Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 823
  • Last Modified:

Exchange 2010 OWA 403 error

When attempting to connect to OWA via mail.mydomain.com from the internet I am receiving the following:

Error code: 403 forbidden. The server denied the specific uniform resource locator.

I have this set as a published rule in ISA server 2006. Since I am receiving the 403 error I am going to assume this is some sort of an authentication issue.

Under the listener tab > properties, I have the authentication mode set to HTML for authentication and windows (active directory)

Now on the authentication delegation tab, I have it set to "no delegation, but client may authenticate directly"

On the exchange server, the CAS is set to basic authentication.

Thank you
0
Yeloball
Asked:
Yeloball
1 Solution
 
Norm DickinsonGuruCommented:
This may be a simple denial from your router or firewall blocking the connection. Make sure you have set up port forwarding for the connection to work.
0
 
YeloballAuthor Commented:
Port forwarding on the ISA server or another firewall on the network?
0
 
Norm DickinsonGuruCommented:
Port forwarding starts at the public-facing side of your network - typically the router on smaller networks. Start by looking there to see if the settings are in place to allow it to forward the proper ports - they vary depending on what protocol you are using - to the correct internal IP address for processing by your email / ISA server. If there are other firewalls on the network from there, work your way in to allow the traffic that needs to go to the server to get there.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
David Paris VicenteSystems and Comunications Administrator Commented:
Can you confirm that the to tab& Public Name tab on the policy settings on your ISA 2006 box  has the correct names?

 When you are publishing OWA 2010 you can still use SAN Certificate on the Exchange OWA side. However the FQDN name that appears on the To Tab on the ISA Server 2006 OWA Publishing rule needs to match with the first name on the SAN Certificate.
0
 
YeloballAuthor Commented:
As an example. What I have listed on my "TO" tab is mail.my.domain.com, then when I look at my listner tab properties window, my certificate is listed as mail.mydomain.com.

Does that look correct?
0
 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
I would start with testing with

https://testconnectivity.microsoft.com

It will tell you exactly what needs to be changed or it will give you recommendations..

DirkMare
0
 
soniczoom5Commented:
have you looked at the ISA logs yet? I would enable logging and set a filter to listen for the external IP you are testing from; that way you can at least see if the traffic is hitting the ISA server; if it is hitting it, then move to the IIS logs within Exchange to see if the traffic is reach the Exchange server
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now