Announcement

Collapse
No announcement yet.

OWA Front-End Server Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • OWA Front-End Server Issues

    I have setup a front-end OWA server to allow remote users to read theirmail
    remotely (obviously). The problem I encountere is as follows; the OWA is
    on a DMZ and can be accessed from the internal network. When connecting to
    the OWA server from the outside (public ip) I cannot even connect to the
    site.

    Here is what our network looks like:

    Internet
    |
    |
    ***Router*** (Public IP)
    |
    |
    ***Firewall***_____DMZ-----OWA Front-End
    | (Public IP with NAT to Internal IP)
    |
    | (Internal Network)
    __________________________
    | Internal Network (Win2k3) |
    | 1 Exchange2k3 Ent. Server |
    | 2 Win2k3 DC's |
    | | |
    | Clients, etc. |
    |__________________________|


    When connecting internally to the OWA using (<https://owa/exchange), I can
    connect but cannot authenticate to the using any account allowed OWA
    access.

    When I bring the server back out of the DMZ and into the internal
    network, authentication works just fine.

    Here is a list of ports that have been opened on the Firewall:
    For Exchange Communication:
    a.. Port 80 for HTTP
    b.. Port 443 for SSL
    c.. Port 691 for Link State Algorithm routing protocol
    For Active Directory communication:
    a.. Port 389 for LDAP (TCP and UDP)
    b.. Port 3268 for Global Catalog Server LDAP (TCP)
    c.. Port 88 for Kerberos Authentication (TCP and UDP)

  • #2
    something is very wrong...

    first of all, i warmly suggest using an ISA server that will improove your network's security, and close all these ports opened from your DMZ to internal...

    when authenticating, try using [email protected]e.xxx format, that should do the trick (and it has a trick to change that as well..)

    about gaining outside site access, you should check firewall settings (for 443 port usage from external to DMZ) and check the certificate on the OWA front-end which should apply for the name of the external owa web page.
    Yaniv Feldman
    Microsoft Security Regional Director
    Microsoft Management Expert
    MCSA, MCSE, MCT

    Comment

    Working...
    X