Link to home
Create AccountLog in
Avatar of Lumious
LumiousFlag for United States of America

asked on

Exchange Server 2010 Webmail Issues

Hi,

Please review the following link to my 2 other Expert-Exchange Questions and the issues I have been having.  I'm now working on trying to get my webmail to work correctly.

The main issues is that when you go to webmail.domain.com it actually takes you to the SonicWALL Login page instead of the correct webmail interface.

https://www.experts-exchange.com/questions/27933122/How-to-Create-Exchange-Server-2010-MX-Records-GoDaddy-Configs-Webmail-Configs.html?anchorAnswerId=38599840#a38599840

https://www.experts-exchange.com/questions/27926711/Microsoft-Exchange-2010-Configuration-DNS-Names-Servers-DNS-Entries-ZoneEdit-DNS-GoDaddy-Domain.html?anchorAnswerId=38599865#a38599865

Any help would be greatly appreciated.

Thanks
Avatar of Aeriden
Aeriden
Flag of United States of America image

Can you provide more information on the topology of the SonicWALL (that is prompting), Exchange 2010 server, and client machine that is browsing to webmail.domain.com?  

Is the SonicWALL forwarding TCP port 80 and 443 from the public IP resolved via webmail.domain.com to the private IP address of the Exchange Server (presuming the SonicWALL is the firewall that protecting the Exchange Server, the client is accessing via the Internet and webmail.domain.com)?  Or is the client on the inside, along with the SonicWALL, and webmail.domain.com resolves to a public IP on the WAN of the SonicWALL (so it needs to do a forward/back)?  If this is the case, was the Public Server wizard used on the SonicWALL to setup forwarding TCP port 80 and 443 from the public IP to the private IP of the Exchange Server (which would then also setup 3 NAT entries on the SonicWALL)?
Avatar of Lumious

ASKER

Hi,

I will try to respond to your questions as best I can.  Sorry in advance if I misunderstand some of them with the wording provided.

Stand by for responses.

Thanks
Avatar of Lumious

ASKER

Hi,

My environment is as follows:

Comcast ISP > Modem > SonicWALL (TZ-215) > HP ProCurve (2510G-24) > 2 ESXi Servers > VM of Exchange Servers and other VM's

SonicWALL Configurations:

User generated image
User generated image
User generated image
User generated image
User generated image
User generated image
When inside the network and someone navigates to webmail.domain.com, they get the correct webmail page.  But when someone outside the network goes to webmail.domain.com, they get the SonicWALL login screen of my internal network.

We have a Static IP address not a Dynamic.  That's why we are using DynDNS.  Please review the other Expert-Exchange questions from the links that I have provided with the most updated information.

GoDaddy DNS Settings:

User generated image
The "A" record of "@" pointing to the IP of the website that GoDaddy is hosting.  Not sure if the settings inside the DNS here are correct to work with my WEBMAIL.

Please let me know if you need any other information.  I will provide the best I can.


Thanks
Avatar of Carl Dula
Assuming you can access the Exchange server and OWA from the Sonciwall, and the web server is running for OWA, all you really need to do is use the Sonciwall Wizard to create a web server.

Assuming you have a later model Sonicwall, click Wizards in the upper right hand corner. Then select "Public Server Wizard" and it defaults to Web Server. Click Next and answer the questions for the OWA web server, continuing this until done.

You should now be able to access OWA.
Avatar of Lumious

ASKER

Hi,

If you are doing anything testing in regards to my domain and webmail you might see the following:

The reason why the pinging isn't working and the reason why you see the secureserver.net, is because I was doing maintenance and took out the entries I put in GoDaddy.  I didn't want to leave the entries in their because when people traveled to webmail.lumioustech.com from outside the network they came to the SonicWALL Login Screen.  So for security purposes, I took it out last night and will continue to change the settings this morning for more testing.  Sorry for the confusion.

I will post my GoDaddy configs shortly with what I have in the DNS settings.

I will also try the webserver thing you mentioned as well.  I have a SonicWALL TZ215 Wireless.  So it's fairly new.

Thanks
Avatar of Lumious

ASKER

Hi,

I've completed the steps that you mentioned above with the web server in the SonicWALL but that basically just created a duplicate entry of what I already had in there for the Mail Services entry that I had.  If you review the screen shots above I have everything in place for the Mail Services entry that the web server would have done.  With the current configurations in the SonicWALL as shown above and the GoDaddy Configs for DNS, when you try to access webmail.domain.com, it brings you right to the SonicWALL Login interface, which I don't understand at all.  I've used DynDNS with FTP and what not, and it has never taken me to the Login Screen for my SonicWALL.  I'm guessing it has to do something with the GoDaddy entry.

I'm just really confused right now.

Thanks

Thanks
Avatar of Lumious

ASKER

Hi,

In the SonicWALL there is a DynDNS section where you can acutally add in an entry.

User generated image
Would this be causing the issue since I have this in there?  I am running the DynDNS Client on the Exchange server though too.

Thanks
Avatar of Lumious

ASKER

Hi,

I just noticed that for the ports that I have for the Mail Services, I have some predefined ones from the SonicWALL applied which is fine, but there are some that I had to actually create and then apply for specific ports needed.  When creating those entries, I have specified TCP, not UDP.  Do you have to also specify UDP for any of the ports listed below as well?

User generated image
User generated image
Thanks
ASKER CERTIFIED SOLUTION
Avatar of Carl Dula
Carl Dula
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Lumious

ASKER

Hi,

I will try what you have suggested.  For the images, you can actually "Click" them and they open up in another window nice and big and clear.  If I have to re-post the images I can, just let me know.

Thanks
Avatar of Lumious

ASKER

Hi,

Before making that change, what is this actually go to do?  I'm not going to get disconnected in any way am I?

Thanks
No, it won't discconect anything unless you are logged in from the WAN interface. If you are not local, and cannot login from the LAN interface, then you can enable the http WAN login instead. Since OWA uses https, disabling only that should make it work.

If you are going to enable http WAN login then check System -> Administration, scroll to the Web Management Settings and be sure the box for "Allow management via HTTP" is checked. Test this BEFORE you turn off https by logging out of the WAN, and then logging back in with only HTTP.

It will only prevent you from accessing the Sonciwall management page from the WAN interface. You can put it back anytime by checking the same box again.
Avatar of Lumious

ASKER

Hi,

I have unchecked the HTTPS and checked the HTTP with the correct settings like you mentioned.  When I'm on an external network and open up a web browser, when navigating to webmail.lumioustech.com and hit enter; the web browser changes to http://webmail.lumioustech.com.  I then get the SonicWALL Login Page which I don't want.  But when I add https://webmail.lumioustech.com it brings me to the correct web page of the webmail like I want.

I believe we have solved this issue thank you very much.  But the one thing that remains is I dont want people to navigate to http://webmail.lumioustech.com and get the SonicWALL Login Page.  I would have thought that when they type in in most cases, webmail.lumioustech.com that it would automatically change over to https://?

Thanks
You have several choices to prevent this

If you won't normally access the Sonicwall admin page from the WAN side, turn it off entirely.

Another choice is to move OWA to a different ip address on the WAN. This assumes you have more than one public ip address available for your use.

Another i,s if you turn off WAN admin or move to a different ip address, you can write a rule to redirect port 80 on the WAN to port 443 on the OWA server.

Hope this helps.
Avatar of Lumious

ASKER

Hi,

Since I don't have more than 1 public address I'm guessing I would like to try the last option.

"Another i,s if you turn off WAN admin or move to a different ip address, you can write a rule to redirect port 80 on the WAN to port 443 on the OWA server."

If you could provide any assistance I would greatly appreciate it.  If you need any information or screenshots of my network setup in the firewall I can provide that as well.

Please let me know.

Thanks
Sorry, just a small bit of bad advice. Even though I could write a rule to redirect the traffic from 80 to 443, it still won't work. The browser url must be https, or it won't do the SSL as required by OWA. Sorry about that.

Your best bet would be to turn off http admin on the WAN.... OR you could change the port number to something else. You do that in the same place on the Sonicwall admin as you set the "...via http" above. You will see port setting for both http and https admin. You can change either or both to something else (but not the same). For example, if you set https to 4433 instead of 443, the you would access it with https://myurl:4433. You can go ahead and try this if you want since it won't hurt anything.
Forgot, if you change the https port, don't forget to turn https admin back on doing the reverse of what you did to turn it off above.
Avatar of Lumious

ASKER

So are you suggesting the following:

Change https port to 4433
Check mark the https management for the WAN
Uncheck mark http management for the WAN

Please let me know.

Thanks
Ye,s and also be sure to reverse the setting under Network -> Setting as described above.
Avatar of Lumious

ASKER

When you say to make sure to reverse the settings as described above, what do you mean? I thought all I would have to do is what I just posted above?

Sorry if I misunderstand your comment, just want to be clear on what to do when changing everything.

Thanks
You did this step above...

On the Sonicwall go to Newtork -> Interfaces and select the Configure icon for the X1 WAN interface. On the General tab  under Management, uncheck the HTTPS box and click OK.

So now go back and check the same box you unchecked.
 
That is the step you missed.
Avatar of Lumious

ASKER

Hi,

I have changed the HTTPS port to 4433.
I have checked HTTPS on the WAN interface
I have unchecked HTTP on the WAN interface.

When you try to go to webmail.domain.com in the web browser, it now redirects to https:// instead of http://

I believe everything is working correctly now.

Thank you so much!
Avatar of Lumious

ASKER

Keep up the great work!