Solved

Configure OWA on Exchange 2010

Posted on 2012-03-31
24
1,143 Views
Last Modified: 2012-04-18
Hi Everyone,

I've got a few questions about configuring OWA in Exchange 2010. Hope to get some good advice which will help me in the right direction.

I'm setting up a new domain on a SBS2011 machine, freshly installed. I've configured mail flow in Exchange 2010 allready, and now I want to configure Outlook Web App. Poeple must be able to access it from the internet trough a https address. I'll get a thrusted certificate later, as I presume that OWA can work without it also. Is that correct?

Here is what I did so far;

- I configured DNS both on the SBS2011 and the ISP, to point to the right server in my company. I also forwarded port 443 on my firewall to the SBS2011 server.

- In Exchange I configured the Internal and External URL to be the same. https://webmail.mydomain.com/owa

OWAowa3
When I did this, Exchange pops up a message that I have to do the same for the EPC virtual directory.....

owa2
So thats what I did....

sgasdgz
The questions I have are as follows;

1. When I try to access https://webmail.mydomain.com/owa from the internet. I get the following message in my browser..... How can I fix this?

owa4
2. Am I on the right track here with configuring OWA? Or do I have to configure other things in Exchange in order to get it to work properly (besides installing a certificate)?

Thanks in advance!
0
Comment
Question by:SvenIA
  • 10
  • 8
  • 3
  • +1
24 Comments
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37790544
SBS have a Connect to the Internet wizzard. Run this and that should configure all settings for you. A valid cert is possible for owa and autodiscover....
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37790567
This Side can help you if you have problems to find them https://www.testexchangeconnectivity.com/
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37790650
Just try by opening Port 80 on firewall too. Also confirm if you have the correct certificate installed on the CAS and what authentication method you are using.
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37791052
From the error message that you have posted above. It looks like there is IP based restriction configured.

Please follow the below article and check if you have any restriction set.

http://technet.microsoft.com/en-us/library/cc730889.aspx

Let me know if it doesn't work then I'll tell you what to do next.

~ Singh
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37791155
Hi Singh,

I followed the instructions on the site. The management Service wasn't started, so I selected the 'Enable remote connections' box. The settings are configured as shown in the pic below,

IIS Settings
I tried to reach OWA again from the internet, but still the same error. I hope you can help me some more.

> Svenster
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37791194
ok. So IP based restrictions are not there.

1. log on to server
2. open the browser
3. Browse https://localhost/owa

Post the results you get.
~ Singh
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37791855
I get the OWA login screen. So that looks good!
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37792435
ok..That means there is nothing wrong with OWA Virtual directory.

1. Instead of server, not try browsing https://servername/owa from Server itself.
2. If above works then try browsing the above Urls from a client machine.

Let me know the results.

~ Singh
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37794603
Also check the IIS logs for the error messages and the firewall logs. The logs will tell you what events you are getting when accessing the URL. Also check if port 80 and 443 is allowed on firewall.
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37795416
Browsing to https://servername/owa from a workstation and from the server it self also takes me to the OWA logon page, so that works fine.

Port 443 and port 80 are both open on my NetGear firewall. I still get the "not authorized" page when connecting to OWA from the internet.
0
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37795423
i think your external URL for OWA is not set correctly. Please look at https://www.testexchangeconnectivity.com/ as my post before. you allready done this ??
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37795425
ok.. It should be something in your network blocking it.

everything looks okay to me on Exchange but we can still verify it by doing following step.

1. Browse the https://webmail.mydomain.com and see it works or not
2. Browse the https://webmail.mydomain.com/owa and look at the IIS logs and see if it's hitting the Exchange server or not.

May I know the actual URL? I would like to browse it from Internet.

~ Singh
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 7

Author Comment

by:SvenIA
ID: 37795459
Can I send you a private message somehow Singh?
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37795482
I'm not sure if ExpertExchange policies allow it.

~ Singh
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37795505
ok I'll just post it here then.

https://webmail.iagroep.com/owa

I don't have a certificate installed yet, so you'll get the certificate warning page first.
0
 
LVL 7

Expert Comment

by:abdulalikhan
ID: 37795632
Please confirm are you using form based authentication or not?

I suggest you use the form based authentication.
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37795726
@ abdulalikhan

I use form based authentication.....

form based ath.
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37796851
Alright.. There are 2 things that I would like to verify.

1. Owa URL webmail.iagroep.com resolves to 92.68.58.91. Do you have proper NATting for this IP and is it NATted to one of the IP addresses of Exchange Server?

2. Certificate warning that I have received, it shows that you have certificate installed for webmail.inburoarnhem.com. Could you verify if you really have certificate with "webmail.inburoarnhem.com" domain name?

3. Go to this web link and check if you have IPv4 address restriction Module installed.

http://technet.microsoft.com/en-us/library/cc725769(v=ws.10).aspx

~ Singh
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37799577
1. Yes I have proper natting on my firewall.

Traffic on 92.68.58.91 on port 80 and 443 forwarded to the ip address of the server with Exchange 2010 installed.

2. The thing is that I'm setting up the new domain in a Vlan besides my actual SBS2003 live network. To test OWA on the new machine I change the firewall rules everytime. OWA on the SBS2003 had a certificate for webmail.ingburoarnhem.com. I think when you tested it, the firewall was point the port 443 traffic to the SBS2003.

I configured te new settings now, if you can check again?

3. The module is installed
0
 
LVL 3

Accepted Solution

by:
Padamdeep earned 500 total points
ID: 37800213
This error is thrown by your Exchange Server.

Could you go to Default Web Site and Double click on "IP restriction" Module in middle pane and check if anything is denied or allowed?

~ Singh
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37800393
The list of IP and Domain restrictions for the default website is empty. When I click 'edit feature settings' the settings look like in the pic below. Same for server level.

restrictions
Do I have to configure an allow entry or something?
0
 
LVL 7

Author Comment

by:SvenIA
ID: 37800473
Singh,

I guess you where right about the certificate not being correct. It uses the certificate from the old server I guess. The one with webmail.ingburoarnhem.com.

How can I get it to go to the new server instead?
0
 
LVL 3

Expert Comment

by:Padamdeep
ID: 37802422
certificate warning is not a problem for owa. Why I asked that question because I wanted to be 100% sure that we are hitting right server or not.


This time look at the IIS logs and search for "403". Paste some of those lines over here with error 403

~ Singh
0
 
LVL 7

Author Closing Comment

by:SvenIA
ID: 37859839
Thanks for all the help!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now