Configure OWA on Exchange 2010

Hi Everyone,

I've got a few questions about configuring OWA in Exchange 2010. Hope to get some good advice which will help me in the right direction.

I'm setting up a new domain on a SBS2011 machine, freshly installed. I've configured mail flow in Exchange 2010 allready, and now I want to configure Outlook Web App. Poeple must be able to access it from the internet trough a https address. I'll get a thrusted certificate later, as I presume that OWA can work without it also. Is that correct?

Here is what I did so far;

- I configured DNS both on the SBS2011 and the ISP, to point to the right server in my company. I also forwarded port 443 on my firewall to the SBS2011 server.

- In Exchange I configured the Internal and External URL to be the same. https://webmail.mydomain.com/owa

OWAowa3
When I did this, Exchange pops up a message that I have to do the same for the EPC virtual directory.....

owa2
So thats what I did....

sgasdgz
The questions I have are as follows;

1. When I try to access https://webmail.mydomain.com/owa from the internet. I get the following message in my browser..... How can I fix this?

owa4
2. Am I on the right track here with configuring OWA? Or do I have to configure other things in Exchange in order to get it to work properly (besides installing a certificate)?

Thanks in advance!
LVL 7
SvenIAAsked:
Who is Participating?
 
PadamdeepConnect With a Mentor Commented:
This error is thrown by your Exchange Server.

Could you go to Default Web Site and Double click on "IP restriction" Module in middle pane and check if anything is denied or allowed?

~ Singh
0
 
Elmar KoschkaIT System EngineerCommented:
SBS have a Connect to the Internet wizzard. Run this and that should configure all settings for you. A valid cert is possible for owa and autodiscover....
0
 
Elmar KoschkaIT System EngineerCommented:
This Side can help you if you have problems to find them https://www.testexchangeconnectivity.com/
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
abdulalikhanCommented:
Just try by opening Port 80 on firewall too. Also confirm if you have the correct certificate installed on the CAS and what authentication method you are using.
0
 
PadamdeepCommented:
From the error message that you have posted above. It looks like there is IP based restriction configured.

Please follow the below article and check if you have any restriction set.

http://technet.microsoft.com/en-us/library/cc730889.aspx

Let me know if it doesn't work then I'll tell you what to do next.

~ Singh
0
 
SvenIAAuthor Commented:
Hi Singh,

I followed the instructions on the site. The management Service wasn't started, so I selected the 'Enable remote connections' box. The settings are configured as shown in the pic below,

IIS Settings
I tried to reach OWA again from the internet, but still the same error. I hope you can help me some more.

> Svenster
0
 
PadamdeepCommented:
ok. So IP based restrictions are not there.

1. log on to server
2. open the browser
3. Browse https://localhost/owa

Post the results you get.
~ Singh
0
 
SvenIAAuthor Commented:
I get the OWA login screen. So that looks good!
0
 
PadamdeepCommented:
ok..That means there is nothing wrong with OWA Virtual directory.

1. Instead of server, not try browsing https://servername/owa from Server itself.
2. If above works then try browsing the above Urls from a client machine.

Let me know the results.

~ Singh
0
 
abdulalikhanCommented:
Also check the IIS logs for the error messages and the firewall logs. The logs will tell you what events you are getting when accessing the URL. Also check if port 80 and 443 is allowed on firewall.
0
 
SvenIAAuthor Commented:
Browsing to https://servername/owa from a workstation and from the server it self also takes me to the OWA logon page, so that works fine.

Port 443 and port 80 are both open on my NetGear firewall. I still get the "not authorized" page when connecting to OWA from the internet.
0
 
Elmar KoschkaIT System EngineerCommented:
i think your external URL for OWA is not set correctly. Please look at https://www.testexchangeconnectivity.com/ as my post before. you allready done this ??
0
 
PadamdeepCommented:
ok.. It should be something in your network blocking it.

everything looks okay to me on Exchange but we can still verify it by doing following step.

1. Browse the https://webmail.mydomain.com and see it works or not
2. Browse the https://webmail.mydomain.com/owa and look at the IIS logs and see if it's hitting the Exchange server or not.

May I know the actual URL? I would like to browse it from Internet.

~ Singh
0
 
SvenIAAuthor Commented:
Can I send you a private message somehow Singh?
0
 
PadamdeepCommented:
I'm not sure if ExpertExchange policies allow it.

~ Singh
0
 
SvenIAAuthor Commented:
ok I'll just post it here then.

https://webmail.iagroep.com/owa

I don't have a certificate installed yet, so you'll get the certificate warning page first.
0
 
abdulalikhanCommented:
Please confirm are you using form based authentication or not?

I suggest you use the form based authentication.
0
 
SvenIAAuthor Commented:
@ abdulalikhan

I use form based authentication.....

form based ath.
0
 
PadamdeepCommented:
Alright.. There are 2 things that I would like to verify.

1. Owa URL webmail.iagroep.com resolves to 92.68.58.91. Do you have proper NATting for this IP and is it NATted to one of the IP addresses of Exchange Server?

2. Certificate warning that I have received, it shows that you have certificate installed for webmail.inburoarnhem.com. Could you verify if you really have certificate with "webmail.inburoarnhem.com" domain name?

3. Go to this web link and check if you have IPv4 address restriction Module installed.

http://technet.microsoft.com/en-us/library/cc725769(v=ws.10).aspx

~ Singh
0
 
SvenIAAuthor Commented:
1. Yes I have proper natting on my firewall.

Traffic on 92.68.58.91 on port 80 and 443 forwarded to the ip address of the server with Exchange 2010 installed.

2. The thing is that I'm setting up the new domain in a Vlan besides my actual SBS2003 live network. To test OWA on the new machine I change the firewall rules everytime. OWA on the SBS2003 had a certificate for webmail.ingburoarnhem.com. I think when you tested it, the firewall was point the port 443 traffic to the SBS2003.

I configured te new settings now, if you can check again?

3. The module is installed
0
 
SvenIAAuthor Commented:
The list of IP and Domain restrictions for the default website is empty. When I click 'edit feature settings' the settings look like in the pic below. Same for server level.

restrictions
Do I have to configure an allow entry or something?
0
 
SvenIAAuthor Commented:
Singh,

I guess you where right about the certificate not being correct. It uses the certificate from the old server I guess. The one with webmail.ingburoarnhem.com.

How can I get it to go to the new server instead?
0
 
PadamdeepCommented:
certificate warning is not a problem for owa. Why I asked that question because I wanted to be 100% sure that we are hitting right server or not.


This time look at the IIS logs and search for "403". Paste some of those lines over here with error 403

~ Singh
0
 
SvenIAAuthor Commented:
Thanks for all the help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.