Solved

Exchange 2010 OWA 403 error

Posted on 2014-01-08
7
735 Views
Last Modified: 2014-02-04
When attempting to connect to OWA via mail.mydomain.com from the internet I am receiving the following:

Error code: 403 forbidden. The server denied the specific uniform resource locator.

I have this set as a published rule in ISA server 2006. Since I am receiving the 403 error I am going to assume this is some sort of an authentication issue.

Under the listener tab > properties, I have the authentication mode set to HTML for authentication and windows (active directory)

Now on the authentication delegation tab, I have it set to "no delegation, but client may authenticate directly"

On the exchange server, the CAS is set to basic authentication.

Thank you
0
Comment
Question by:Yeloball
7 Comments
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39765752
This may be a simple denial from your router or firewall blocking the connection. Make sure you have set up port forwarding for the connection to work.
0
 

Author Comment

by:Yeloball
ID: 39765768
Port forwarding on the ISA server or another firewall on the network?
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39765778
Port forwarding starts at the public-facing side of your network - typically the router on smaller networks. Start by looking there to see if the settings are in place to allow it to forward the proper ports - they vary depending on what protocol you are using - to the correct internal IP address for processing by your email / ISA server. If there are other firewalls on the network from there, work your way in to allow the traffic that needs to go to the server to get there.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
ID: 39765798
Can you confirm that the to tab& Public Name tab on the policy settings on your ISA 2006 box  has the correct names?

 When you are publishing OWA 2010 you can still use SAN Certificate on the Exchange OWA side. However the FQDN name that appears on the To Tab on the ISA Server 2006 OWA Publishing rule needs to match with the first name on the SAN Certificate.
0
 

Author Comment

by:Yeloball
ID: 39765879
As an example. What I have listed on my "TO" tab is mail.my.domain.com, then when I look at my listner tab properties window, my certificate is listed as mail.mydomain.com.

Does that look correct?
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 39766093
I would start with testing with

https://testconnectivity.microsoft.com

It will tell you exactly what needs to be changed or it will give you recommendations..

DirkMare
0
 
LVL 1

Expert Comment

by:soniczoom5
ID: 39768087
have you looked at the ISA logs yet? I would enable logging and set a filter to listen for the external IP you are testing from; that way you can at least see if the traffic is hitting the ISA server; if it is hitting it, then move to the IIS logs within Exchange to see if the traffic is reach the Exchange server
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question