Exchange Server Forums

OWA fails - can't find URL for the internal FQDN of server

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> OWA fails - can't find URL for the internal FQDN of server

Page: [1]

Message

<< Older Topic Newer Topic >>

OWA fails - can't find URL for the internal FQDN of server - 22.Jul.2011 4:41:34 PM

Manning

Posts: 77
Joined: 26.Jun.2006
Status: offline

OK, admittedly I'm pretty confused and over my head. The migration from 2000 to 2003 was way easier.

Anyway, testing OWA. Internally I can get to https://server02.internal.com/OWA no problem.

From outside the network I get nothing if I try to go to https://mail.external.com/OWA/user/ except a page that says the site is unavailable. No prompt for credentials, nothing. I tried it with a test user who has already been migrated over to the new server, and same result. So out of curiousity I tried http://mail.external.com/exchange/user/ and instead of getting nothing, the URL momentarily switches to the FQDN for my internal server server02.internal.com and then is redirected by my ISP to a page stating the website could not be found. I figured I would just get a failure, but the internal FQDN of my server being exposed outside the network? What am I missing? I'm guessing DNS error because I can almost get to the site using the external IP instead of the URL, but I get a certificate error, and then connection is then refused (403 error?)

< Message edited by Manning -- 22.Jul.2011 5:06:16 PM >

Post #: 1

Featured Links*

RE: OWA fails - can't find URL for the internal FQDN of... - 25.Jul.2011 9:52:48 AM

leederbyshire

Posts: 1346
Joined: 4.Jan.2006
Status: offline

You probably know that you don't need to put /user on the end of the URL (since you've already got it working internally with just /owa on the end), but if there is a particular reason that you want /user on the end (e.g. if you want to open another mailbox), then you should be aware that in E2007 you need to use /user@domain.com instead of just /user .

_____________________________

Lee.
___________________________________

Outlook Web Access for PDA and WAP:
www.leederbyshire.com
___________________________________

(in reply to Manning)

Post #: 2

RE: OWA fails - can't find URL for the internal FQDN of... - 25.Jul.2011 10:13:10 AM

Manning

Posts: 77
Joined: 26.Jun.2006
Status: offline

Yes, I do realize that. I was just trying different versions of the URL, including the old /exchange/user to see if that would fail too. Instead, it momentarily switched from the public URL to the internal URL (server's internal FQDN) and then was redirected to my ISP.

Again, I kind of figured the external OWA URL wasn't going to work because of a seperate DNS issue, but I didn't expect the weird result when I tried /exchange/user

_____________________________

Michael

(in reply to leederbyshire)

Post #: 3

RE: OWA fails - can't find URL for the internal FQDN of... - 25.Jul.2011 12:43:12 PM

Ytsejamer1

Posts: 130
Joined: 3.Jun.2010
Status: offline

Damn CAS...it is way different than 2000/3.

First...check your public CAS Server options in the ESM 2007. You have your internal and external URL. On authentication, it should be set to forms-based authentication. Login should be domain\username. You have only one cas? Can you give a quick rundown of your client connection path (inet -> public cas -> cas/mb)

Also...your IIS7 settings should be looked at...you simplifying OWA URL so ALL your users hit a single URL and then get brought to their appropriate mailbox server? List out your CAS Default Website and vdir SSL and Authentication settings.
Default Website -> Anonymous Auth Enabled, SSL or not
/Autodiscover ->
/Exchange -> Basic Enabled, SSL or not
/owa -> etc

(in reply to Manning)

Post #: 4

RE: OWA fails - can't find URL for the internal FQDN of... - 25.Jul.2011 3:39:03 PM

Manning

Posts: 77
Joined: 26.Jun.2006
Status: offline

quote:

ORIGINAL: Ytsejamer1

Damn CAS...it is way different than 2000/3.

First...check your public CAS Server options in the ESM 2007. You have your internal and external URL. On authentication, it should be set to forms-based authentication. Login should be domain\username. You have only one cas? Can you give a quick rundown of your client connection path (inet -> public cas -> cas/mb)

Yes, internal and external, for example:

https://server02.internal.com/owa

https://mail.external.com/owa

Form based, domain logon

Single CAS, though the 03 server is still coexisting.

I'm not sure I understand your last Q, but I think Web > ISA Server 2006 > Exchange 2007 SP3 on WS2008R2 single server

The user I was testing OWA with has been moved to the Exch 07 server already. Autodiscover through Outlook 2010 seemed to work fine, though I get prompted for credentials whenever I launch Outlook.

quote:

ORIGINAL: Ytsejamer1

Also...your IIS7 settings should be looked at...you simplifying OWA URL so ALL your users hit a single URL and then get brought to their appropriate mailbox server? List out your CAS Default Website and vdir SSL and Authentication settings.
Default Website -> Anonymous Auth Enabled, SSL or not
/Autodiscover ->
/Exchange -> Basic Enabled, SSL or not
/owa -> etc

Yes, URL is simplified on IIS7 so all point to https://mail.external.com/owa

AutoDiscover - SSL, Basic and Windows Integrated
EWS - SSL, Windows Integrated
Exchange - SSL, Basic and Windows Integrated
MS ActiveSync - SSL, Basic
OAB - no SSL, Windows Integrated
OWA - SSL, Basic
Public - SSL, Basic and Windows Integrated
RPC - SSL, Basic and Windows Integrated

< Message edited by Manning -- 25.Jul.2011 4:36:12 PM >

(in reply to Ytsejamer1)

Post #: 5

RE: OWA fails - can't find URL for the internal FQDN of... - 27.Jul.2011 11:28:50 PM

Ytsejamer1

Posts: 130
Joined: 3.Jun.2010
Status: offline

Sorry for the delay...been a busy mess the last couple days.

Okay...so here's mine on my public CAS. My public cas is in one site, another non-public cas in a second site with my mailbox servers, etc :

URL is simplified on IIS7 Default Web Site so all point to https://mail.domain.com.com/owa. Anonymous authentication enabled only. I have split DNS so the FQDNs are identical. I just recently changed from /exchange to /owa on my redirect as my migrations are complete.

AutoDiscover - SSL, Basic and Windows Integrated, no-redirect inherited
EWS - SSL, Basic and Windows Integrated, no-redirect inherited
Exchange - SSL, Basic, no-redirect inherited
ExchWeb - SSL, Basic, no-redirect inherited
MS ActiveSync - SSL, Basic, no-redirect inherited
OAB - no SSL, Windows Integrated, no-redirect inherited
OWA - SSL, Basic, no-redirect inherited
Public - SSL, Basic, no-redirect inherited
RPC - SSL, Windows Integrated, no-redirect inherited
RPC w Cert - SSL, no Authentication, no-redirect inherited
UnifiedMessaging - SSL, Windows Integrated, no-redirect inherited

From a command prompt in the %WINDIR%\System32\Inetsrv directory, you must remove the redirection from the /Exchange, /ExchWeb and /Public with these commands: appcmd set config "default web site/Exchange" /section:httpredirect /enabled:false -commit:apphost
appcmd set config "default web site/Exchweb" /section:httpredirect /enabled:false -commit:apphost
appcmd set config "default web site/Public" /section:httpredirect /enabled:false -commit:apphost

Here's another link I thought is a good reference!
http://blogs.technet.com/b/exchange/archive/2008/02/01/3404755.aspx

In the ESM, for my public cas, under Server Configuration > Client Access > Public Cas :
Outlook Web Access tab -
exchange : Use forms based authentication (domain\username)
exchweb : same as above
owa: same as above. The first tab in the properties will be where you set your internal and external urls.
public : Use forms based authentication (domain\username)

Now...for your set up...you've got exchange 2003 users. you're going to need to direct the default website to /exchange instead of /owa. Otherwise, they will be unable to login through the site.

Hope this is somewhat helpful.

(in reply to Manning)

Post #: 6

RE: OWA fails - can't find URL for the internal FQDN of... - 28.Jul.2011 10:50:14 AM

Manning

Posts: 77
Joined: 26.Jun.2006
Status: offline

Awesome post! Thank you. I'll comb through that and see what I need to do here still.

_____________________________

Michael

(in reply to Ytsejamer1)

Post #: 7

RE: OWA fails - can't find URL for the internal FQDN of... - 2.Aug.2011 10:03:23 AM

Manning

Posts: 77
Joined: 26.Jun.2006
Status: offline

OK, DNS update finished up on Saturday, OWA seems to work just fine except I get the form page twice when I log in. Both are Exchange form pages, not ISA and then Exchange. I think I have a lead on that though. EDIT Fixed that. Had authentication methods messed up.

ActiveSync on the other hand is killing me. Fortunately I only have a handful of users with mail enabled devices, but they are pretty annoying so I want to get this sorted. My phone is older, WM6.1 and it won't allow me sync because it thinks my GoDaddy cert is invalid. On the newer WM phones, and iPhones, they are informed the cert is questionable, but are allowed to proceed, then are endlessly prompted for their password and can not sync.

The cert issue has me confused. When I run SSL checker against my url, I get a chaining error and the suggestion that I need to install an intermediate certificate. However, when I look at the certificate, the intermediate cert is there. What gives?

EDIT Found something called SSLChainsaver that allowed me to save all the certs and then import them onto my ancient phone. Worked! Now to see if it works for newer phones. And need to get the whole intermediate certificate error resolved overall so I don't have to use something kludgy like this

< Message edited by Manning -- 2.Aug.2011 1:03:07 PM >

(in reply to Manning)

Post #: 8

RE: OWA fails - can't find URL for the internal FQDN of... - 3.Aug.2011 9:39:48 AM

Ytsejamer1

Posts: 130
Joined: 3.Jun.2010
Status: offline

So what's the issue with ActiveSync? Simply the SSL thing? I never had a problem on my old Windows Mobile 6 phone. I never had to import anything manually.

As for the cert...GoDaddy provides an intermediate cert that you should install on the server via Certficates (Local Computer) MMC. I assume you did that?

(in reply to Manning)

Post #: 9

RE: OWA fails - can't find URL for the internal FQDN of... - 4.Aug.2011 3:07:58 PM

Manning

Posts: 77
Joined: 26.Jun.2006
Status: offline

quote:

ORIGINAL: Ytsejamer1

So what's the issue with ActiveSync? Simply the SSL thing? I never had a problem on my old Windows Mobile 6 phone. I never had to import anything manually.

As for the cert...GoDaddy provides an intermediate cert that you should install on the server via Certficates (Local Computer) MMC. I assume you did that?

Yeah, SSL.

I did install the intermediate. It is pretty frustrating. I followed the instructions from GoDaddy to make sure the intermediate installed properly and installed and activated the cert for iis, smtp, etc. and when you look at the cert it shows the entire chain. But when you run something like sslchecker against the URL it resolves the URL to the correct IP, verifies it is keyed correctly but then states that the certificate is not trusted on all browsers and that I need to install an intermediate or chain certificate. When I researched the error code on the device I found a technet article that suggested this isn't uncommon with GoDaddy and verisign certs. Really???

Anyway, so I just manually install the root, leaf and intermediate certs on the devices and all is good.

And I would expect to see certificate errors with OWA if the intermediate was missing, no? OWA works perfectly now, no certificate errors or anything of the sort.

Obviously I would like to get the certificates straightened out on the servers, but I have other issues that I need to ask questions about/sort out first.

(in reply to Ytsejamer1)

Post #: 10