Configure OWA on Exchange 2010

Hi Everyone,

I've got a few questions about configuring OWA in Exchange 2010. Hope to get some good advice which will help me in the right direction.

I'm setting up a new domain on a SBS2011 machine, freshly installed. I've configured mail flow in Exchange 2010 allready, and now I want to configure Outlook Web App. Poeple must be able to access it from the internet trough a https address. I'll get a thrusted certificate later, as I presume that OWA can work without it also. Is that correct?

Here is what I did so far;

- I configured DNS both on the SBS2011 and the ISP, to point to the right server in my company. I also forwarded port 443 on my firewall to the SBS2011 server.

- In Exchange I configured the Internal and External URL to be the same.

When I did this, Exchange pops up a message that I have to do the same for the EPC virtual directory.....

So thats what I did....

The questions I have are as follows;

1. When I try to access from the internet. I get the following message in my browser..... How can I fix this?

2. Am I on the right track here with configuring OWA? Or do I have to configure other things in Exchange in order to get it to work properly (besides installing a certificate)?

Thanks in advance!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Elmar KoschkaSenior System EngineerCommented:
SBS have a Connect to the Internet wizzard. Run this and that should configure all settings for you. A valid cert is possible for owa and autodiscover....
Elmar KoschkaSenior System EngineerCommented:
This Side can help you if you have problems to find them
Just try by opening Port 80 on firewall too. Also confirm if you have the correct certificate installed on the CAS and what authentication method you are using.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

From the error message that you have posted above. It looks like there is IP based restriction configured.

Please follow the below article and check if you have any restriction set.

Let me know if it doesn't work then I'll tell you what to do next.

~ Singh
SvenIAAuthor Commented:
Hi Singh,

I followed the instructions on the site. The management Service wasn't started, so I selected the 'Enable remote connections' box. The settings are configured as shown in the pic below,

IIS Settings
I tried to reach OWA again from the internet, but still the same error. I hope you can help me some more.

> Svenster
ok. So IP based restrictions are not there.

1. log on to server
2. open the browser
3. Browse https://localhost/owa

Post the results you get.
~ Singh
SvenIAAuthor Commented:
I get the OWA login screen. So that looks good!
ok..That means there is nothing wrong with OWA Virtual directory.

1. Instead of server, not try browsing https://servername/owa from Server itself.
2. If above works then try browsing the above Urls from a client machine.

Let me know the results.

~ Singh
Also check the IIS logs for the error messages and the firewall logs. The logs will tell you what events you are getting when accessing the URL. Also check if port 80 and 443 is allowed on firewall.
SvenIAAuthor Commented:
Browsing to https://servername/owa from a workstation and from the server it self also takes me to the OWA logon page, so that works fine.

Port 443 and port 80 are both open on my NetGear firewall. I still get the "not authorized" page when connecting to OWA from the internet.
Elmar KoschkaSenior System EngineerCommented:
i think your external URL for OWA is not set correctly. Please look at as my post before. you allready done this ??
ok.. It should be something in your network blocking it.

everything looks okay to me on Exchange but we can still verify it by doing following step.

1. Browse the and see it works or not
2. Browse the and look at the IIS logs and see if it's hitting the Exchange server or not.

May I know the actual URL? I would like to browse it from Internet.

~ Singh
SvenIAAuthor Commented:
Can I send you a private message somehow Singh?
I'm not sure if ExpertExchange policies allow it.

~ Singh
SvenIAAuthor Commented:
ok I'll just post it here then.

I don't have a certificate installed yet, so you'll get the certificate warning page first.
Please confirm are you using form based authentication or not?

I suggest you use the form based authentication.
SvenIAAuthor Commented:
@ abdulalikhan

I use form based authentication.....

form based ath.
Alright.. There are 2 things that I would like to verify.

1. Owa URL resolves to Do you have proper NATting for this IP and is it NATted to one of the IP addresses of Exchange Server?

2. Certificate warning that I have received, it shows that you have certificate installed for Could you verify if you really have certificate with "" domain name?

3. Go to this web link and check if you have IPv4 address restriction Module installed.

~ Singh
SvenIAAuthor Commented:
1. Yes I have proper natting on my firewall.

Traffic on on port 80 and 443 forwarded to the ip address of the server with Exchange 2010 installed.

2. The thing is that I'm setting up the new domain in a Vlan besides my actual SBS2003 live network. To test OWA on the new machine I change the firewall rules everytime. OWA on the SBS2003 had a certificate for I think when you tested it, the firewall was point the port 443 traffic to the SBS2003.

I configured te new settings now, if you can check again?

3. The module is installed
This error is thrown by your Exchange Server.

Could you go to Default Web Site and Double click on "IP restriction" Module in middle pane and check if anything is denied or allowed?

~ Singh

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SvenIAAuthor Commented:
The list of IP and Domain restrictions for the default website is empty. When I click 'edit feature settings' the settings look like in the pic below. Same for server level.

Do I have to configure an allow entry or something?
SvenIAAuthor Commented:

I guess you where right about the certificate not being correct. It uses the certificate from the old server I guess. The one with

How can I get it to go to the new server instead?
certificate warning is not a problem for owa. Why I asked that question because I wanted to be 100% sure that we are hitting right server or not.

This time look at the IIS logs and search for "403". Paste some of those lines over here with error 403

~ Singh
SvenIAAuthor Commented:
Thanks for all the help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.