Exchange 2016 external access to owa stopped working recently.
The external OWA access to Exchange 2016 stopped working over the weekend.
We are running a small internal Exchange 2016 installation with 25 users. The external owa site has been working until recently - last 5 days. The owa and outlook access are working internally within the local environment, but not from the internet. The exchange server claimed to have issues with ldap access to the adcontroller in the event log, but shows connections to ldap with the netstat command.
The IIS shows the site being active with the correct certificate attached. Again, nothing changed.
I have rebooted the AD controller (first) and the exchange server (second) with no change in connectivity. We have not installed any updates or new software in the last month. The firewall on the exchange server has been turned off for testing.
The wan access firewall (Sonic wall) has also been rebooted, and has all other access working.
Internal connections work, external do not. I suspect it is related to LDAP/IIS/OWA but do not know how to proceed next.
Thank you, in advance,
Jim
We are running a small internal Exchange 2016 installation with 25 users. The external owa site has been working until recently - last 5 days. The owa and outlook access are working internally within the local environment, but not from the internet. The exchange server claimed to have issues with ldap access to the adcontroller in the event log, but shows connections to ldap with the netstat command.
The IIS shows the site being active with the correct certificate attached. Again, nothing changed.
I have rebooted the AD controller (first) and the exchange server (second) with no change in connectivity. We have not installed any updates or new software in the last month. The firewall on the exchange server has been turned off for testing.
The wan access firewall (Sonic wall) has also been rebooted, and has all other access working.
Internal connections work, external do not. I suspect it is related to LDAP/IIS/OWA but do not know how to proceed next.
Thank you, in advance,
Jim
Hi
What errors are showing in the application log on the exchange server? Did any updates apply in the background that could have broken something?
What errors are showing in the application log on the exchange server? Did any updates apply in the background that could have broken something?
ASKER
Edward,
Thank you for your reply.
Good question.
I checked and Microsoft Exchange 2016 cu4 installed on the 27th at 530pm CDT. I did not initiate it, but it installed anyway.
It may be the issue. It appears that the ldap complaints started shortly after the cu4 install.
Question - Is it safe to back it out or update it to the current cu?
How would you recommend to proceed?
Jim
Thank you for your reply.
Good question.
I checked and Microsoft Exchange 2016 cu4 installed on the 27th at 530pm CDT. I did not initiate it, but it installed anyway.
It may be the issue. It appears that the ldap complaints started shortly after the cu4 install.
Question - Is it safe to back it out or update it to the current cu?
How would you recommend to proceed?
Jim
Did .net 4.7.2 perhaps also install?
You can update to the latest but I prefer to always stick to 1. Erosion behind the latest
Sorry autocorrect on my phone 😀, stick to 1 version behind the latest
ASKER
Tim,
Thank you for the information. I tried this test earlier tonight from a client machine attached to the internet. It failed right away with the client being unable to log in via the OWA interface immediately.
When I tested internally from a local network desktop, the OWA interface works perfectly. Outside via the internet, OWA and I suspect the ActiveSync access via https, is not working.
Thanks,
Jim
Thank you for the information. I tried this test earlier tonight from a client machine attached to the internet. It failed right away with the client being unable to log in via the OWA interface immediately.
When I tested internally from a local network desktop, the OWA interface works perfectly. Outside via the internet, OWA and I suspect the ActiveSync access via https, is not working.
Thanks,
Jim
ASKER
Edward,
I do not see any dot net 4.72 installed under programs on any date listed. I agree with being on the leading but not bleeding edge of software distribution.
Should I try to install the dot.net 4.72 patch?
I do not see any dot net 4.72 installed under programs on any date listed. I agree with being on the leading but not bleeding edge of software distribution.
Should I try to install the dot.net 4.72 patch?
No don't install it just making sure you didn't have it as it breaks exchange
Can you provide any error message you get when accessing owa=? and also, details on the errors you find in eventlog regarding ldap?
To restate, if you attempt to access OWA externally do you get a 404 (not found) or a different error? If it's a different error, what is it?
I suspect someone in your network team may have messed with DNS or your firewall.
I suspect someone in your network team may have messed with DNS or your firewall.
ASKER
To all,
dot net 4.72 was installed. I removed it, but did not reboot. Do I need to reinstall 4.61 dot net or reboot and reinstall 4.61?
All microsoft exchange services are running, but I did get an error in the application log related to the owa interface.
Source: MSExchange OWA
Date: 8/28/2018 1:40:34 AM
Event ID: 139
Task Category: Wac
Level: Error
Keywords: Classic
User: N/A
Computer: Mail.lhmlaw.local
Description:
There was an error setting up WacConfiguration. Wac will be disabled. The WacUrlHostName was invalid. Expected a valid Uri. Actual value was ''. Value read from 'OrganizationConfig'
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange OWA" />
<EventID Qualifiers="49152">139</Ev
<Level>2</Level>
<Task>10</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2018-08-28T06:
<EventRecordID>6199628</Ev
<Channel>Application</Chan
<Computer>Mail.lhmlaw.loca
<Security />
</System>
<EventData>
<Data>The WacUrlHostName was invalid. Expected a valid Uri. Actual value was ''. Value read from 'OrganizationConfig'</Data
</EventData>
</Event>
Please advise.
Thanks, in advance
Jim
dot net 4.72 was installed. I removed it, but did not reboot. Do I need to reinstall 4.61 dot net or reboot and reinstall 4.61?
All microsoft exchange services are running, but I did get an error in the application log related to the owa interface.
Source: MSExchange OWA
Date: 8/28/2018 1:40:34 AM
Event ID: 139
Task Category: Wac
Level: Error
Keywords: Classic
User: N/A
Computer: Mail.lhmlaw.local
Description:
There was an error setting up WacConfiguration. Wac will be disabled. The WacUrlHostName was invalid. Expected a valid Uri. Actual value was ''. Value read from 'OrganizationConfig'
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="MSExchange OWA" />
<EventID Qualifiers="49152">139</Ev
<Level>2</Level>
<Task>10</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2018-08-28T06:
<EventRecordID>6199628</Ev
<Channel>Application</Chan
<Computer>Mail.lhmlaw.loca
<Security />
</System>
<EventData>
<Data>The WacUrlHostName was invalid. Expected a valid Uri. Actual value was ''. Value read from 'OrganizationConfig'</Data
</EventData>
</Event>
Please advise.
Thanks, in advance
Jim
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
WAC is the old name for Office Web App Servers. Unless you have an Office Web App Server (unlikely for SMB) you can ignore that particular error.
ASKER
Tim,
I tested using the connectivity tool and it fails upon login with an unknown error. I will retest and see if it gives a particular error number.
MichelAngelo,
I will test again and report the error that I obtain.
Michael,
I will test again, and see if what error I obtain from my web browser and post.
I will ignore the WAC error.
Edward,
Plan
Reinstall dotnet 4.7.1
reboot
Upgrade from cu 4 to cu 9
reboot
check all services running
check event log
check connectivity from inside and outside
check with connectivity tool
confirm with end users
??? any other suggestions....
Thanks to all,
Jim
I tested using the connectivity tool and it fails upon login with an unknown error. I will retest and see if it gives a particular error number.
MichelAngelo,
I will test again and report the error that I obtain.
Michael,
I will test again, and see if what error I obtain from my web browser and post.
I will ignore the WAC error.
Edward,
Plan
Reinstall dotnet 4.7.1
reboot
Upgrade from cu 4 to cu 9
reboot
check all services running
check event log
check connectivity from inside and outside
check with connectivity tool
confirm with end users
??? any other suggestions....
Thanks to all,
Jim
Sounds good
Sounds good
ASKER
To all:
I installed dotnet 4.71 and cu 9 and rebooted several times after each installation - per the plan listed earlier.
System is functioning as before - inside access to owa is working, outside access is not.
No change.
I captured a sniffer trace from this server and others operating through firewall. Other servers work, this one, does not. Sniffer trace of outside web owa access shows no response to the syn packet. The owa is not getting out to the internet for some reason.
Comment please, on next steps?
I installed dotnet 4.71 and cu 9 and rebooted several times after each installation - per the plan listed earlier.
System is functioning as before - inside access to owa is working, outside access is not.
No change.
I captured a sniffer trace from this server and others operating through firewall. Other servers work, this one, does not. Sniffer trace of outside web owa access shows no response to the syn packet. The owa is not getting out to the internet for some reason.
Comment please, on next steps?
I'm going to repeat my comment from yesterday: To restate, if you attempt to access OWA externally do you get a 404 (not found) or a different error? If it's a different error, what is it?
I suspect someone in your network team may have messed with DNS or your firewall.
I suspect someone in your network team may have messed with DNS or your firewall.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Edward, Tim, Michael, and Michelangelo,
Thank you, all, for your insight and knowledge.
I outlined in my solution and how your information and comments guided me to resolve two root issues that were preventing full functionality.
Again, the information and the support is excellent and is greatly appreciated.
Take care,
Jim
Thank you, all, for your insight and knowledge.
I outlined in my solution and how your information and comments guided me to resolve two root issues that were preventing full functionality.
Again, the information and the support is excellent and is greatly appreciated.
Take care,
Jim
it's good you got it working.
https://testconnectivity.microsoft.com
this should be able to help find where the failure is happening.