New Exchange 2010 owa ( 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied)

Posted on 2013-12-21
Last Modified: 2014-01-30
Hi Experts,


We just migrated to our new exchange 2010 server from 2007 and I just installed our certificate and am getting

403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

When going to owa.  If I go to the actual name of the server it works fine but if I go to our main domain name that is set up with everyone's mail, I get that error.

Any help would be appreciated.

Question by:klsphotos
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39733742
To be clear here

If you go to https://sever/owa it works, but does not?

Are you testing this internally or externally? Internally, do you have a split DNS setup so the external name works internally?
Do you have an RPC CAS Array setup?
It could be that the DNS doesn't go where you expect to, so the result isn't what should be happening.


Author Comment

ID: 39733747 works does not.

This site does not have a split dns and should work internally as well as externally.

From outside and inside I land on a IIS 7 page.

I confirmed DNS for mail is set to the new server.
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39733792
That is the expected behaviour.

Exchange only works on /owa.

If you want to drop the use of /owa then you need to put a redirection on the root of the site. However you must configure all URLs within Exchange with the subdirectory listed - so you cannot list the URL on the OWA virtual directory without the /owa.

If you are configuring a redirect ensure that it doesn't affect subdirectories as well, or better still, use an HTML redirect in the root of the site.

If you want to use the same host name internally and externally you should use a split DNS. Most firewalls will not allow an external IP address to be used internally (basically coming back on itself) so the best practise is the deployment of a split DNS.

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 39734089
Sembee2 has it all correct.  If your firewall/router does not allow the external IP to be used internally, you may want to add your internal to the SAN certificate.  How was your 2007 exchange setup?

Author Comment

ID: 39785697
This is resolved, sort of.  It was the redirect that needed to be configured.  We had that needed a redirect to be set up for

The issue now is that the redirect for http works fine, but the https redirect does not.  The redirect for http is set up through the 404 pages, not in IIS.  How can I redirect https as well?
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 39785813
Don't do it through 404s.
I always use HTML code on the root of the web site, so that it redirects to the HTTPS version at the same time.


Author Comment

ID: 39786629
Does that code redirect https as well?  That seems way too simple :)
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39787933
If you put the URL in the code as, instead of just /owa/ then it will do so. Although if you have the URL set as in Exchange, then Exchange should redirect for you.


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question