Outlook web access
I have my exchange 2007 server up and running and everything works fine,I can send and recieve mail and connect fine using outlook. I can also connect to outlook web access from within my network but I am having trouble configuring OWA so that I can connect to it from the outside. Right now I have an outside IP address set up and it resolves to owa.mydomain.com, how do I get my outside url to allow clients to connect from the outside. Also for now I am not using ssl just basic authentification.
Thanks in advance,
Chris
July 1st, 2008 1:37am
Hi Chris,
You will need to have your OWA server have an External Presence, in other words somehow it needs to exist outside of your firewall. This is going to be done by either allowing http(s) through the firewall and using some sort of NAT or port forwarding depending on your environment to ensure that the traffic makes it through and sent to the right system. In addition to this if you have a DMZ then your OWA would sit in there, you will also need to allow the exchange and authentication traffic back into your exchange site.
Here is a blog post from the exchange team blog that details pretty much everything you need to know:
http://msexchangeteam.com/archive/2007/02/07/434523.aspx
-matt
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2008 4:10am
As of right now when I type in the external url of Outlook web access (http://exchange.mydomain.com) i recieve a message of 403 forbidden access is denied-you do not have access to view this directory or page using the credentials that you supplied. I am not using ssl for now I just want to connect unsecure. So I think it is seeing the exchange server just not letting me have access.
July 1st, 2008 8:59pm
Did you check under your IP access list under IIS for your OWA virtual root? Also make sure you use someone other than the administrator to test your OWA mailbox as the user access might be disabled in exchange for OWA. You are also doing http://exchange.mydomain.com/OWA right? Going to the root will generally give you an error if you don't have a default web page set up. Make sure you allow the users access to OWA from exchange system manager. Under Recipient Config, double click on the user, go to mailbox features, enable outlook web access for the user.
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2008 9:27pm
Hi Chris,
If you are hitting an Error 403 that means you are hitting your server (or at least a web server). Try this url: http://exchange.mydomain.com/owa or http://exchange.mydomain.com/exchange these are the default URLs for OWA.
If that resolves your problem then you can use this article to simplify the URL:
http://technet.microsoft.com/en-us/library/aa998359(EXCHG.80).aspx
-matt
July 1st, 2008 10:01pm
That was it, I just added the owa at the end, thanks alot!!
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2008 10:28pm
Glad to help you Chris. Please mark the selected answer as helpful so others can find this answer faster in the future.
July 2nd, 2008 12:33am
Well I am able to get the clients to access their mailboxes but for some reason if they are not added into the domain admins group on their active directory profile it will not let them log in to owa. A user with just domain user rights can not log in. Any suggestions?
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2008 12:50am
Hi Chris,It sounds like you have installed OWA on your Domain Controller? Is this true?-matt
July 2nd, 2008 2:03am
No it is on a seperate dedicated exchange server.
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2008 2:31am
Hi,
Before troubleshooting on the current issue, I need to confirm a few things with you:
1. How many servers are there in the organization? Are they all Exchange 2007 servers? Are the users migrated from any previous version Exchange? How you create/move their mailboxes?
2. Where is the administrators mailbox located? On the Exchange 2007 server? Do you create this mailbox directly after creating this administrator account?
3. If we create a new account, and enable mailbox for this new user using Exchange 2007 Management Console, please test using this new users account to access mailbox in OWA. Will it be successful?
I suspect that the problem is caused by the incorrect value for attribute MsExchVersion. For accounts created using Exchange 2007 Management Console or moved using Management Console, the value for MsExchVersion is 4535486012416 (you can verify this attribute for your testing user account in ADSIEDIT.MSC->Domain Partition->Organization->Users->Right click the testing user and check the MsExchVersion attribute). For other accounts, the value will be Not Set or other value. Exchange will regard this as a legacy mailbox. In Exchange Management Console, you will be able to find this in Recipient Configuration > Mailbox. Recipient Type Detail will show Legacy Mailbox for the users who cannot access OWA, and show User Mailbox for admisnistrator.
In order to resolve this issue, please open Exchange 2007 Management Console. Go to Recipient Configuration > Mailbox. Right click on the users mailboxes to choose Move Mailbox. Move it to another mailbox store or another server, if you have. If you dont, I suggest you create a new mailbox store to move the mailboxes. After the mailboxes are moved, you will see the mailboxes are displayed as User Mailbox.
Please try once again with the OWA access.
More information about Outlook Web Access and Exchange 2007, 2003 and 2000 coexistence.
http://msexchangeteam.com/archive/2007/02/07/434523.aspx
-Jason
July 2nd, 2008 8:25am
There are 5 servers-1 domain cont 1 bdc and the others are just file and application servers I only have 1 exchange server running 2007 and I did not migrate from 2003 this is a new exchange server install
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2008 10:30pm
Thank you for your reply.
After doing more research, I suspect this issue may occur if Exchange server permission not prepared properly during the setup. Please do the following:
1. Open AD Users and Computers and click Advanced Features on the View menu.
2. Right-click on the Users container and click Properties.
3. Go to the Security tab and click the Advanced button.
4. On the Permissions tab, scroll down until you find the instances of the Exchange Servers group. Are they there? If they are there, what appears under the Inherited From column and the Apply To column?
If my suspicions are correct, the Exchange Servers group will either a) not appear, or b) will appear but not be inherited. If this is the case, you will need to setup.com /preparedomain to stamp those objects. If this ends up being true, any idea why they're missing? Could you recall some changes made to it?
Meanwhile, in order to troubleshoot further, Could you please run ExBPA on your Exchange 2007 server and provide me with the output in XML format.
1. On your Exchange server, navigate to \Program Files\Microsoft\Exchange\Bin.
2. Double-click exbpa.exe.
3. Select check for updates and which ever option you want to select regarding the Customer Experience program.
4. Click Check for Updates.
5. In the left hand pane, click Connect to Active Directory, enter the DC with the FSMO role, and then click Connect to the Active Directory server.
6. In the Start a New Best Practices Scan, enter information in all the required fields, make sure all server objects are selected and perform the following:
a. Heatlh check scan
b. Exchange 2007 readiness scan
7. Send the resulting output in XML format to me at v-jassol@microsoft.com.
Please let me know if you have any questions.
-Jason
July 3rd, 2008 5:38am
You may use Test-OwaConnectivity cmdlest to test OWA function on EMS.
http://technet.microsoft.com/en-us/library/aa997682(EXCHG.80).aspx
Free Windows Admin Tool Kit Click here and download it now
July 3rd, 2008 11:50am