?
Solved

sbs 2011 not able to connect to owa externally

Posted on 2013-11-09
9
Medium Priority
?
789 Views
Last Modified: 2014-01-06
Access from mobile device clients suddenly stopped working.  Worked with SonicWALL and the firewall appears to be forwarding correctly.  To further validate, the firewall settings were backed up and restored to a previously known working configuration.

Internal clients can access the https://server/owa without any trouble, but external clients cannot access OWA.

File Not Found

The requested URL was not found on this server: /owa

Open in new window


Access to https://server works and displays the SonicWALL Network Security Login (SSLVPN).

No known changes to the server configuration aside from updates.

Any advice would be greatly appreciated!
0
Comment
Question by:tj-a
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 26

Accepted Solution

by:
Blue Street Tech earned 668 total points
ID: 39636018
Hi tj-a,

have you verified the NAT Policies and Access Rules in the SonicWALL?
0
 

Author Comment

by:tj-a
ID: 39636054
Thanks diverseit, good point.  the rules are working for the SonicWALL https sslvpn connection, but that's redirecting to the SonicWALL device itself.  Maybe there should be a rule to redirect to the iis owa, but I believe it only works at a port level.  Maybe I should point to the iis server and have it redirect to the sw for access to the sw sslvpn?
0
 
LVL 9

Assisted Solution

by:guswebb
guswebb earned 664 total points
ID: 39636206
Sounds like external requests on port 443 are not getting through to your IIS server. First check the firewall port forwarding rules.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 668 total points
ID: 39637158
is sonicwall https using port 443?
If so, you need to change that or neither owa or rwa will work
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39638059
When you say,
Access from mobile device clients suddenly stopped working.
Mobile devices are typically setup via EAS and would be connecting outbound exclusively (WLAN > WAN). No inbound rules are needed for this to function if you are using EAS and Outlook Anywhere. Are you filtering outbound traffic?

As @CrisHanna_MVP said, if you are using the SonicWALL WAN IP address for HTTP or HTTPS port forwarding to a server, then the default Management port must be changed to another unused port number (e.g. 8080, 444, 4444, etc.). You can change this under the System > Administration page.

SonicWALL SSL-VPN should be running on default port 4433...not 443. Check to see if this has been changed to 443.

OWA access on the SonicWALL typically has 3 NAT policies: inbound, outbound and loopback (for internal domain request, e.g. https://owa.servername.com); and 1 firewall Access Rule for OWA from WAN to <whichever Zone the server is in...DMZ, LAN,etc.>.

Make sense?
0
 

Author Closing Comment

by:tj-a
ID: 39640102
Turns out, there was a rule on the WAN for the SonicWALL management port.  Not sure why restoring the previously working settings didn't fix the issue, but once I unchecked https management on the WAN port, i was able to connect to exchange via https and from mobile clients.  

Thanks for steering me in the right direction!!
0
 

Author Comment

by:tj-a
ID: 39641369
My apologies, I didn't realize the grade was set to less than an "A".  It took a couple of times to submit from my cell phone and I must have inadvertently selected a lower grade.  Definitely an "A" grade!
0
 
LVL 26

Expert Comment

by:Blue Street Tech
ID: 39641957
No problem! Thanks for the clarification.

Cheers!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question