Solved

Exchange 2010 OWA 403 error

Posted on 2014-01-08
7
715 Views
Last Modified: 2014-02-04
When attempting to connect to OWA via mail.mydomain.com from the internet I am receiving the following:

Error code: 403 forbidden. The server denied the specific uniform resource locator.

I have this set as a published rule in ISA server 2006. Since I am receiving the 403 error I am going to assume this is some sort of an authentication issue.

Under the listener tab > properties, I have the authentication mode set to HTML for authentication and windows (active directory)

Now on the authentication delegation tab, I have it set to "no delegation, but client may authenticate directly"

On the exchange server, the CAS is set to basic authentication.

Thank you
0
Comment
Question by:Yeloball
7 Comments
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39765752
This may be a simple denial from your router or firewall blocking the connection. Make sure you have set up port forwarding for the connection to work.
0
 

Author Comment

by:Yeloball
ID: 39765768
Port forwarding on the ISA server or another firewall on the network?
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39765778
Port forwarding starts at the public-facing side of your network - typically the router on smaller networks. Start by looking there to see if the settings are in place to allow it to forward the proper ports - they vary depending on what protocol you are using - to the correct internal IP address for processing by your email / ISA server. If there are other firewalls on the network from there, work your way in to allow the traffic that needs to go to the server to get there.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
ID: 39765798
Can you confirm that the to tab& Public Name tab on the policy settings on your ISA 2006 box  has the correct names?

 When you are publishing OWA 2010 you can still use SAN Certificate on the Exchange OWA side. However the FQDN name that appears on the To Tab on the ISA Server 2006 OWA Publishing rule needs to match with the first name on the SAN Certificate.
0
 

Author Comment

by:Yeloball
ID: 39765879
As an example. What I have listed on my "TO" tab is mail.my.domain.com, then when I look at my listner tab properties window, my certificate is listed as mail.mydomain.com.

Does that look correct?
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39766093
I would start with testing with

https://testconnectivity.microsoft.com

It will tell you exactly what needs to be changed or it will give you recommendations..

DirkMare
0
 
LVL 1

Expert Comment

by:soniczoom5
ID: 39768087
have you looked at the ISA logs yet? I would enable logging and set a filter to listen for the external IP you are testing from; that way you can at least see if the traffic is hitting the ISA server; if it is hitting it, then move to the IIS logs within Exchange to see if the traffic is reach the Exchange server
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
This video discusses moving either the default database or any database to a new volume.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now