Solved

SBS 2003 with ISA 2004 - Enabling Outlook Web Access

Posted on 2013-01-21
9
793 Views
Last Modified: 2013-01-23
Hey All,

I am having a major issue with SBS 2003 & ISA 2004. I need to get access to OWA from outside the business.

Exchange and OWA work fine inside the local network its the outside to inside that there is a problem!

Network Info below:-

LAN=
IP: 192.168.16.2
Mask: 255.255.255.0
DNS: 192.168.16.2

WAN=
IP: 192.168.1.2
MASK: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.16.2

What I have done so far....

- Run Configure E-mail and Internet Connection Wizard
- Entered my DNS Settings and IP of Router (192.168.1.1)
- Specified my network WAN & LAN in the drop downs
- Click Enable Firewall
- Put a tick in the E-mail box
- Allow Access to the following Web Site Services from the Internet: Outlook Web Access, Remote Web Workplace, Outlook Mobile Access, Outlook via the Internet
- Then it gives me a summary about what I want it to do
- Click finish

I then get an error:
An error occurred while configuring your Universal Plug and Play Router.

To Cancel the wizard now without configuring remaining components, click Cancel.
To continue configuring remaining components without configuring the router, click OK.

In either case, you must run the wizard again. When the Wizard asks you if you want to automatically configure your router, click No. You must then Manually configure the router by using the information in Appendix C of the Getting Started guide.


- So I click ok


Now the issue is that when I re run the wizard again there is no option at all that I can see that says that I don't want it to configure my device by UPnP? Am I missing something?

I have a Linksys X3000 Router and I have made sure that UPnP is on as well and it still comes up with the error.


Ok on the Router side of things:

Port Forwarding is enable for:-
Https to IP Address = 192.168.1.2
Http to IP Address = 192.168.1.2

So I am really stuck on where to go next with this. Is this a problem with ISA, SBS or my Router?!

Or maybe all 3?

Thanks for your help in advance
0
Comment
Question by:dan4132
  • 4
  • 3
  • 2
9 Comments
 
LVL 39

Expert Comment

by:footech
ID: 38807887
To be honest, I never use UPnP. I would just disable it on the router, then run the CEICW again.  If your connection to the internet is already working, then you can just choose the option for "Do not change connection type".  With the ports forwarded as they are it should work.

If not, can you tell me if you see the following rule in ISA?
SBS OWA Web Publishing Rule

Then we can dig into the settings for this rule and it's web listener.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38807915
I've unfortunately retired all the SBS2003 boxes I had, so can't easily test this for you, however I've usually followed this man's guide:
http://blog.cjwdev.co.uk/2009/12/14/publishing-owa-on-sbs-2003-premium/
And had success - I doubt it's your Linksys causing the problem, ISA's a more likely candidate, but you could test this theory by seeing if it works from a laptop temporarily connected in the 192.168.1.x range.
0
 
LVL 3

Author Comment

by:dan4132
ID: 38808937
Hey Guys,

Thanks for the response. I definatly agree with you that I think ISA is the culprit here.

I have taken screenshots of my config so you can have a look to see if anything points out at you thats wrong.
ISAProb.jpg
ISARules.jpg
ISARules2.jpg
ISALog.jpg
ISAListen.jpg
ISAListen2.jpg
ISAListen3.jpg
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Author Comment

by:dan4132
ID: 38809934
Ok I found the problem.. it was the Web listener that didn't have all networks selected. (Pic Attached)

But now I have a new problem when I try to access mywebsite/exchange:

The page cannot be displayed  
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

--------------------------------------------------------------------------------

Try the following:

Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)
Listener.JPG
0
 
LVL 14

Assisted Solution

by:BlueCompute
BlueCompute earned 200 total points
ID: 38810583
There's a few causes for this error - try looking at the MS article here:
http://technet.microsoft.com/en-us/library/bb794843.aspx (scroll down to "Certificate Issues") or the ISAServer article here:
http://www.isaserver.org/tutorials/error505.html
0
 
LVL 3

Author Comment

by:dan4132
ID: 38810800
Figured out it was to do with the Certificate not matching but have corrected that...

Now another problem... :-/

I have now managed to get to the login page on exchange but it will not let me login. It doesn't come up with an error.. just flashes back to the login page as soon as I press enter..

I found this in ISA...
ISAFailed.JPG
0
 
LVL 39

Accepted Solution

by:
footech earned 300 total points
ID: 38811376
I don't know where to start with this one.  Looking at your firewall rules, there seems to be a number that shouldn't be needed and the order is really weird.  You shouldn't have needed to set the web listener to listen on anything except the external network.  It looks like you've modified the listener to use FBA instead of integrated authentication (on SBS by default the Exchange Virtual Server handles this - only one should be configured for FBA).

There used to be a good article on the web about rule order in ISA for SBS (I think by Amy Babinchak) but I can no longer find it.  If I remember correctly, she recommends most additional access rules to be placed between the SBS Protected Networks Access Rule and the SBS Internet Access rule.  I'm attaching a screenshot of the default rule order.

Honestly I wouldn't even try to troubleshoot it until I got it back to a more standard configuration.  There's just too many things that could be happening here.  Best of luck.
SBS-ISA-rules-default.JPG
0
 
LVL 3

Author Closing Comment

by:dan4132
ID: 38812312
Awesome you solved it for me.. I reordered and disabled all of the unused ones for the time being before I delete them.

And it was as you said because it was using form based instead of integrated authentication.

Much appreciated guys for your input!
0
 
LVL 39

Expert Comment

by:footech
ID: 38812437
Glad you got it working!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Intune/ Microsoft EMS 1 35
Exchange Management Shell dysfunctional - 0x8009030e 24 44
outlook 6 39
Exchange 2013 - Script needed 7 35
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question