Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange 2007 OWA Setup Help

Status
Not open for further replies.
GeorgeTuk

GeorgeTuk

IS-IT--Management
Jan 11, 2009
110
GB
Hi guys,

I can't seem to get OWA setup for our 2007 Exchange Sever.
I have got the SSL certificate and installed it. I have turned on the Exchange Anywhere option in 2007. I have setup the firewall for port 443 in and out.

Now I guess it is down to publishing as just having the certificate is not enough. Our domain and website is and the new certificate is mail.company.co.uk so how do I get the OWA to publish or clients to know that it is at that URL?

Thanks again for any help in advance.

Yours flumoxed,

George
 
Sort by date Sort by votes
You're talking about 2 different things here. OWA and OA are two different things.

For OWA, you install the cert, allow the ports through, and create a DNS record for the name (if it doesn't already exist). So, mail.company.co.uk would point to the public IP of your firewall, which forwards port 443 to the internal IP of your Exchange server (of more securely, the ISA box).

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Ok well basically, Fasthosts aren't allowing me to us mail.company.co.uk because it is part of their setup which is frustrating!

Is there anyway I can change the Thawte certificate domain name or am I stuck now?

And sorry I was think OWA and OA were kind of the same thing but it seems RPC over HTTP is now Outlook Anywhere. Thanks for pointing that out, you learn something new everyday.
 
Upvote 0 Downvote
Are you sure you can't log into your fasthosts control panel and change the DNS A-record for 'mail.company.co.uk' to point to your IP address? If you own the domain name and you are hosting your own mail, they don't need that record for anything.

On the other hand, just call Thawte and tell them that you need to revoke the existing cert and reissue it under a different name, like 'remote.dom.co.uk' or something, and change your MX records accordingly. You'll have to generate a new cert request with the new name, but they should be very accomodating. If they aren't, start using a better cert provider that actually is willing to work with you, like Digicert.

Dave Shackelford
ThirdTier.net
 
Upvote 0 Downvote
Some hosting providers won't let you change mail. as it affects how mail is handled within their system.

Anyways, check with Thawte and see if you can revoke and reissue the certificate without occurring expenses.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
HI there

Can you see your OWA internally? To get yourself going it would be worth installing a self signed certificate and test owa from a pc on your network. You can overcome the DNS by adding a host file entry on the pc to make sure all is working ok in the first place.
Once you have that working you can start looking at the bigger picture.

Having used Thawte in the past, I think it would be unlikely that they will revoke and reissue a new certificate, I may be wrong though. The best certificate to have is a SAN certificate for Exchange 2007 as you can have multiple URLs on the certificate such as autodiscovery. Company.co.uk, owa.company.co.uk etc.


With the Exchange I look after here I have used a single URL of owa.company.com for owa and outlook anywhere and a separate URL for autodiscovery, it works fine, you just need the DNS to point to your IP and the correct ports open on your firewall.

 
Upvote 0 Downvote
I did get Thawte to change it but you need to go to to do it.

Soooo....

OK yes, I can see it both internally and externally at but the Outlook clients won't connect over https but the actual website for OWA works fine.

Any ideas how to get the outlook clients going?
 
Upvote 0 Downvote
First of all make sure your firewall allows https and the correct RPC connections. In Windows firewall settings allow the exception MSExchangeIISService (I think off the top of my head that will do it). Check with telnet ip 443 if you can make a connection to the exchange server.

Make sure OA is enabled. In the EMC under server config and client access click enable outlook anywhere. Under that option select properties and go to the OA tab. Enter an external host name, and select NTLM authentication.

In Outlook go to accounts, more settings, connecions. Tick the outlook anywhere box select exchange proxy, enter the external URL, tick use ssl only, (depending on your cert and URL tick or leave the principle name bit, and last but not least set the auth to NTLM.

Fingers crossed that should so it.

 
Upvote 0 Downvote
OK still no joy so far...

Shackdaddy below is the point of failure:

Testing Http Authentication Methods for URL Http Authentication Test failed
Additional Details
A Web Exception occured because an HTTP 404 - NotFound response was received from IIS6

Am I correct in thinking I need to let RPC through the firewall?
 
Upvote 0 Downvote
The only thing you need is TCP 443 for this to work. No other firewall device configuration.

I have never had to create a unique Windows firewall exception on the server either.

OWA works from the outside, right?

In Server\ClientAccess config area, did you Enable Outlook Anywhere?

Is your cert a multi-name cert? How did you create the cert request? Did you do it with PowerShell? When you do a get-exchangecertificate command, do you see the new cert? Is the cert enabled for IIS and SMTP?

Dave Shackelford
ThirdTier.net
 
Upvote 0 Downvote


"Is your cert a multi-name cert? How did you create the cert request? Did you do it with PowerShell? When you do a get-exchangecertificate command, do you see the new cert? Is the cert enabled for IIS and SMTP?"

I see it but the only services is for _ _ _ W _
How do I get it enabled for IIS and SMTP?

Thanks guys...I reckon we must be close now.
 
Upvote 0 Downvote
Hi guys,

It's working. I had to enable the RPC service in Networking Services of Windows Components.

Thanks very much for all your help as always!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Satishkumar007
  • Locked
  • Question
Help needed to recover after complete site failure
Replies
0
Views
1K
Satishkumar007
Satishkumar007

Part and Inventory Search

Sponsor

Back
Top