OWA using one Server! 1

[vincelewin]

All,

I have a 2k3 server runing exchange 2k3.

OWA works perfectly internally, I really want to enable it over the web but I dont have ISA server or a certificate.

Whilst I know it is a security implication can I enable this feature by opening ports on the firewall.

Currently I believe that OWA uses a random port or number of, I have read an article about Static Port Mappings in Exchange and it says this can be acchieved by changing the registry.

Has any one out there done this or know where I could find a definative How too on this subject.

My thinking is that I restrict access at firewall level to IP range then rely on MS security.... (-:

Regards

Vince

 

[jkupski]

No random ports for OWA--port 80 or port 443, depending on whether or not you want to use SSL. IMHO, there's no good reason to offer OWA on port 80, and SSL also gives you the additional benefit of forms based authentication. Create your own CA, and sign your own cert. It's not a particularly complex process.

By the way, there's absolutely no way I would simply forward port 80 and port 443 at an IIS server--but that's just me. Personally, I have an apache server in reverse proxy configuration front ending my OWA.

 

[markdmac]

A self signed cert is the easy way to go with this. Just go into Add/Remove Programs, Windows Components and choose to install the Certificate Authority. Create a cert that matches your FQDN for your mail server such as mail.companyname.com, whatever your MX record points to.

As jkupinski has specified, open up ports 80 and 443.

I prefer to allow people to establish their initial connection via port 80 and redirect them to 443 just because most users will forget to type https.

Refer to this KB on how to set that up.

http://support.microsoft.com/default.aspx?scid=kb;en-us;555126

And refer to this article on how to set up forms based authentication.

http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

I hope you find this post helpful.

Regards,

Mark

 

[terry712]

I have an apache server in reverse proxy configuration front ending my OWA"

can you expand on this - i assume you are meaning the punters go to

http://nicereliableapache/getyourmailhere

and this this gets redirected to

https://owa

this type of idea ?

 

[jkupski]

can you expand on this - i assume you are meaning the punters go to

http://nicereliableapache/getyourmailhere

and this this gets redirected to

https://owa

No, not a redirect--there's a linux box at webmail.example.com which the client connects to. The request is handled by apache, which forwards appropriate requests (i.e. /exchange, /exchweb, /public) to the OWA machine, then serves the data to the client.

The idea is that no untrusted device ever talks directly with IIS.

 

[vincelewin]

Mark,

Thaks for your post.

I got OWA working fine but I went through the MS redirect document, three times and I just get this

"The specified request cannot be executed from current Application Pool"

I made sure im using the correct pool as MS defined it.

Have you seen this?

 

[markdmac]

I have not seen that error. So your using the Exchange application pool right?

I hope you find this post helpful.

Regards,

Mark

 

[vincelewin]

Yeah.

To be honest I have tried each of the pools, but first was the exchange one.

Thanks

Vince

 

[vincelewin]

Mark,

Fixed it.

Just so you know I created the virtual directory under the exchange web site oops.

When I realised and recreatd it under default web site it worked fine.

The configuration was all correct just in the wrong place.

Thanks for all your help on this

Vince

 

[markdmac]

Cool

I hope you find this post helpful.

Regards,

Mark