Link to home
Get AccessLog in
Avatar of dances1960
dances1960

asked on

webmail not working externaly

Exchange 2013 on server 2012

webmail has been working fine for years until this week, now internal webmail works without problem but external webmail is giving a incorrect cert, and the cert that is incorrect is from a Vigor router/ draytek
we do use a draytek router in the office just as a Wi-Fi point,
How can exchange suddenly start to use a cert from the router and how do I fix it please, The correct cert is still in place and is in date and hasn't been changed in anyway
Avatar of FOX
FOX
Flag of United States of America image

have you checked the settings on the firewall ?
It may not see the router as a legit connection. For example, I have seen errors on both my OWA and Outlook Anywhere when my ISP is having a problem. I have also seen it at hotels where you register on their network for Internet access and it’s only valid for 24 hours. The error comes up until you reauthenticate. The following is provided by MS to test connections. You could try it an maybe get more answers.

https://testconnectivity.microsoft.com
If it is working from inside it is an issue with firewall.
Please revert the changes you did if any.

Thanks
MAS
Start at the beginning. Either publish the URL your connecting too so it can be checked, or check the URL yourself.

Use SSL Labs Tester to check Cert correctness, if same cert is used for a Website.

Then attempt connecting to your mail server using the openssl client.

This will tell you if external SSL cert + config are correct.

You internal Webmail likely works, because your setup bypasses SSL for local connections... so if your SSL cert has expired or somehow your SSL config has become munged, this is the likely explanation.

Tip: Keep in mind some clients (browsers + mail) have recently banned the use of TLSv1.0 + TLSv1.1 only allowing support of TLSv1.2 + TLSv1.3 protocol versions.

If your client requires TLSv1.2 + TLSv1.3 + your mail server is advertising TLSv1.0 + TLSv1.1 then this may be the problem.

This is very common, as these new requirements have only started going into force July 2018, so very recent requirement change.

If all this makes your head spin, might be useful to hire someone to help you fix this.
Avatar of dances1960
dances1960

ASKER

Hi thank you all for your help, it ended when I found out that the ISP had gave someone else our static IP address in error. All is now working as normal.
Wish I had checked that first, embarrassing.
Might be time to work with a new ISP.
ASKER CERTIFIED SOLUTION
Avatar of dances1960
dances1960

Link to home
membership
This content is only available to members.
To access this content, you must be a member of Experts Exchange.
Get Access