Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6048
  • Last Modified:

New Exchange 2010 owa ( 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied)

Hi Experts,

Help!

We just migrated to our new exchange 2010 server from 2007 and I just installed our certificate and am getting


403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.

When going to owa.  If I go to the actual name of the server it works fine but if I go to our main domain name that is set up with everyone's mail, I get that error.

Any help would be appreciated.

Karen
0
klsphotos
Asked:
klsphotos
  • 4
  • 3
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
To be clear here

If you go to https://sever/owa it works, but https://host.example.com/owa does not?

Are you testing this internally or externally? Internally, do you have a split DNS setup so the external name works internally?
Do you have an RPC CAS Array setup?
It could be that the DNS doesn't go where you expect to, so the result isn't what should be happening.

Simon.
0
 
klsphotosAuthor Commented:
https://mail.server.org/owa works  https://mail.server.org/ does not.

This site does not have a split dns and should work internally as well as externally.

From outside and inside I land on a IIS 7 page.

I confirmed DNS for mail is set to the new server.
0
 
Simon Butler (Sembee)ConsultantCommented:
That is the expected behaviour.

Exchange only works on /owa.

If you want to drop the use of /owa then you need to put a redirection on the root of the site. However you must configure all URLs within Exchange with the subdirectory listed - so you cannot list the URL on the OWA virtual directory without the /owa.

If you are configuring a redirect ensure that it doesn't affect subdirectories as well, or better still, use an HTML redirect in the root of the site.

If you want to use the same host name internally and externally you should use a split DNS. Most firewalls will not allow an external IP address to be used internally (basically coming back on itself) so the best practise is the deployment of a split DNS.

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
KwoofCommented:
Sembee2 has it all correct.  If your firewall/router does not allow the external IP to be used internally, you may want to add your internal to the SAN certificate.  How was your 2007 exchange setup?
0
 
klsphotosAuthor Commented:
This is resolved, sort of.  It was the redirect that needed to be configured.  We had mail.company.org that needed a redirect to be set up for server.domainname.org/owa.

The issue now is that the redirect for http works fine, but the https redirect does not.  The redirect for http is set up through the 404 pages, not in IIS.  How can I redirect https as well?
0
 
Simon Butler (Sembee)ConsultantCommented:
Don't do it through 404s.
I always use HTML code on the root of the web site, so that it redirects to the HTTPS version at the same time.

http://exchange.sembee.info/2010/cas/default-page.asp

Simon.
0
 
klsphotosAuthor Commented:
Does that code redirect https as well?  That seems way too simple :)
0
 
Simon Butler (Sembee)ConsultantCommented:
If you put the URL in the code as https://host.example.com/owa/, instead of just /owa/ then it will do so. Although if you have the URL set as https://host.example.com/owa in Exchange, then Exchange should redirect for you.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now