Accessing Exchange using OWA from DMZ (PIX firewall)

Accessing Exchange using OWA from DMZ (PIX firewall)

Post by hl ta » Thu, 01 May 2003 11:55:15



Need help with OWA. I've applied the steps in
http://support.microsoft.com/default.aspx?scid=kb;en-
us;259240

Below is what I get in IE6

Technical Information (for support personnel)
Error Type:
Active Server Pages, ASP 0113 (0x80004005)
The maximum amount of time for a script to execute was
exceeded. You can change this limit by specifying a new
value for the property Server.ScriptTimeout or by
changing the value in the IIS administration tools.
/exchange/USA/LogonFrm.asp

Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Page:
GET /exchange/USA/LogonFrm.asp?
isnewwindow=0&mailbox=hl+tay

 
 
 

Accessing Exchange using OWA from DMZ (PIX firewall)

Post by Marvin Greenle » Thu, 08 May 2003 14:17:21


Have you verified the following:
1. IS / DS ports set in registry on Exchange Server
(make sure you use the proper slant TCP/IP, not TCP\IP -
also requires reboot to take effect)

2. Firewall set for access to IS / DS ports, as well as
access to DCs for authentication (if needed)

3. Were IIS Lockdown / Urlscan possibly misconfigured for
OWA - Reference KB #309508
http://support.microsoft.com/default.aspx?scid=kb;en-
us;309508#9
4. Does it work from the OWA server (Open browser on
server console)

Quote:>-----Original Message-----
>Need help with OWA. I've applied the steps in
>http://support.microsoft.com/default.aspx?scid=kb;en-
>us;259240

>Below is what I get in IE6

>Technical Information (for support personnel)
>Error Type:
>Active Server Pages, ASP 0113 (0x80004005)
>The maximum amount of time for a script to execute was
>exceeded. You can change this limit by specifying a new
>value for the property Server.ScriptTimeout or by
>changing the value in the IIS administration tools.
>/exchange/USA/LogonFrm.asp

>Browser Type:
>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

>Page:
>GET /exchange/USA/LogonFrm.asp?
>isnewwindow=0&mailbox=hl+tay
>.


 
 
 

1. OWA in a DMZ behind a PIX fw???

OWA on IIS 4, NT4.0 Sp4, no Exchange.  OWA box is in a DMZ in front of a PIX
firewall.  Logging on locally to the box as a workstation, it is NOT on the
SAM domain.  All of the ports indicated in Technet and OWA deployment
whitepaper are open.  We have set the default logon domain to the SAM
domainin IIS.  However, users cannot logon to their mailboxes . . . we get
script timeout (~2 minutes) or an IE http 500 error.

IF we move the box back behind the firewall (same collision domain as the
SAM) it works just fine.  However, netstat shows open TCP sessions to one or
more DC's on TCP ports that aren't indicated by any of the literature.

Has anybody done this successfully?  OWA in a DMZ?  Do we need a domain for
the DMZ?  A trust?  More ports open?

Thanks for any help,
Corbin

2. oohhh my head.... did not reach the following recipient(s):

3. Outlook Web Access and PIX Firewall

4. Exchange Troubles

5. OWA Pix firewall interop

6. POP3 CONNECTOR PROBLEM PLEASE HELP!!!!!!!!!!!!!!!!!

7. OWA Attachement trough Pix Firewall

8. Automated Response Possible

9. OWA and PIX firewall problem

10. How to put Exchange 5.5, OWA, Firewall, DMZ to Internet

11. Emergency: Exchange Front End Servers and PIX DMZ

12. MS Exchange 5.5 and Cisco PIX in a DMZ