[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

OWA 2003

Hi All,

We are running Exchange 2003 SP 2 in mixed mode with Exchange 5.5 (soon to be decommissioned). I have installed OWA on a server in a dmz zone, when I launch the url I get an unspecified error. I am using certificate services, when I remove the certificate I was able to see the site but not any longer. At this point I want to remove OWA through IIS and start over, unless some one knows where I went wrong! I followed this document after I was having problems and it did not help;
http://www.msexchange.org/tutorials/owa_exchange_server_2003.html

Thanks
0
Noyan Gonulsen
Asked:
Noyan Gonulsen
  • 10
  • 5
  • 4
  • +1
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Can you preferably share a screenshot of the error ?
Are you able to browse the OWA virtual directory in IIS ?
Looking at the article it will be hard to point out anything ....

- Rancy
0
 
Noyan GonulsenAuthor Commented:
Hi Rancy,

Thanks for responding, I can browse through the virtual directory. I'm thinking at this point to start from scratch and follow a document as I must have messed things up on my own!.
Exchange-error.doc
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
What IP is this ?

- Rancy
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Your cert has some domain or IIS URL right ... try that also is SSL checked on the OWA virtual directory ?

- Rancy
0
 
Noyan GonulsenAuthor Commented:
Yes it does. I use my external IP (that's the way I configured it on my firewall, easier to remember as I have multiple vlans). I will check the virtual directory as well.

Thanks,
0
 
Exchange_GeekCommented:
You're using external IP on OWA for internal folks to access it? What's the logic in this scenario? Are you using host header values in IIS?

Sorry - the point of external IP confused me literally. Now, what happens on your Exchange Server when you type in https://localhost/exchange - what do you get?

Regards,
Exchange_Geek
0
 
Simon Butler (Sembee)ConsultantCommented:
OWA in a DMZ? Now why would you do that, as there are NO valid reasons for doing so.

Did you test it internally first?

(This seems like a question from my early days the first time round, Exchange 5.5 and Exchange 2003 is a very rare combination these days).

Simon.
0
 
Noyan GonulsenAuthor Commented:
Hi Exchange_Geek,

The OWA server has an internal IP address I just choose to configure it on the firewall this way. (It's one statement on my ASA, I can always change it.) It's easier for my to remember the external IP as oppose the internal IP as I have multiple IP address schemes. The internal users won't be accessing this server.
I'm going to redo the install tomorrow and will let you know how it turns out. I'm going to install it without the cert. first and if it's a success I will try with the cert.

Thanks again for your response
0
 
Noyan GonulsenAuthor Commented:
The latest update;
I restored the IIS config file from backup and placed the OWA server in my network as oppose to the DMZ zone,. When I navigate to http://localhost/exchange I receive "The website cannot display the page" (see attached file)
Thanks,
Doc1.doc
0
 
Simon Butler (Sembee)ConsultantCommented:
Reset the virtual directories.
http://support.microsoft.com/kb/883380

Ensure that the servers are fully patched - it is key that the front end server is the same or higher than the backend servers on patch levels.

Simon.
0
 
Noyan GonulsenAuthor Commented:
Hi All,

Here is the latest update;
I have OWA working with no issue when it's internal but as soon as I put it in the DMZ zone I receive a "the page can not be displayed".  When in DMZ zone I'm asked for my credentials so my ports are open externally. Internally I have opened ports 389, 691 ,88, 1024, 135, 3268. Is there anything I'm missing?
Thanks,
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Https port 443

- Rancy
0
 
Simon Butler (Sembee)ConsultantCommented:
Why have you put the server in to a DMZ? Do you think that has increased your security? If so, then you are badly mistaken. You should not have port 135 open between a secure and less secure network. Leave Exchange where it belongs, inside the production network. You only need port 443 open for OWA, nothing else. That is better than making your firewall in to swiss cheese.

Simon.
0
 
Noyan GonulsenAuthor Commented:
Hi Simon,

Do you mean leave OWA in my production network and map an external IP to it and open 443? If so, how's that not a security risk? Perhaps I'm missing something!
The main reason for OWA is for mobile phones, they would need to VPN in on their phones to access their emails then.
0
 
Noyan GonulsenAuthor Commented:
I opened 443 internally between the two boxes and I still can not connect.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Port 443 is for Secured layer for HTTP :)

- Rancy
0
 
Simon Butler (Sembee)ConsultantCommented:
I don't consider opening port 443 to the production network a security risk.
I do consider opening all the other ports required between the DMZ and live network a security risk. You still have to open the port to the internet, and therefore exposing a domain member to the internet.

I wrote this six years ago, during my first time with EE, still relevant today:
http://blog.sembee.co.uk/post/Why-you-shouldnt-put-Exchange-2003-in-a-DMZ.aspx

Simon.
0
 
Noyan GonulsenAuthor Commented:
Sorry I didn't explain myself, the only port I have open is 443 from outside in, from inside to dmz I have ports 389, 691 ,88, 1024, 135, 3268 and 443 but still can not access my mailbox.

Thanks,
0
 
Noyan GonulsenAuthor Commented:
Hi All,

I broke down and called MS, it was a patch they supplied that fixed my issue as well as opening esp and ah between the front and back end servers on my firewall.
thank you all for your support.
0
 
Noyan GonulsenAuthor Commented:
I called MS for the solution.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 10
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now