?
Solved

Outlook Web App working on internal network but not from an external network

Posted on 2012-03-29
12
Medium Priority
?
670 Views
Last Modified: 2012-06-21
Hello,

I'm setting up an Exchange 2010 infrastructure, and am in the lucky situation of having four Exchange servers.  My company has a single domain and one site.  Two of the servers are running the Client Access Server and Hub Transport roles, and the other two servers are running the Mailbox roles and a DAG.  I'm using Windows Network Load Balancing on the first two servers and a CAS array.  Connecting to https://mail.domain name/owa works fine internally, but I can't get it to work when connecting from an external network - the OWA login page won't display.  I've checked the firewall settings, and been in touch with the firewall provider who has confirmed that the packets are correctly being forwarded to the CAS array.

Can anyone help?
0
Comment
Question by:vphul
  • 8
  • 4
12 Comments
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37781836
check FBA (Form Based Authentication) in exchange, open EMC | Server Configuration | Client Access | Outlook Web Access | Authentication | Logon Format.

Do you have SBS or Server environment, IIS will be different in each. Either way if the above doesn't get the logon screen to show we'll move into IIS.
0
 

Author Comment

by:vphul
ID: 37781954
Hello Works2011,

The authentication for Outlook Web App is set to Use forms-based authentication, and Logon format is domain\username.

The servers are running Windows 2008 R2.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37781971
what error do you get from your browser, is it access denied? Please show screen shot or provide info.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:vphul
ID: 37782212
I get Internet Explorer cannot display the webpage.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37782447
have you got all the updates for IE, cleared cache and tried another computer with IE. Could reset as well. Usually if the problem is with IIS you get an HTTP error, doesn't sound like IIS is kicking back the request sounds more like IE not resolving.

None of the errors show up on this page.
0
 

Author Comment

by:vphul
ID: 37782574
I've tried it on my Android smartphone, and it doesn't work on that either when using different wireless networks. There are no error numbers in IE at all.
0
 

Author Comment

by:vphul
ID: 37782676
I've also tried another laptop, and Google Chrome, and still no luck. :-(
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 37782745
I had an error like this and the problem was with the firewall, IIS errors are often reported with an access denied / http error meaning the content is passed through to IIS, I'm not confident all the data is getting to IIS. As well without the firewall (internal) it's working fine.
0
 

Author Comment

by:vphul
ID: 37786410
Thanks Works2011 for all your advice.  We have Watchguard firewalls, and I'm going to contact Watchguard again about this matter.
0
 

Author Comment

by:vphul
ID: 37832022
Watchguard advised me to run Wireshark on the CAS array servers.  It seems that https traffic from an external network is reaching them, but not being acknowledged.  Please see screenshots of data captured when accessing https://mail.domainname/owa internally and externally.
External.docx
Internal.docx
0
 

Accepted Solution

by:
vphul earned 0 total points
ID: 37842013
I'm pleased to report that this matter has been resolved.

I am using NLB in unicast mode and discovered that you have to enable IP forwarding on the NLB LAN nic on each server.

IP forwarding should be enabled on each cluster member’s NLB LAN NIC.  By default, Windows 2008/2008 R2 disables IP forwarding, which causes problems with NLB.  IP forwarding enabled allows, from an NLB perspective, requests sent from one NIC to be sent out the other.  IP forwarding can be enabled on your NLB LAN NIC by running

netsh interface ipv4 set interface “NLB LAN” forwarding=enabled

 from a command prompt.

Many thanks to

http://info.kraftkennedy.com/blog/bid/102109/Configuring-NLB-for-Exchange-2010-CAS-Load-Balancing

for the information.
0
 

Author Closing Comment

by:vphul
ID: 37859644
By doing lots of research myself, I found the solution.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question