web outlook
amyamandaallen
Member Posts: 316
in Off-Topic
Hi,
Wonder if any gurus can shed some light please.
We have exchange 2003 and happily run web outlook on our internal network. We have decided to put this facility out onto the web and have requested an external web name and given in an IP address from a set we own. We have got a netscreen router which has port 80 open ( to later become 443 ) to forward the outside IP address to our internal exchange server IP address. There is no firewall on the server itself.
From inside the company we just type http://exchange to get access. If internally we type http://exchange.mickeymouse.co.uk the page fails. However if we type http://exchange.local.mickeymouse.co.uk it works internally fine.
From the outside world we can ping the external address no problem and also ping http://exchange.mickeymouse.co.uk no problem. However we just cant get through to web outlook.
Any ideas as Im pulling my hair out trying to get this to work
PS - Im not walt disney, this is just for reference.
Wonder if any gurus can shed some light please.
We have exchange 2003 and happily run web outlook on our internal network. We have decided to put this facility out onto the web and have requested an external web name and given in an IP address from a set we own. We have got a netscreen router which has port 80 open ( to later become 443 ) to forward the outside IP address to our internal exchange server IP address. There is no firewall on the server itself.
From inside the company we just type http://exchange to get access. If internally we type http://exchange.mickeymouse.co.uk the page fails. However if we type http://exchange.local.mickeymouse.co.uk it works internally fine.
From the outside world we can ping the external address no problem and also ping http://exchange.mickeymouse.co.uk no problem. However we just cant get through to web outlook.
Any ideas as Im pulling my hair out trying to get this to work
PS - Im not walt disney, this is just for reference.
Remember I.T. means In Theory ( it should works )
Comments
-
Silver Bullet Member Posts: 676 ■■■□□□□□□□Sounds like you need to add a Cname record in DNS for exchange in the mickeymouse.co.ukzone for your exchange server.
-
Silver Bullet Member Posts: 676 ■■■□□□□□□□Are your external ping requests returning the correct IP address?
Can you access your exchange OWA externally by IP Address? -
Everlife Member Posts: 253 ■■■□□□□□□□Hi there,
We have a similar setup, but use ISA 2000. With our setup, we have specific web publishing rules that redirect requests from the public dns name to the internal dsn name.
I haven't set this up outside an ISA environment, but I'm pretty sure you need some type of web publishing rules. Something like destination: http://exchange.mickeymouse.co.uk, action-> redirect: http://exchange.local.mickeymouse.co.uk. -
amyamandaallen Member Posts: 316Silver Bullet wrote:Are your external ping requests returning the correct IP address?
Can you access your exchange OWA externally by IP Address?
yep can ping the external address fine by either external IP or http://exchange.mickeymouse.co.ukRemember I.T. means In Theory ( it should works ) -
amyamandaallen Member Posts: 316Silver Bullet wrote:Sounds like you need to add a Cname record in DNS for exchange in the mickeymouse.co.ukzone for your exchange server.
Hi,
I presume this is in the forward lookup zone?
Im in the local.mickeymouse.co.uk part and can add a cname but dont really know my way round DNS yet ( the exchange has a static IP )
Any help very gratefulRemember I.T. means In Theory ( it should works ) -
Silver Bullet Member Posts: 676 ■■■□□□□□□□So you can access OWA (not ping) externally by IP Address.amyamandaallen wrote:Im in the local.mickeymouse.co.uk part and can add a cname but dont really know my way round DNS yet ( the exchange has a static IP )
Who is hosting the mickeymouse.co.uk zone for you? That is where you will need to add a HOST A record for the exchange server and a cname record if it's name is not actually exchange. -
garv221 Member Posts: 1,914Make sure you have SMTP/IMAP enabled on the firewall for that outside IP. Try to login into the webmail using the IP address, this is a dead give away if you have a DNS or IP/Firewall problem. How many IP's do you have on the exchange server? How many domains run on the server and are they static?
-
amyamandaallen Member Posts: 316cant connect to IP either in web browser ( pings fine )
has just single domain.
every port I could associate with OWA is open as far as I know
Ps - thanks for help so farRemember I.T. means In Theory ( it should works ) -
Silver Bullet Member Posts: 676 ■■■□□□□□□□This is starting to look like an IIS problem. Go check settings in IIS.
Are you running more than one site from IIS?
Are there any Security settings preventing access from certain IP addresses or only allowing connections from certain ranges?
Sounds like you are using Port Forwarding on the Firewall to Forward port 80 to the Private IP address of the exchange server???......have you double checked that is forwarding to the correct IP Address?
Getting a ping reply externally when using port forwarding (whether pinging by IP Address or by Name) can be a false positive. If you have the external name mapped to the external IP address that is assigned to the firewall then it is the firewall that is replying to the ping request, not the exchange server.
If on the other hand you have the external IP address assigned to a second NIC on the Server and the firewall is opening port 80 for this IP address then again, you will want to make sure that IIS is setup to listen for connections for that IP address. -
garv221 Member Posts: 1,914Basicaly you need port 80 WWW open on the firewall for an IP mapped from the outside to the inside which that static should reside on a IIS server running webmail (not using default web hosting) Secondly you need a DNS server to point the external IP to a legit domain name.
-
blargoe Member Posts: 4,174 ■■■■■■■■■□Verify first that is isn't actually hitting your server - check c:\windows\system32\logfiles\w3svc1 for recent log files and see if there are entries from Internet IPsIT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...