Solved

Exchange 2010 OWA 403 error

Posted on 2014-01-08
7
747 Views
Last Modified: 2014-02-04
When attempting to connect to OWA via mail.mydomain.com from the internet I am receiving the following:

Error code: 403 forbidden. The server denied the specific uniform resource locator.

I have this set as a published rule in ISA server 2006. Since I am receiving the 403 error I am going to assume this is some sort of an authentication issue.

Under the listener tab > properties, I have the authentication mode set to HTML for authentication and windows (active directory)

Now on the authentication delegation tab, I have it set to "no delegation, but client may authenticate directly"

On the exchange server, the CAS is set to basic authentication.

Thank you
0
Comment
Question by:Yeloball
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39765752
This may be a simple denial from your router or firewall blocking the connection. Make sure you have set up port forwarding for the connection to work.
0
 

Author Comment

by:Yeloball
ID: 39765768
Port forwarding on the ISA server or another firewall on the network?
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39765778
Port forwarding starts at the public-facing side of your network - typically the router on smaller networks. Start by looking there to see if the settings are in place to allow it to forward the proper ports - they vary depending on what protocol you are using - to the correct internal IP address for processing by your email / ISA server. If there are other firewalls on the network from there, work your way in to allow the traffic that needs to go to the server to get there.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
ID: 39765798
Can you confirm that the to tab& Public Name tab on the policy settings on your ISA 2006 box  has the correct names?

 When you are publishing OWA 2010 you can still use SAN Certificate on the Exchange OWA side. However the FQDN name that appears on the To Tab on the ISA Server 2006 OWA Publishing rule needs to match with the first name on the SAN Certificate.
0
 

Author Comment

by:Yeloball
ID: 39765879
As an example. What I have listed on my "TO" tab is mail.my.domain.com, then when I look at my listner tab properties window, my certificate is listed as mail.mydomain.com.

Does that look correct?
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39766093
I would start with testing with

https://testconnectivity.microsoft.com

It will tell you exactly what needs to be changed or it will give you recommendations..

DirkMare
0
 
LVL 1

Expert Comment

by:soniczoom5
ID: 39768087
have you looked at the ISA logs yet? I would enable logging and set a filter to listen for the external IP you are testing from; that way you can at least see if the traffic is hitting the ISA server; if it is hitting it, then move to the IIS logs within Exchange to see if the traffic is reach the Exchange server
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question