OWA / Companyweb Connection Problem
Hi,
I am having a number of issues related to OWA, company web etc. When I try and browse the OWA website using https://server-ip/owa, https://servername/owa or https://servername.domain/owa both are not resolving on both the server and the client PC's internally or externally.
When I use https://localhost/owa this works fine on the server; thou I do get a server certifcate error . I have run nslookup and the response is correct. I have not applied any updates before this error started happening. This in-turn has had a knock on effect that I can not resolve autodiscovery for outlook anywhere.
The server has been setup with a comercial certifcate.
I have ran both the best practicies wizard, and the fix my network and they haven't resolved the problem. Thou did come back with the following errors:
HTTP Port (TCP 80) Status :
The System process should listen on Port 80, but that port is owned by the process.
HTTPS Port (TCP 443) Status :
The System process should listen on Port 443, but that port is owned by the process.
HTTPS Port (TCP 987) Status :
The System process should listen on Port 987, but that port is owned by the process.
No SSL certificate is configured for the SBS SharePoint site :
The SBS SharePoint site is not associated with an SSL certificate. To configure a certificate for the SBS SharePoint site, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. In IIS Manager, double-click Sites, right-click SBS SharePoint, and then click Edit Bindings. In the Site Bindings dialog box, click the type for https on port 987, and click Edit. In the Edit Site Binding dialog box, select the appropriate certificate, and then click OK.
User account does not show in the Windows SBS Console :
The user account Sharepoint does not have the attributes that are necessary for it to display in the Windows SBS Console.
User account does not show in the Windows SBS Console :
The user account DCS_SERVER does not have the attributes that are necessary for it to display in the Windows SBS Console.
I also checked to see if the SSL port is listening using
netstat -an | findstr :443
TCP 127.0.0.1:443 0.0.0.0:0 LISTENING
I am not sure if this is correct should there be two entries?
I am also experiancing isssues is WSUS - 'the server cannot be found' but this may be as a knock on effect. All sites are running in IIS.
I would be very greatful if someone could advise me of a solution as i'm running out of ideas.
Thanks in advance
James
I am having a number of issues related to OWA, company web etc. When I try and browse the OWA website using https://server-ip/owa, https://servername/owa or https://servername.domain/owa both are not resolving on both the server and the client PC's internally or externally.
When I use https://localhost/owa this works fine on the server; thou I do get a server certifcate error . I have run nslookup and the response is correct. I have not applied any updates before this error started happening. This in-turn has had a knock on effect that I can not resolve autodiscovery for outlook anywhere.
The server has been setup with a comercial certifcate.
I have ran both the best practicies wizard, and the fix my network and they haven't resolved the problem. Thou did come back with the following errors:
HTTP Port (TCP 80) Status :
The System process should listen on Port 80, but that port is owned by the process.
HTTPS Port (TCP 443) Status :
The System process should listen on Port 443, but that port is owned by the process.
HTTPS Port (TCP 987) Status :
The System process should listen on Port 987, but that port is owned by the process.
No SSL certificate is configured for the SBS SharePoint site :
The SBS SharePoint site is not associated with an SSL certificate. To configure a certificate for the SBS SharePoint site, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager. In IIS Manager, double-click Sites, right-click SBS SharePoint, and then click Edit Bindings. In the Site Bindings dialog box, click the type for https on port 987, and click Edit. In the Edit Site Binding dialog box, select the appropriate certificate, and then click OK.
User account does not show in the Windows SBS Console :
The user account Sharepoint does not have the attributes that are necessary for it to display in the Windows SBS Console.
User account does not show in the Windows SBS Console :
The user account DCS_SERVER does not have the attributes that are necessary for it to display in the Windows SBS Console.
I also checked to see if the SSL port is listening using
netstat -an | findstr :443
TCP 127.0.0.1:443 0.0.0.0:0 LISTENING
I am not sure if this is correct should there be two entries?
I am also experiancing isssues is WSUS - 'the server cannot be found' but this may be as a knock on effect. All sites are running in IIS.
I would be very greatful if someone could advise me of a solution as i'm running out of ideas.
Thanks in advance
James
Elmar Koschka
Please use the Connect to Internet Wizzard in SBS and after that go to https://www.testexchangeconnectivity.com/ and post output here ...
what version of exchange are you running?
Have you installed any MS updates on the server recently that might have caused this issue?
I'm know this worked before, but make sure ports 80 and 443 are open. go to
www.canyouseeme.org
make sure those two ports are open.
Make sure the 3rd party exchange certificate has not expired. If you navigate to the certificate and double click it it will give you the expiration date.
and as Elmar stated make sure to run a connectivity test at https://www.testexchangeconnectivity.com/
Let me know.
Thanks
Have you installed any MS updates on the server recently that might have caused this issue?
I'm know this worked before, but make sure ports 80 and 443 are open. go to
www.canyouseeme.org
make sure those two ports are open.
Make sure the 3rd party exchange certificate has not expired. If you navigate to the certificate and double click it it will give you the expiration date.
and as Elmar stated make sure to run a connectivity test at https://www.testexchangeconnectivity.com/
Let me know.
Thanks
ASKER
Hi Elmar and Vmagan,
I have checked the update logs and when this occured no new updates were installed.
Using canyouseeme.org port 80 & 443 are not open, but these are forwarded on the router to the server and the firewall has the following rules:
World Wide Web Services (HTTP Traffic-In) - Port 80
World Wide Web Services (HTTPS Traffic-In) - Port 443
Secure Socket Tunneling Protocol (SSTP-In) - Port 443
In my routers logs
[LAN access from remote] from 8.23.224.110:28199 to 192.168.10.1:80
[LAN access from remote] from 8.23.224.110:28213 to 192.168.10.1:443
When running the tests -
Outlook Autodiscover
ExRCA is attempting to test Autodiscover for testaccount@domain.com.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
The server certicate is upto date.
Thanks
James
I have checked the update logs and when this occured no new updates were installed.
Using canyouseeme.org port 80 & 443 are not open, but these are forwarded on the router to the server and the firewall has the following rules:
World Wide Web Services (HTTP Traffic-In) - Port 80
World Wide Web Services (HTTPS Traffic-In) - Port 443
Secure Socket Tunneling Protocol (SSTP-In) - Port 443
In my routers logs
[LAN access from remote] from 8.23.224.110:28199 to 192.168.10.1:80
[LAN access from remote] from 8.23.224.110:28213 to 192.168.10.1:443
When running the tests -
Outlook Autodiscover
ExRCA is attempting to test Autodiscover for testaccount@domain.com.
Testing Autodiscover failed.
Test Steps
Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
The server certicate is upto date.
Thanks
James
First check if your autodiscover is configured in dns.
Then deactivate the firewall on Exchange for test and reuse https://www.testexchangeconnectivity.com/
Then deactivate the firewall on Exchange for test and reuse https://www.testexchangeconnectivity.com/
ASKER
Using https://localhost/autodiscover/autodiscover.xml on the server came back with the following.
<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:43:24.8125998" Id="2636412687">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
Is there another way to check autodiscover?
Thanks
<?xml version="1.0" encoding="utf-8" ?>
- <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
- <Response>
- <Error Time="14:43:24.8125998" Id="2636412687">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>
Is there another way to check autodiscover?
Thanks
Please check your authentication and SSL settings within IIS with your CAS server.
Then you can get your internalURI via powershell command.
Set-AutodiscoverVirtualDir
(One of my cas was still set to cas.contoso.com or something)
Then you can get your internalURI via powershell command.
Set-AutodiscoverVirtualDir
(One of my cas was still set to cas.contoso.com or something)
ASKER
Hi
What should the authentication of the autodiscovery folder be set to in IIS Mangaer.
I also turned off the firewall and used canyouseeme.org again and the ports were still closed. Could it be a service on the server blocking access?
Thanks
What should the authentication of the autodiscovery folder be set to in IIS Mangaer.
I also turned off the firewall and used canyouseeme.org again and the ports were still closed. Could it be a service on the server blocking access?
Thanks
By the way also check the other url`s
(with set you can configure it, with get you can check it) for example:
Set-AutodiscoverVirtualDir
Get-AutodiscoverVirtualDir
---
For internal url`s
Set-AutodiscoverVirtualDir
Set-ClientAccessServer –Identity * –AutodiscoverServiceIntern
Set-webservicesvirtualdire
Set-oabvirtualdirectory –Identity * –internalurl “https://your.server/oab”
Set-owavirtualdirectory –Identity * –internalurl “https://your.server/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “https://your.server/ecp”
---
For external url`s
Set-AutodiscoverVirtualDir
Set-ClientAccessServer –Identity * –AutodiscoverServiceextern
Set-webservicesvirtualdire
Set-oabvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/oab”
Set-owavirtualdirectory –Identity * –externalurl “https://your.server.externalurl/owa”
Set-ecpvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/ecp”
(with set you can configure it, with get you can check it) for example:
Set-AutodiscoverVirtualDir
Get-AutodiscoverVirtualDir
---
For internal url`s
Set-AutodiscoverVirtualDir
Set-ClientAccessServer –Identity * –AutodiscoverServiceIntern
Set-webservicesvirtualdire
Set-oabvirtualdirectory –Identity * –internalurl “https://your.server/oab”
Set-owavirtualdirectory –Identity * –internalurl “https://your.server/owa”
Set-ecpvirtualdirectory –Identity * –internalurl “https://your.server/ecp”
---
For external url`s
Set-AutodiscoverVirtualDir
Set-ClientAccessServer –Identity * –AutodiscoverServiceextern
Set-webservicesvirtualdire
Set-oabvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/oab”
Set-owavirtualdirectory –Identity * –externalurl “https://your.server.externalurl/owa”
Set-ecpvirtualdirectory –Identity * –externalurl “https://your.server.externalurl/ecp”
any third party firewall or virusscan?
ASKER
I was able to run the following in the exchanghe console as admin:
Set-AutodiscoverVirtualDir
But when running
Get-AutodiscoverVirtualDir
Get-AutodiscoverVirtualDir
ameter name 'internalurl'.
At line:1 char:58
+ Get-AutodiscoverVirtualDir
+ CategoryInfo : InvalidArgument: (:) [Get-AutodiscoverVirtualDi
ectory], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Mic
ment.SystemConfigurationTa
Set-AutodiscoverVirtualDir
But when running
Get-AutodiscoverVirtualDir
Get-AutodiscoverVirtualDir
ameter name 'internalurl'.
At line:1 char:58
+ Get-AutodiscoverVirtualDir
+ CategoryInfo : InvalidArgument: (:) [Get-AutodiscoverVirtualDi
ectory], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Mic
ment.SystemConfigurationTa
ASKER
I do have Trend Worry Free Bussiness but thats never been a problem before.
ohhh, ok. deactivate it for test :-)
"Get-AutodiscoverVirtualDi
ASKER
Sorry, typo
SERVER\Autodiscover (SBS Web App... https://mail.server.com/autodiscov....
I also disabled Trend and the Firewall and still
Error: I could not see your service on ##.###.###.## on port (443)
Reason: Connection refused
SERVER\Autodiscover (SBS Web App... https://mail.server.com/autodiscov....
I also disabled Trend and the Firewall and still
Error: I could not see your service on ##.###.###.## on port (443)
Reason: Connection refused
disable the firewall and your TWF services in services.msc and try reboot the server.
ASKER
Hi,
Sorry it took a while I has to find a point when I could restart the server.
I disabled all trend services and restarted and still get connection refused on port 80 & 443.
:(
Sorry it took a while I has to find a point when I could restart the server.
I disabled all trend services and restarted and still get connection refused on port 80 & 443.
:(
There must be any Programm... what says IIS Management console about this ports. webservices running on this port (website)?
ASKER
Hi,
Please see below all my site bindings
http 880 - Default Website
http *8059 - OfficeScan
http *4343 - OfficeScan
http connect*80 - SBS Client Deployement Applications
http companyweb*80 - SBS SharePoint
https 987 - SBS SharePoint (commercial mail.domain.com certificate)
http Sites*80 - SBS Web Applications
https *443 - SBS Web Applications (commercial mail.domain.com certificate)
http *4721 - SharePoint Central Administration v3
http *8082 - Smart Scan Server
https *4345 - Smart Scan Server (server.domain.local certificate)
http *16373 - SMEX Web Site
Thanks
Please see below all my site bindings
http 880 - Default Website
http *8059 - OfficeScan
http *4343 - OfficeScan
http connect*80 - SBS Client Deployement Applications
http companyweb*80 - SBS SharePoint
https 987 - SBS SharePoint (commercial mail.domain.com certificate)
http Sites*80 - SBS Web Applications
https *443 - SBS Web Applications (commercial mail.domain.com certificate)
http *4721 - SharePoint Central Administration v3
http *8082 - Smart Scan Server
https *4345 - Smart Scan Server (server.domain.local certificate)
http *16373 - SMEX Web Site
Thanks
Shure : "http 880 - Default Website" ?
ASKER
Sorry Port 80, not enought coffee :)
Please do a cmd "netstat -ao" and verify the pids in processexplorer for port 80 and 443.
ASKER
Sure, these are all entries relating to Port 80 & 443
TCP 127.0.0.1:80 SERVER:0 LISTENING 4
TCP 127.0.0.1:80 SERVER:22485 ESTABLISHED 4
TCP 127.0.0.1:443 SERVER:0 LISTENING 4
TCP 127.0.0.1:80 SERVER:0 LISTENING 4
TCP 127.0.0.1:80 SERVER:22485 ESTABLISHED 4
TCP 127.0.0.1:443 SERVER:0 LISTENING 4
ok, in iis you should change the listening ip to the right one or use "*" for all ip`s
bindings.JPG
bindings.JPG
ASKER
I'm slightly confused, could you tell me which bindings need chaning:
bindings.jpg
bindings.jpg
Default Web Site and SBS Web Applications i think. please stop "sbs web applications", "sbs sharepoint", sbs client depl...." and after that restart "default web site" for test.
ASKER
Sure, all stopped and default restart.
yes, please test it.
ASKER
I'm not sure what you mean by test it.
When I use the browse button on the server it goes to http://localhost
This comes up as it normally does.
Do you want me to add all thoose bindings to the default website?
When I use the browse button on the server it goes to http://localhost
This comes up as it normally does.
Do you want me to add all thoose bindings to the default website?
ASKER
Hi,
Do you think it would be better to backup all users exchnage data to pst files.
Remove all PC's from the domain. Rebuild the server with the same IPs, user names, domain name, servername etc. Reinstall Trend. Alternativley I could install sbs 2011 and rebuild that way.
We only have 12 PC's here and 6 user accounts.
What would you reccomend. I can't use the USB Backups as the backups don't go that far back in time.
Thanks
Do you think it would be better to backup all users exchnage data to pst files.
Remove all PC's from the domain. Rebuild the server with the same IPs, user names, domain name, servername etc. Reinstall Trend. Alternativley I could install sbs 2011 and rebuild that way.
We only have 12 PC's here and 6 user accounts.
What would you reccomend. I can't use the USB Backups as the backups don't go that far back in time.
Thanks
i dont think you shuld begin from start. no rebuild is required. you used the internet connection wizard on sbs as my post says?
what happens if you try the internal ip from a internal client pc. https://ipfromexchange/OWA, http://ipfromexchange ...
ASKER
I did run the internet connection wizard, and it is still the same only avaible on localhost with port 443 not open on the server. All bindings correct and firewall port open.
please give me a screenshot of bindigns from default website
ASKER
When I run
https://192.168.10.1/owa or http://192.168.10.1 on the server I get:
Internet Explorer cannot display the webpage
https://192.168.10.1/owa or http://192.168.10.1 on the server I get:
Internet Explorer cannot display the webpage
ASKER
Default bindings attached
default-bindings.jpg
default-bindings.jpg
can you please bind https * 443 on this site?
and after that restart www publishingservice ...
ASKER
I've added that to the bindings stopped and started.
I then went https://192.168.10.1 on the server:
Internet Explorer cannot display the webpage
I also used iisreset /noforce and opened again https://192.168.10.1 on the server with the same response.
I then went https://192.168.10.1 on the server:
Internet Explorer cannot display the webpage
I also used iisreset /noforce and opened again https://192.168.10.1 on the server with the same response.
please give me the bindings of all your sites
ASKER
http *80 - Default Website
https *443 - Default Website (commercial mail.domain.com certificate)
http *8059 - OfficeScan (Disabled)
http *4343 - OfficeScan (Disabled)
http connect*80 - SBS Client Deployement Applications (Disabled)
http companyweb*80 - SBS SharePoint (Disabled)
https 987 - SBS SharePoint (commercial mail.domain.com certificate) (Disabled)
http Sites*80 - SBS Web Applications (Disabled)
https *443 - SBS Web Applications (commercial mail.domain.com certificate)(Disabled)
http *4721 - SharePoint Central Administration v3 (Disabled)
http *8082 - Smart Scan Server (Disabled)
https *4345 - Smart Scan Server (server.domain.local certificate) (Disabled)
http *16373 - SMEX Web Site (Disabled)
http://localhost & https://localhost work thou
https *443 - Default Website (commercial mail.domain.com certificate)
http *8059 - OfficeScan (Disabled)
http *4343 - OfficeScan (Disabled)
http connect*80 - SBS Client Deployement Applications (Disabled)
http companyweb*80 - SBS SharePoint (Disabled)
https 987 - SBS SharePoint (commercial mail.domain.com certificate) (Disabled)
http Sites*80 - SBS Web Applications (Disabled)
https *443 - SBS Web Applications (commercial mail.domain.com certificate)(Disabled)
http *4721 - SharePoint Central Administration v3 (Disabled)
http *8082 - Smart Scan Server (Disabled)
https *4345 - Smart Scan Server (server.domain.local certificate) (Disabled)
http *16373 - SMEX Web Site (Disabled)
http://localhost & https://localhost work thou
please give me a screenshot of your subfolders from default web site.
ASKER
Please see attached. Thanks
default-folders.jpg
default-folders.jpg
Ok there must be a "Configuration Wizard for Sharepoint". please run it and after that use the "Fix My Network Wizard" again.
ASKER
Ok
I'll run
C:\Program Files\Common Files\Microsoft Shared\Web server extensions\12\BIN\psconfig
And then the "Fix My Network Wizard"
I'll run
C:\Program Files\Common Files\Microsoft Shared\Web server extensions\12\BIN\psconfig
And then the "Fix My Network Wizard"
OK!
ASKER
I've ran the sharepoint wizard and also the fmn wizard this gave me three issues, these were corrected by the wizard. I still get the same issue thou.
fmnw.jpg
fmnw.jpg
Can you patch your exchange to actual Service pack and update rollup ?!
ASKER
Which patch/sp/update rollup would that be?
Currently I have SP3 for exchange
Currently I have SP3 for exchange
ASKER
Hi,
Ok I've applied that rollup and still no change. Do you think I should re-run the sharepoint or the fmn wizard?
Ok I've applied that rollup and still no change. Do you think I should re-run the sharepoint or the fmn wizard?
Yes, do that.
ASKER
I've re-run both wizards, and I still have the same problem
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The only way to ensure everything works