OWA won't load internally - DNS resolves as expected

Exchange 2013 Server OWA doesn't work using the FQDN of mail.server.com unless done from the exchange server itself.

What exactly is the error/message you get?

The problem is in the DNS. the FQDN should be resolved to the internal IP when used internally. You have to use split brain DNS to resolve your issue.

 see the following article:
Use DNS Policy for Split-Brain DNS Deployment

What exactly is the error/message you get?

In IE I get the below:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

In Chrome I get the below:


This site can’t be reached
mail.server.com unexpectedly closed the connection.
Try:

Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_CLOSED

The problem is in the DNS. the FQDN should be resolved to the internal IP when used internally. You have to use split brain DNS to resolve your issue.

The FQDN does resolve to the internal IP. I stated that DNS resolution is correct in my main post but any other advice would be appreciated.

Your issue is a common issue and the solution is split-brain DNS even though it appears to resolve correctly.

Your issue is a common issue and the solution is split-brain DNS even though it appears to resolve correctly.

Could you possibly explain this to me? I took a look at your link but struggled to find where to begin. I'd like to understand the problem properly first.

I'd assume because mail.server.com resolves to the internal exchange address that it should work correctly, being that bindings and certificates are correct?

Point is, it depends also on your network conf.  The url you are using resolves to the public IP of your exchange, which may not be reachable from within your network. In this case, you need to resolve the internal IP of your exchange using the same url thus you would need a split dns. If the issue is internal vs external dns resolution, have a look and this to double check your settings http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2016/

In all other cases, more info is needed such as network topology.

Just to clarify, it looks as though it's already configured as it should be (I could be wrong)? Please see attached image of DNS.

Are your internal clients on the same network of the exchange server which I assume is 192.168.4.52 ?
Have a look at:
- local firewall: does it allow connections from 192.168.x range?
- the article i posted above: are you Exchange configuration URLs set up correctly?

Are your internal clients on the same network of the exchange server which I assume is 192.168.4.52 ?
Have a look at:
- local firewall: does it allow connections from 192.168.x range?
- the article i posted above: are you Exchange configuration URLs set up correctly?

Something so basic that I forgot to check... We have different subnets and it seems to be an issue with communication between the VLANS that the subnets are configured to.

For example -

Majority of PCs are on 192.168.40.x (including DNS servers)

Exchange server is on 192.168.4.x

I can access OWA when on another machine within the 192.168.4.x network but not the 192.168.40.x

Gives me something to check out and definitely pointed me in the right direction! Thanks Michel.