Setting up OWA External Access, No FQDN, using .local domain.

Hello everyone,

I am trying to enable users to access OWA externally
on our SBS 2003 server. Current set up is XXXXX.local as the domain name with
XXXX.org registered but currently only forwarding to a hosted website.
Running ISA 2004 on the server as well.

OWA and RWW work fine internally but I am struggling to publish these
services externally. Currently using a Draytek router with a static IP
address.

I know that changing the domain is not a practical option in SBS 2003 and
have tried using OWA publishing rule & web listener but still unable to
access these services externally.

Any advice or pointers gratefully received.

Regards.

On 31/08/10 11:30, cheesebrownsauce wrote:
> Hello everyone,
>
> I am trying to enable users to access OWA externally
> on our SBS 2003 server. Current set up is XXXXX.local as the domain name with
> XXXX.org registered but currently only forwarding to a hosted website.
> Running ISA 2004 on the server as well.
>
> OWA and RWW work fine internally but I am struggling to publish these
> services externally. Currently using a Draytek router with a static IP
> address.
>
> I know that changing the domain is not a practical option in SBS 2003 > and
> have tried using OWA publishing rule& web listener but still unable to
> access these services externally.
>
> Any advice or pointers gratefully received.
>

ISA is the problem. Without ISA, an SBS can be reached on its public IP
address, and while a browser will warn you about an unmatched and
untrusted certificate, it will allow connection.

ISA will by default only accept connections to the URL for which the
certificate is made. When you run the CEICW, a certificate is made for
the server's FQDN, which of course is a .local name or similar.

What you need to do is have ISA accept other URLs. It's a while since I
did this, but somewhere in the web listener properties for OWA and RWW
(you need to do both), there is a tab marked Public Name. Add the public
IP address of the network here. If you do eventually get a real public
FQDN (and that should be no more difficult than adding a DNS A record
for a suitable hostname to the XXXX.org DNS server, you may have a web
control panel which allows you to do this yourself) then you need to
also add this hostname here.

In the router, forward TCP port 443 to the SBS external NIC, and if you
will need RWW, also forward TCP 4125. If the router is a Vigor 2800 or
has similar firmware, that's under NAT, Port Redirection.

You'll always get certificate mismatch errors, as the internal and
external hostnames of the server will never match, but you can get rid
of the 'untrusted' warning by importing the server's root certificate
into the client browser.

--
Joe

Joe gave you a procedure, but in there is the easiest way. Have your DNS
hosting service setup a new DNS A record pointing to your external public
IP. You could use something like owa.XXXX.org or rww.XXXX.org. Then rerun
the CEICW using that new FQDN.

"cheesebrownsauce" <> wrote in
message news:E733EE61-AFA7-4CB8-B92A-...
> Hello everyone,
>
> I am trying to enable users to access OWA
> externally
> on our SBS 2003 server. Current set up is XXXXX.local as the domain name
> with
> XXXX.org registered but currently only forwarding to a hosted website.
> Running ISA 2004 on the server as well.
>
> OWA and RWW work fine internally but I am struggling to publish these
> services externally. Currently using a Draytek router with a static IP
> address.
>
> I know that changing the domain is not a practical option in SBS 2003 and
> have tried using OWA publishing rule & web listener but still unable to
> access these services externally.
>
> Any advice or pointers gratefully received.
>
> Regards.

On 31/08/10 17:42, SteveB wrote:
> Joe gave you a procedure, but in there is the easiest way. Have your DNS
> hosting service setup a new DNS A record pointing to your external public
> IP. You could use something like owa.XXXX.org or rww.XXXX.org. Then rerun
> the CEICW using that new FQDN.
>

After which OWA won't work using the internal name if you need to use it
instead of Outlook to test an email funny.

Both OWA and RWW really need to work inside and out to troubleshoot
future problems with them: on this occasion, the OP was able to tell us
they worked internally, which eliminated some possible causes of the
problem.

It's worth knowing about the Public Name tab in the web listeners.

--
Joe

On Tue, 31 Aug 2010 19:49:04 +0100, Joe <> wrote:

>On 31/08/10 17:42, SteveB wrote:
>> Joe gave you a procedure, but in there is the easiest way. Have your DNS
>> hosting service setup a new DNS A record pointing to your external public
>> IP. You could use something like owa.XXXX.org or rww.XXXX.org. Then rerun
>> the CEICW using that new FQDN.
>>
>
>After which OWA won't work using the internal name if you need to use it
>instead of Outlook to test an email funny.
>
>Both OWA and RWW really need to work inside and out to troubleshoot
>future problems with them: on this occasion, the OP was able to tell us
>they worked internally, which eliminated some possible causes of the
>problem.
>
>It's worth knowing about the Public Name tab in the web listeners.

I can't think why anyone would need to use OWA internally, nor RWW.

All our SBS networks have a public SSL cert (GoDaddy) and a FQDN of
webmail.ourdomain.com or mail.ourdomain.co.uk, and that's it, nothing
more than that. We set up our A record to point to our IP address,
just the same as we set up the A that our MX points to.


Jim