No announcement yet.

Cannot log into OWA externally

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot log into OWA externally

    I have a client who has cause to rebuilt their Exchange Server. It is all working ok, except that nobody can log in to OWA externally, but they can if they attempt it using the local URL.

    They get this message

    "You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again"

    There is a DMZ server as well where the hits first and this is using Forms Based Authentication back to the Exchange server.
    The local access to https:\\localhost\exchange works fine, but the web browsers are set to not pass local traffic via the DMZ.

    However, nothing has changed on this DMZ Server, so I can only assume it is a mis-configuration on the Exchange server.

    I found that they had not re-imported the SSL certificate from the DMZ, so i have done this and it has been accepted, but still no joy

    I have trawled through forums and Google searches and have tried all that has been suggested, but with no success. I feel there is one tick box that needs clicking........

    Any ideas please

  • #2
    Re: Cannot log into OWA externally

    What is in the DMZ? Is that an ISA server or something else?
    Does it work internally? Does it work if the server is exposed directly to the internet?

    It should just work - however I wonder if the "misconfiguration" is actually changes that were required to use the DMZ.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: Cannot log into OWA externally

      The DMZ is running ISA Server and is not something we know too much about and have left well alone, apart from seeing if we can work out how it was configured.

      The OWA works fine if you browse LAN side to either localhost/exchange or use its FQDN/exchange. I can log in using any account.

      However, if I browse to WAN side,( DMZ has no DNS, but uses the hosts file to point to the internal IP of the Exchange server ) I am taken to the OWA form generated by the ISA and prompted for \domain\username. When I enter the details I know work internally, I get the message I listed in my initial post.

      The Exchange server and the DMZ are obviously linked and something is missing from the Exchange side to link it to the Forms Based Authentication setup on the DMZ. I am assuming it is somewhere in IIS that just needs tweaking.


      • #4
        Re: Cannot log into OWA externally

        Can we have some more information please?
        Is it ISA 2k4 or ISA 2k6?

        It sounds like u have installed ISA in workgroup and u are trying to use "windows
        authentication" on OWA web listener. This will not work since ISA server is in
        workgroup and does not have the authority to query a DC and verify the credentials of a user.

        We can try two things:

        1)We either need to enable LDAP or RADIUS authetication on ISA IF we want ISA
        server to pre-authenticate.
        2.) Otherwise we can use "NO authentication" on ISA and have the Exchange
        authenticate directly.

        Please let me know the complete network topology incase this doesnot help..
        Fazal Zaidi
        MCITP-Windows 2008,Exchange 2010,MCTS-Exchange 2007,2010,Lync 2010,MCSE-2000,2003,MCSA-2003,2008,2012,MCP,MCSE -Messaging 2013,ITIL