help! OWA not working outside after setting up SSL!

help! OWA not working outside after setting up SSL!

Post by Gary Massengal » Thu, 03 Jul 2003 03:28:57



Okay, here is the deal.  I have Windows 2000 server, sp3, running exchange
2000 sp3.  It is my only Windows 2000 server and I have OWA running on it.
The domain is mixed.   I purchased a certificate from a 3rd party company so
I can do SSL with OWA, installed it, and checked it here at the office, and
it works fine.  The user has to type https instead of http to get to his
email when using OWA.

BUT, when you are outside the company, accessing via the internet, it does
not work.

I verified it here using a dialup account.  If you try it with http:, you
get the message that you need 128 bit encryption, if you try it with https,
you get the "the page cannot be displayed " error.

I go to tools - advanced- security and ssl 2.0 and 3.0 is checked, and I
have tried it with and without tls 1.0 checked.

Help, Please, Somebody? Anybody?

 
 
 

help! OWA not working outside after setting up SSL!

Post by Gary McDonnel » Thu, 03 Jul 2003 07:06:03


Do you have the secure http port open through your firewall? Port 443 needs
to be open / mapped to your OWA server.

Gary McDonnell


Okay, here is the deal.  I have Windows 2000 server, sp3, running exchange
2000 sp3.  It is my only Windows 2000 server and I have OWA running on it.
The domain is mixed.   I purchased a certificate from a 3rd party company so
I can do SSL with OWA, installed it, and checked it here at the office, and
it works fine.  The user has to type https instead of http to get to his
email when using OWA.

BUT, when you are outside the company, accessing via the internet, it does
not work.

I verified it here using a dialup account.  If you try it with http:, you
get the message that you need 128 bit encryption, if you try it with https,
you get the "the page cannot be displayed " error.

I go to tools - advanced- security and ssl 2.0 and 3.0 is checked, and I
have tried it with and without tls 1.0 checked.

Help, Please, Somebody? Anybody?

 
 
 

help! OWA not working outside after setting up SSL!

Post by Gary Massengal » Thu, 03 Jul 2003 10:41:01


yup, https on port 443 is allowed in.  What else should I look at?



> Do you have the secure http port open through your firewall? Port 443
needs
> to be open / mapped to your OWA server.

> Gary McDonnell



> Okay, here is the deal.  I have Windows 2000 server, sp3, running exchange
> 2000 sp3.  It is my only Windows 2000 server and I have OWA running on it.
> The domain is mixed.   I purchased a certificate from a 3rd party company
so
> I can do SSL with OWA, installed it, and checked it here at the office,
and
> it works fine.  The user has to type https instead of http to get to his
> email when using OWA.

> BUT, when you are outside the company, accessing via the internet, it does
> not work.

> I verified it here using a dialup account.  If you try it with http:, you
> get the message that you need 128 bit encryption, if you try it with
https,
> you get the "the page cannot be displayed " error.

> I go to tools - advanced- security and ssl 2.0 and 3.0 is checked, and I
> have tried it with and without tls 1.0 checked.

> Help, Please, Somebody? Anybody?

 
 
 

help! OWA not working outside after setting up SSL!

Post by Lanwench [MVP - Exchange » Thu, 03 Jul 2003 23:04:32


Do you have port 443 open in your firewall, forwarded to your Exchange
server's internal IP?

> Okay, here is the deal.  I have Windows 2000 server, sp3, running
> exchange 2000 sp3.  It is my only Windows 2000 server and I have OWA
> running on it. The domain is mixed.   I purchased a certificate from
> a 3rd party company so I can do SSL with OWA, installed it, and
> checked it here at the office, and it works fine.  The user has to
> type https instead of http to get to his email when using OWA.

> BUT, when you are outside the company, accessing via the internet, it
> does not work.

> I verified it here using a dialup account.  If you try it with http:,
> you get the message that you need 128 bit encryption, if you try it
> with https, you get the "the page cannot be displayed " error.

> I go to tools - advanced- security and ssl 2.0 and 3.0 is checked,
> and I have tried it with and without tls 1.0 checked.

> Help, Please, Somebody? Anybody?

 
 
 

help! OWA not working outside after setting up SSL!

Post by Gary Massengal » Fri, 04 Jul 2003 00:05:59


I have it open, but how do I forward it to the exchange server's IP?  I must
have missed that part.

gary

"Lanwench [MVP - Exchange]"

> Do you have port 443 open in your firewall, forwarded to your Exchange
> server's internal IP?


> > Okay, here is the deal.  I have Windows 2000 server, sp3, running
> > exchange 2000 sp3.  It is my only Windows 2000 server and I have OWA
> > running on it. The domain is mixed.   I purchased a certificate from
> > a 3rd party company so I can do SSL with OWA, installed it, and
> > checked it here at the office, and it works fine.  The user has to
> > type https instead of http to get to his email when using OWA.

> > BUT, when you are outside the company, accessing via the internet, it
> > does not work.

> > I verified it here using a dialup account.  If you try it with http:,
> > you get the message that you need 128 bit encryption, if you try it
> > with https, you get the "the page cannot be displayed " error.

> > I go to tools - advanced- security and ssl 2.0 and 3.0 is checked,
> > and I have tried it with and without tls 1.0 checked.

> > Help, Please, Somebody? Anybody?

 
 
 

help! OWA not working outside after setting up SSL!

Post by Gar » Sat, 05 Jul 2003 20:44:04


I dont understand.  What to do you mean by FORWARD it to the exchange
IP?  I should just allow ssl traffics thru the firewall, and then they
type the address using https (https:\\myservername\exchange) and they
can check their email, right?

I have verified that ssl traffic is allowed thru the firewall, but I
dont know what you mean by forwarding.

Color me confused

(I stay that color ever since I started working with exchange)
gary


> I have it open, but how do I forward it to the exchange server's IP?  I must
> have missed that part.

> gary

> "Lanwench [MVP - Exchange]"


> > Do you have port 443 open in your firewall, forwarded to your Exchange
> > server's internal IP?


> > > Okay, here is the deal.  I have Windows 2000 server, sp3, running
> > > exchange 2000 sp3.  It is my only Windows 2000 server and I have OWA
> > > running on it. The domain is mixed.   I purchased a certificate from
> > > a 3rd party company so I can do SSL with OWA, installed it, and
> > > checked it here at the office, and it works fine.  The user has to
> > > type https instead of http to get to his email when using OWA.

> > > BUT, when you are outside the company, accessing via the internet, it
> > > does not work.

> > > I verified it here using a dialup account.  If you try it with http:,
> > > you get the message that you need 128 bit encryption, if you try it
> > > with https, you get the "the page cannot be displayed " error.

> > > I go to tools - advanced- security and ssl 2.0 and 3.0 is checked,
> > > and I have tried it with and without tls 1.0 checked.

> > > Help, Please, Somebody? Anybody?

 
 
 

help! OWA not working outside after setting up SSL!

Post by Kara » Sun, 06 Jul 2003 09:03:00


What he is referring to is if you are using some type of NAT.  Your Exchange
server is probably on a IANA reserved IP address (like 192.168.x.x or
10.x.x.x.).  If that is the case, then on your firewall you have forwarding
rules that will forward the external IP address to the internal one;
however, it's not just the IP address but the port and protocol.  IF you
look at your firewall rules, you probably have TCP port 25 and TCP port 80
currently forwarded to your mail server.  You will also need create a
similar rule for TCP port 443.

HTH,
Karan Mavai


> I dont understand.  What to do you mean by FORWARD it to the exchange
> IP?  I should just allow ssl traffics thru the firewall, and then they
> type the address using https (https:\\myservername\exchange) and they
> can check their email, right?

> I have verified that ssl traffic is allowed thru the firewall, but I
> dont know what you mean by forwarding.

> Color me confused

> (I stay that color ever since I started working with exchange)
> gary




- Show quoted text -

> > I have it open, but how do I forward it to the exchange server's IP?  I
must
> > have missed that part.

> > gary

> > "Lanwench [MVP - Exchange]"

message

> > > Do you have port 443 open in your firewall, forwarded to your Exchange
> > > server's internal IP?


> > > > Okay, here is the deal.  I have Windows 2000 server, sp3, running
> > > > exchange 2000 sp3.  It is my only Windows 2000 server and I have OWA
> > > > running on it. The domain is mixed.   I purchased a certificate from
> > > > a 3rd party company so I can do SSL with OWA, installed it, and
> > > > checked it here at the office, and it works fine.  The user has to
> > > > type https instead of http to get to his email when using OWA.

> > > > BUT, when you are outside the company, accessing via the internet,
it
> > > > does not work.

> > > > I verified it here using a dialup account.  If you try it with
http:,
> > > > you get the message that you need 128 bit encryption, if you try it
> > > > with https, you get the "the page cannot be displayed " error.

> > > > I go to tools - advanced- security and ssl 2.0 and 3.0 is checked,
> > > > and I have tried it with and without tls 1.0 checked.

> > > > Help, Please, Somebody? Anybody?

 
 
 

help! OWA not working outside after setting up SSL!

Post by Gary Massengal » Mon, 07 Jul 2003 22:30:51


thanks.  I will look into that.  Our firewall was setup by somebody outside
the company.  I have managed to maintain it, but hadnt drilled very deep.
Guess I gotta read up on NAT now :)


> What he is referring to is if you are using some type of NAT.  Your
Exchange
> server is probably on a IANA reserved IP address (like 192.168.x.x or
> 10.x.x.x.).  If that is the case, then on your firewall you have
forwarding
> rules that will forward the external IP address to the internal one;
> however, it's not just the IP address but the port and protocol.  IF you
> look at your firewall rules, you probably have TCP port 25 and TCP port 80
> currently forwarded to your mail server.  You will also need create a
> similar rule for TCP port 443.

> HTH,
> Karan Mavai



> > I dont understand.  What to do you mean by FORWARD it to the exchange
> > IP?  I should just allow ssl traffics thru the firewall, and then they
> > type the address using https (https:\\myservername\exchange) and they
> > can check their email, right?

> > I have verified that ssl traffic is allowed thru the firewall, but I
> > dont know what you mean by forwarding.

> > Color me confused

> > (I stay that color ever since I started working with exchange)
> > gary



> > > I have it open, but how do I forward it to the exchange server's IP?
I
> must
> > > have missed that part.

> > > gary

> > > "Lanwench [MVP - Exchange]"

> message

> > > > Do you have port 443 open in your firewall, forwarded to your
Exchange
> > > > server's internal IP?


> > > > > Okay, here is the deal.  I have Windows 2000 server, sp3, running
> > > > > exchange 2000 sp3.  It is my only Windows 2000 server and I have
OWA
> > > > > running on it. The domain is mixed.   I purchased a certificate
from
> > > > > a 3rd party company so I can do SSL with OWA, installed it, and
> > > > > checked it here at the office, and it works fine.  The user has to
> > > > > type https instead of http to get to his email when using OWA.

> > > > > BUT, when you are outside the company, accessing via the internet,
> it
> > > > > does not work.

> > > > > I verified it here using a dialup account.  If you try it with
> http:,
> > > > > you get the message that you need 128 bit encryption, if you try
it
> > > > > with https, you get the "the page cannot be displayed " error.

> > > > > I go to tools - advanced- security and ssl 2.0 and 3.0 is checked,
> > > > > and I have tried it with and without tls 1.0 checked.

> > > > > Help, Please, Somebody? Anybody?

 
 
 

1. OWA 5.5 not working outside firewall after domain upgrade

I am having a problem with OWA 5.5 that I hope someone can help me with.

We recently began upgrading our NT 4 domain to 2k.  We are still running in
mixed-mode, and the Exchange server is still NT4.  The domain name didn't
change during the upgrade.  After changing our PDC over to a Win2k server,
users from outside the firewall are no longer able to sign in to OWA.  No
changes at all were made to the firewall configuration.

When users from outside the building go to sign into OWA, they get the first
screen where it asks for their username.  Once they type this in and hit
return, it will pop up the box asking for their username and password.  Once
you enter this and click OK, it will just go to a blank screen.  In IE, it
will look like it is trying to load the page, but nothing ever happens.  I
let one browser sit for an hour, and no screens and no error messages ever
came back.  I don't see any error messages in the logfiles on the Exchange
server that would indicate what the problem was

Users inside the building that don't have to go through the firewall seem to
be working just fine.

During the course of this upgrade, I have made no changes at all to either
the Exchange server or to the firewall.  I was wondering if somehow
upgrading the PDC to Win2k may have changed the ability of OWA users to sign
in.

Does anyone have any ideas of where I can look to solve this problem?

TIA,

Stephen Sanders

2. can exchange/outloook be used to create a diary for a resource

3. OWA does not work from outside

4. Public folder permission question

5. HELP: auto forwarding not working to outside addresses

6. Send on Behalf

7. New SSL certificate installed now OWA Password change does not work

8. Migrating Distribution Lists ?

9. OWA - Attachments not working after enabling SSL, sp2

10. OWA & SSL Not working

11. page not found after setting OWA for SSL

12. OWA - to SSL or not to SSL??