Disabled)
http *4721 - SharePoint Central Administration v3 (Disabled)
http *8082 - Smart Scan Server (Disabled)
https *4345 - Smart Scan Server (server.domain.local certificate) (Disabled)
http *16373 - SMEX Web Site (Disabled)

http://localhost & https://localhost work thou
0
Elmar KoschkaSenior System EngineerCommented:
please give me a screenshot of your subfolders from default web site.
0
JAMESCWELLSAuthor Commented:
Please see attached. Thanks
default-folders.jpg
0
Elmar KoschkaSenior System EngineerCommented:
Ok there must be a "Configuration Wizard for Sharepoint". please run it and after that use the "Fix My Network Wizard" again.
0
JAMESCWELLSAuthor Commented:
Ok
I'll run

C:\Program Files\Common Files\Microsoft Shared\Web server extensions\12\BIN\psconfig -cmd upgrade -inplace b2b -force

And then the "Fix My Network Wizard"
0
Elmar KoschkaSenior System EngineerCommented:
OK!
0
JAMESCWELLSAuthor Commented:
I've ran the sharepoint wizard and also the fmn wizard this gave me three issues, these were corrected by the wizard. I still get the same issue thou.
fmnw.jpg
0
Elmar KoschkaSenior System EngineerCommented:
Can you patch your exchange to actual Service pack and update rollup ?!
0
JAMESCWELLSAuthor Commented:
Which patch/sp/update rollup would that be?
Currently I  have SP3 for exchange
0
Elmar KoschkaSenior System EngineerCommented:
0
JAMESCWELLSAuthor Commented:
Hi,

Ok I've applied that rollup and still no change. Do you think I should re-run the sharepoint or the fmn wizard?
0
Elmar KoschkaSenior System EngineerCommented:
Yes, do that.
0
JAMESCWELLSAuthor Commented:
I've re-run both wizards, and I still have the same problem
0
JAMESCWELLSAuthor Commented:
In the end I re-installed to sbs 2011, corrupt IIS database the main cause.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JAMESCWELLSAuthor Commented:
The only way to ensure everything works
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.