List Charter and FAQ at:-----Original Message-----
From: John Weber [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 4:24 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problemJust for sh*ts and grins, I would pop NT4 Optionpack 4 onto the exchange box and see if it works there. Is that an option for you?Maybe [EMAIL PROTECTED]?PSS? I have never had the issue you describe. The hardest thing I've ever had to do to get OWA running was to make sure the everyone group had the proper rights to the registry and the box the IIS was on.Sorry. Please let me know if/when you resolve this, or if you think I can be of some (limited) help.List Charter and FAQ at:-----Original Message-----
From: Steve Hart [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 13:15
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problemThe common name matches the OWA box. The OWA box is inside the firewall.After rerunning URLScan everything is working from other subnets and from outside the firewall. It's still not working from this subnet, however. I get the untrusted certificate box, then a "cannot find server" error. Nothing shows up in the IIS logs at all.SteveList Charter and FAQ at:-----Original Message-----
From: John Weber [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 11:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problemSteve,dummy me may have missed something...Your certserv is the OWA box? 2K?What name did you give the cert for 'common name?'It may be nothing, but it should match the OWA box not the Exch box.Also, is the IIS box sitting in the DMZ? If so, you may need to twiddle the firewall to get this to work.John Weber
Consultant
Centerlogic
503-262-0490 x203List Charter and FAQ at:-----Original Message-----
From: Steve Hart [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 09:48
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problemI have now. Thanks.
(Didn't fix the problem, but I probably prevented others.)
SH
-----Original Message-----
From: Joe Friess [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 26, 2002 5:08 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problem
Have you applied the OWA patch Q301361 ?
-----Original Message-----
From: MS-Exchange Admin Issues
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 6:34 PM
To: MS-Exchange Admin Issues
Cc: [EMAIL PROTECTED]
Subject: RE: OWA SSL problem
you wanna accept a mondo wordpad of screen shots?-----Original Message-----
From: Steve Hart [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 14:45
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problem
From John: (By the way thanks in advance)
Is the OWA the only thing running on the IIS? Usually, default IIS install will have a "default website" with Exchange being a virtual under that. You can have the virtual on ssl OR/AND http, and the parent being one or both or either. They are not linked.> We have a web site running as the default web site. It is set up using anonymous access and no encryption. Exchange is a virtual folder under it, using Basic Authentication. I've been testing some of the time with SSL required and sometimes not. It will be running on SSL before I announce OWA to the world.
Server listening on 443 does not necessarily mean that the IIS is doing it.
> OK
In the IIS on the OWA server, is the virtual for exchange pointing into the proper exchsrvr dir on the 55sp4 box? Does it have rights into that dir? The OWA webaccess dir is/should be: c:\exchsrvr\webdata (ymmv). If local, then no share needed on the Ex box. If using a separate IIS server, then you'll have to have the dir shared .
> I'm pretty sure this is set up correct. The web access directory is right and I am able to access my mailbox using http. It seems everything from the OWA server to the Exchange server is OK.
If you want the ssl, then the owa server MUST be addresses with https. If the "cannot find server" comes up on https but not http, then I would start looking at whether or not the IIS is ssl enabled for the Exchange virtual site .
> I've checked "Require secure channel (SSL)" in the Secure Communications dialog box of the Exchange virtual directory. Is there anything else I'm missing to enable SSL?
<http://10.x.x.x> http://10.x.x.x gets you IIS default site or OWA?
> Sorry, I was pretty unclear.
http://10.x.x.x gets me to the default website.
http://10.x.x.x/exchange tells me I must use a secure connection.
If I uncheck the "Require secure channel" box, http://10.x.x.x/exchange gets me OWA, and after logging in, I get to the Exchange server.https:// <https://10.x.x.x/exchange> 10.x.x.x/exchange brings up a dialog box noting an untrusted certificate. This is expected and normal as the certificate is coming from my own Certificate Server (actually, the same OWA box). After I accept the certificate, the next screen is the "Cannot find server or DNS error". If I try a refresh, IE just spins forever. A new browser window will repeat the process.
I've tried a full reinstall of IIS, OWA and Cert Server, but I've got the same problem, so it must be a configuration issue.
Steve
-----Original Message-----
From: Steve Hart [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 09:38
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problem
I'm not even getting that far. https://10.x.x.x/exchange results in a "cannot find server" message
http://10.x.x.x works fine.
SH
-----Original Message-----
From: John Weber [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 25, 2002 8:50 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA SSL problem
Try inside the domain first. And start with straight IP. https://xxx.xxx.xxx.xxx/exchange
You SHOULD get a message regarding the validity of your cert, depending on how it got setup.
If this works, you at least know it is working internally to the collision domain.
Past that, by chance are you setup right on the router/firewall level?-----Original Message-----
From: Steve Hart [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 24, 2002 15:08
To: MS-Exchange Admin Issues
Subject: OWA SSL problem
I brought this one up last week and although I've researched and followed the advice I received, I'm still stuck.
I've got OWA up and running fine on straight http, but I can't connect using https. The browser returns the message "Can't find server or DNS error". DNS is OK so it seems that either the server isn't listening on 443, or the server is ignoring my workstation due to some certificate problem.
I've tried everything I can find including Q228821, Q234022, Q265847, Q290391, Q292296 and Q301428.
Netstat -an shows the server listening on Port 443. I've deleted all certificates on the browsing computer, but it doesn't seem to be getting new ones.
Environment:
Exchange Server NT 4.0 SP6a Exchange 5.5 SP4 Member Server
OWA Server 2000 Server SP2 OWA 5.5 SP4 Member Server
Workstation 2000 Pro SP2 IE 6 w/ Latest Patches
2000 AD DomainI'm usually pretty good at resolving this kind of stuff with the help of books and MS, but this one is frustrating me.
Any ideas?
Steve
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm
http://www.sunbelt-software.com/exchange_list_charter.htm
http://www.sunbelt-software.com/exchange_list_charter.htm
http://www.sunbelt-software.com/exchange_list_charter.htm
http://www.sunbelt-software.com/exchange_list_charter.htm
http://www.sunbelt-software.com/exchange_list_charter.htm
