OWA External Issue
HI All,Setup:Exchange 2007 SP1 on Server 2008. I am having an issue of getting to OWA from external. A new website with OWA virtual directory has been created called webmail, as per the instructions from Exchange. Internally, I can access https://webmail.domain.com/owa with no issues. Externally, IE just times out. I have setup netmon on the webmail interface, and I see an attempt from the external client to get the connection, but never a reply from the server. I am going through a Cisco 831 and have setup NAT and access list rules that appear to be working. What I am really looking for is some type of logging that might point me in the right direction. I am still wrapping my head around Exchange 2007 versus 2003! :) I have not yet purchased a proper SSL cert and will do so, just want to get this working first, even with the warning that IE gives regarding the cert.ThanksJeff
August 20th, 2009 9:33pm
Nothing in the IIS logs? Have you set the externalURL for the OWA directory?
Free Windows Admin Tool Kit Click here and download it now
August 21st, 2009 3:01am
Hi,Did you create the A record in the DNS? Whether any response come back when ping webmail.domain.com?ThanksAllen
August 25th, 2009 12:47pm
ExternalURL has been set. I do not see anything in the IIS logs. As far as A records go, I requested one but the ISP created a CNAME that points to mail.domain.com, which is pointing to the external interface of the router. I wanted two A records pointing to the same IP, the router will handle where stuff goes. So at the back of my mind I am wondering if that is causing an issue so I have added an entry to my hosts file on my computer to point to the right location. So internally, I can use the external domain name, webmail.domain.com, point it to the internal interface for webmail via a hosts file, and everything works. Externally, change the value in the hosts file to the external IP address, purge DNS cache, does not work. The exchange server has two interfaces, both on the same subnet. Interface 1 is set for smtp and all the regular exchange stuff and has the default gateway set. Interface two is setup for webmail only, does not have a default gateway set (should not be required as routing table already has that info via interface 1) and is set to not update DNS automatically.Like I mentioned earlier, from an external attempt, I believe I am seeing the request come in via netmon. I am monitoring only the webmail interface and I see my external IP make a request, but I do not see, due to HTTPS, what the request is for.
Free Windows Admin Tool Kit Click here and download it now
August 25th, 2009 10:36pm
So I was testing some pings from the exchange server and anything that I try to send out externally from the webmail interface comes back as "ping tramsmit failed error code 1231". I amusing the -S option for ping to specify which source address to use. Looking that error code up there a some different responses out there in lala land. Remove IPv6 from the interface, router issues and so on. Shouldn't I be able to ping out the webmail interface externally?ThanksJeff
August 25th, 2009 11:53pm
hi,You need to create an A-record entry under Forward Lookup Zones for "mail" that points to the appropriate IP address. This way the address works both internally and externally. And OWA server you have to configure a lan card in such a way that internal ip as well as external ip and gateway will beyour router ip..Regards,Ajaj
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2009 1:16pm
So, discovery for me. As I mentioned earlier, this server has two nics and I had the second nic setup for webmail use only. I only had a default gateway set on the first nic and not the second nic, as per my experience going back to NT3.51, and moving forward. Both nics are on the same subnet. I could not find anything to work, and after moving the webmail site back to the first nic, with the default gateway set, everything worked as expected. So, on the second nic I set the default gateway entry, the exact same default gateway that is set on the first nic, and lo and behold, things worked as expected. So, in Windows server 2008, set the default gateway on all nics, even if they are on the same subnet. Anyone have something to add to that?Jeff
September 17th, 2009 11:09pm