OWA and Exchange 2003 - page not found

[hmcgillem]

Yesterday morning, I woke up to discover our office internet access was down. I contacted our ISP and they resolved the problem within an hour. However, after they resolved the issue, OWA was not accessible externally. We can access it internally with a private IP address, but it is not accessible by

http://publicIP/exchange

like it was before. I have had several people test this for me with different ISPs. Our ISP initially said it's something wrong with our firewall, but now is stating it is something wrong with our Exchange server. I think it's a little odd that OWA stopped working AFTER the internet outage. I checked our firewall and Exchange server and it appears nothing has changed. I have now discovered that you can access OWA by using https instead of http. However, I don't have SSL enabled for OWA. My ultimate issue is that our treos are not working because we can't access by HTTP. Any suggestions or ideas on what could be causing the problem?

 

[WhoKilledKenny]

Well, http is port 80 and https is port 443. So I would suspect that your firewall is not allowing port 80. I would also suggest that you do configure and use SSL externally. Anyone on the internet with a packet sniffer can pull your usernames and passwords.
You don't have to have SSL enabled to access the web server via port 443. Enabling SSL encrypts what is being sent. In fact you can host web pages on any port. But, if you don't use the well known ports (80 and 443), the user would have to enter the port number. Example -

http://www.mysite.com:67

- In this example you are hosting a site on port 67.

Hope that makes sense...

 

[WhoKilledKenny]

From your heading - getting page cannot be found. I don't think port 80 is the issue....
Are you using Forms Based Authentication?
Is your default page a redirector or are you using a redirector from Http to Https?

 

[hmcgillem]

When accessing OWA externally, users will get Page cannot be found by using HTTP. However, if they user HTTPS, they are prompted for a username and password. Before the internet outage, we could access by just typing in ipaddress/exchange which was using HTTP.

We are not using Forms Based Authentication. I'm not sure I understand what you're asking about the redirector. I haven't changed anything from the default OWA configuration.

BTW, I plan to implement SSL - I just haven't gotten there yet!

 

[hmcgillem]

I think I may have figured it out. I had to add the following to my Cisco PIX:

access-list outsidein permit tcp any host outsideip eq 80

What I don't understand is why OWA was working fine prior to the internet outage and WITHOUT the above command on my PIX. Anyone have any ideas? I still say it's something with our ISP.

 

[WhoKilledKenny]

Just a question... did you restart web-services after outage when troubleshooting the issue?
And to mention again, I would seriously look into protecting your usernames and passwords using SSL. Again, that is your call but I think most would agree with configuring SSL for external access...

 

[hmcgillem]

If rebooting the server restarts the web services, then, yes, I restarted web services.

If you have any information on implementing SSL, I'd love to see it. I'll most likely be using an internal certificate server which means I have to install that service.

 

[bingerthedog]

Buy a GoDaddy cert. They are like $20 a year and it will save your users from having to accept the cert every time they check their mail. I believe GoDaddy will also give you tips on installing the cert but I may be wrong.

 

[hmcgillem]

Excellent, Dog!! I think that will work for us!!

 

[WhoKilledKenny]

If rebooting the server restarts the web services, then, yes, I restarted web services

LOL!!!!!

OWA and SSL

http://www.petri.co.il/configure_ssl_on_owa.htm

 

[hmcgillem]

Glad I could entertain you a bit, Kenny!

Thanks for the link. I actually found that one earlier. That site has some good stuff on it.