Cannot connect to Exchange 2013 from outside network.

I have set up Exchange 2013 on a new Windows 2012 server that is running in Hyper-V.  There is also a Domain Controller running in Hyper-V.

We can connect to the Exchnage server internally without a problem, but when I try and connect from outside on my Nexus 4, using our IP address, I get an error that says...

microsoft.exchange.webservices.data.ServiceRequestException: The request failed. Error message is 'HTTP error: Forbidden (403)'
'->
microsoft.exchange.webservices.data.HttpErrorException.HTTP error: Forbidden (403)
asciiassasinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

piattndCommented:
Are you trying to use OWA to connect externally or active sync?  Make sure SSL is turned off on the IIS directories for OWA or Active Sync internally on your backend exchange server and try again.
0
AlexProfiletCommented:
Is do you have TCP port 443 open to your Exchange server with a certificate applied to the server? Usually forbidden on HTTP means only HTTPS is allowed. I believe the phones try both automatically but the server may only be accepting HTTPS. If that isn't open to the server on the firewall then it won't work.
0
asciiassasinAuthor Commented:
There is no SSL certificate.  Company hasn't purchased one and will not.  

HTTP and HTTPS (80 & 443) are being forwarded to the Exchange server from the router.  Should these be forwarded to the Domain Controller instead?

ports
192.168.10.8 is the Domain Controller and 192.168.10.9 is the Exchnage 2013 server.
0
AlexProfiletCommented:
In your screenshot OWA S (443) is pointed to .8 which you said is the DC. It needs to go to Exchange, so you should change that (unless your DC has a website that need to be externally accessed). Without a cert you will need to tell your phones to accept all certs. Getting a cert is recommended, but you can get around it depending on your needs.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
asciiassasinAuthor Commented:
That was it!  OWA should have been pointed to the Exchange Server - NOT the Domain Controller.

I suppose you could configure DNS on the DC to route that...but it is working as is.

Thanks for your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.