Cannot connect to our sbs2008 server using OWA

Thanks Alan.

I have tried the website check recommended and it completes with "SUCCESS".

As I said, this did use to work, but now does not.

Any other suggestions??

Thanks

Nigelbeatson,

If I am understanding correctly, access to OWA (https://remote.domainname.co.uk/owa) is no longer working externally; however it works internally - do I have that right?

Has anything changed recently that you can think of?

Does the "remote.domainname.co.uk" resolve correctly externally. In other words, does the A or CNAME record point to the correct public IP?

You can try using nslookup to determine if the information is correct and up to date.

Those are what I can think of off the top of my head.

Linda

Then your best bet is to re-run the Connect To The Internet and Fix My Network Wizards, then test again.

Alan

Also worth noting - you shouldn't keep port 3389 open and forwarded to the server as this is a massive target for hackers to try and abuse.  If you do leave it open - if you can restrict access via a Firewall Rule to specific IP's then that would prevent hackers from trying to abuse your server.  Failing that, please close the port or at least setup a redirect rule on your firewall to redirect a random port e.g., 9876 to internal port 3389.

Alan

yes Linda, you understand correctly.

Not made any changes recently, that I can think of, but we dont use this very often, so I am not certain exactly when this stopped working.

remote.domainname.co.uk resolves correctly locally using nslookup and when run externally it does point to the correct public ip address.

when we lookup the mx record it points to mail.domainname.co.uk, but mail is arriving ok, as this too points to the correct public ip.

remote.domainname.co.uk also works fine when we enter it in to the microsoft remote desktop software.

I cannot see a A or CNAME in our local DNS, which points to our public IP, if thats what you are asking??

Any ideas??


Many thanks.

Thanks Alan, I will make suitable changes once we have this working OK.

Please re-run the wizards as per my last but one comment (in case you missed it with me rambling on about port 3389!).

Alan

Thanks Alan. I have tried running the 2 wizards, the first (internet) completed correctly. The second (network) identified an error - A network component is not configured properly (component ID 4), but on completion it reported it to be fixed.

On trying the access again, unfortunately, it still failed.

Any other suggestions?

Many thanks for your assistance

Nigelbeatson,

I am asking about an external (public) either A or CNAME record that would tell the outside world how to find your webmail service. Based on what you have indicated, the MX records are correct (tells the world where to deliver mail)

Which ever entity manages your external DNS records (whether ISP or webhosting company like GoDaddy), you want to make sure there is an A or CNAME record that explains how to find the OWA server.

remote.domainname.co.uk <mapped to> public IP
mail.domainname.co.uk <mapped to> public IP

As you know, when users access OWA, it is usually done with either https://remote.domainname.co.uk/owa or, if modified to use "mail", https://mail.domainname.co.uk/owa - so an external record is needed to resolve that FQDN to the correct public IP.

Linda

Thankyou Linda.

Yes, we have an A record in our ISP DNS which hosts our domain name and this does point to the correct public IP address. On using remote desktop this does resolve ok and mxtoolbox also indocates it points to the correct public IP.

As I said this used to work, so I just dont get it. I have tried https://remote.domainname.co.uk/owa & /remote but none bring up the logon page.

Very frustrating.

Any other suggestions?

Many thanks.

I forgot to add that I have also tried it for mail.domainname.co.uk etc and that too fails.

Thanks

Have you tried the external IP in the url?

What is the error that displays when you make the attempts?

Have you tried the BPA?

Can you check on the status of the Certs? (may seem weird, but you'd be surprised)

Using the IP address does not make any difference ie https://123.123.123.123/owa

There was an expired SSL certifficate shown on the IIS Manager -  server certifficates page, which I deleted. There is a current one indicated, but I dont know how to verify that it is active?

I can confirm that the canyouseeme.org utility indicates it can see the service, so I would have hoped that confirms it is installed and active.

However, if anyone thinks I need to do more to verify this, I would be happy to do the work required.

Other than that, I still cannot get to the OWA logon page.

Any ideas?

Many thanks

BPA does not indicate anything relevant.

The error just says that :-

Internet Explorer cannot display the webpage.

Thanks

Can you please download and run the SBS 2008 BPA from here:

http://www.microsoft.com/en-gb/download/details.aspx?id=6231

Then run and see what it reports.

Thanks

Alan

I have completed the BPA as requested. I have run this in the past, and I dont see anything in this that has not been present for some time, ie some legacy warnings remaining after the migration, which we have not yet got round to clearing. But please take a look and let me know if you feel that something is relevant to this problem.

I would be delighted if you did spot something as we really need to resolve the OWA problem.

I have attached the file for your inspection.

I have also attached a screenshot of the failure of the OWA connection.

Please let me know if you need any further information.

Many thanks
SBSBPA.201412101655122113.data.xml
screenshot.jpg

Can't read the XML file unfortunately (not in any intelligent way).

When I browse using port 80 to the IP Address that resolves to the domain name posted in the 2nd image I get the following login screen:


What is this and could it be this that is getting in the way of your SSL connection?

Alan

how strange that it differs from what I see??

the interface you see is related to our security cameras which were installed a few months ago.

not sure why owa would bring that up?? that looks like the port is redirecting to the camera IP??

I thought I had checked all the redirections but I will take another look.

if you still want the Bpa I will try to upload it in a different way.

any other comments?

thanks alan

Bear in mind that was port 80 not 443, but worth checking redirections / port forwarding.

Can you post a screen-shot of the BPA results?

Alan

here is the bpa results.

As I said previously, most of these relate to a 2003 migration which we have not fully cleared down yet.

If you see something relative to our problem, I would be delighted to hear from you.

Many thanks.
screenshotbpa.png

One other point, when I access the router locally, we have to use https://192.168.16.1:9443 to get to the login screen. Would this cause any issues for OWA?

Thanks

Here is a screenshot of our port redirection under the NAT section of our Draytek router.

I can see that port 80 has been redirected to our camera, but 443 is directed to our local server IP.

Does this help?
screenshotports.jpg

OK - Sorted it!

The Draytek SSL VPN section of this router had been set to 443, so conflicted with 443 that we used with HTTPS.

What a pain!

Many thanks for your assistance.

Can anyone advise how I handle the points?  

Many thanks

Ah!  The more recent SSL VPN section of the Drayteks!  That is only slightly annoying but the info is available on the Downloads page of their website advising about the changes!  I did ask about the router in my first comment and as a Draytek Reseller could probably have pointed you to the fix a bit quicker.

Oh well - glad you got there in the end.

In terms of points - they are yours to do with as you please.  If you found the solution, then accept your own comment as the solution and if you want to award points to any helpful comments, then you can.

Alternatively you can select one or more Expert comments as the Solution(s) and award all / a share of the points to the comment or comments.

Whatever you do is fine with me and hopefully the other experts too.  What's important is your problem is fixed.

Best wishes

Alan

Many thanks to all.

Thank you.