I tried to get access to OWA on my Exchange 2016 server, and was greeted with this;
🙁
Something Went Wrong
We’re having trouble getting to your mailbox right now.Please refresh the page or try again later
Solution
I’ve pointed it out on the image above, but it’s easy to miss, look at the time stamp on the error, and compare it to the correct time. The two are not the same.
This is a known problem on both Exchange 2013, and Exchange 2016. It’s fixed in one of the cumulative updates, I was still on the RTM install version, so I updated it.
After that it worked fine.
Related Articles, References, Credits, or External Links
SBS 2008 (which runs Exchange 2007) displays a 404 error when you try and view Outlook Web Access.
https://sites/owa and https://localhost/owa don’t work
Solution
A 404 Error just means page not found, so there are lots of different reasons why this might happen, this is just one of many fixes.
1. On the SBS Server > Click Start > Administrative Tools > Internet Information Services (IIS) Manager > Expand {server name} > Sites > Expand SBS Web Applications > Ensure “owa” is listed below > Notice this site is in a stopped state (indicated by the arrow).
2. If you try and start the site it will probably complain that the port is in use (Look upwards and you will see the “Default Web Site” is running and will be using the same ports).
3. To stop the Default Web Site (if it’s running) Select “Site” > Right click “Default Web Site” > Manage Web Site > Stop.
4. The to Start the “SBS Web Applications” site, Select “Site” > Right click “SBS Web Applications” > Manage Web Site > Start.
Related Articles, References, Credits, or External Links
3. If the above errors, then copy these two files from a known working machine. You can also try copying them from a known working machine, even if you do not recieve an error.
Note: Internet Explorer 6 users make sure you have this update.
Note2: SBS2008 Users if you have multiple “Red X’s” on your OWA Page, then install the latest Exchange 2007 roll up package.
Related Articles, References, Credits, or External Links
Those of you who know me will know that Cisco ASA is my weapon of choice in the firewall department. Now before the ISA brigade start emailing me telling me about “Application Layer Inspection” etc etc, that’s not because I think the ASA is better, cheaper or more effective, but because it’s “What I know”.
To be honest I’ve not installed ISA since version 2000, where what I really needed was MS Proxy 2.0 (now there was a product that did exactly what it said on the “Tin”), and that was a horrible experience which left me adverse to ever using ISA again. However I accept that version 2004/2006 is a damn good firewall.
So the other day when I was asked “Can we publish Outlook Web Access, on an ISA Server, that will be in the DMZ of a PIX?” I inwardly groaned, and despite me suggesting every possible other way of doing it, I bit the bullet and disappeared to the test bench with a copy of ISA and a large coffee.
Before you start !
OK, obviously we want to do this securely using SSL (that’s 128bit encryption) which means we need to use Certificates. Before you all glaze over or run away, this is simple, either buy one or install certificate services on your server and make one.
The single most IMPORTANT thing you need to do is make sure the certificate name resolves internally to the Exchange Server and publicly to the Outside Interface of the ISA server (or the public IP of the exchange box – if it uses a public address).
For Example
Certificate is called owa.mydomain.co.uk
Internally owa.mydomain.co.uk should point to the exchange box running OWA (you may need to set up split DNS for this).
Externally owa.mydomain.co.uk should point to the Outside Interface of the ISA Server (or a static public address for the Exchange Box).
Solution
Step 1 Install ISA
1. OK, I’m assuming you don’t already have an ISA server, if you do then skip this bit and go straight to Step 2 (not box 2 below). Before ISA is installed ensure your server is service packed up and has the correct IP addresses on the correct interfaces – It may be worth naming the interfaces first for simplicity later (INSIDE, OUTSIDE and DMZ, or LAN, WAN and DMZ for example)
2. Let the CD/DVD Auto-run or locate ISAAutorun.exe file the CD and run that. From the splash screen select “Install ISA Server2006”.
3. Set up files will be extracted.
4. At the welcome screen > Next.
5. Accept the EULA, > Next.
6. Enter the details and unlock code as appropriate.
7. Install both ISA Server and Configuration Storage Server > Next.
8. Create a new enterprise, then at the warning screen > Next.
9. You now need to specify networks – you can do this later or add more in at a later date, but lets do it now > Add.
10. Add adaptor.
11. Add the adaptors for the Inside and Outside (and DMZ etc as applicable) > OK.
12. Review the information > Next.
13.If you have older (9x and NT) clients select allow non encrypted firewall connections > Next.
14.At the services warning screen > Next.
15. Install.
16. Go and have a coffee.
17. There is a distinct lack of spinning cogs on things these days don’t you think?
18. Job done! You can tick the box to launch the configuration wizard if you want, but we are not going to need that to do this job > Finish.
Step 2 Export the Exchange Web Certificate
OK, Im assuming you allready have Exchange Outlook Web Access secured using SSL – You need to export the certificate from the Exchange Server to the ISA Box .
1. Open IIS Manager (Start > Administratove Tools > Internet Information Services Manager) > Expand > Server-name > Websites > Right Click Default Web Site” > Properties.
2. Directory security tab > server certificate button.
3. Next.
4. Export the certificate to a .pfx file > Next.
5. Choose a location to save the file (removable media or USB key would be handy)..
6. Don’t panic if it says at some point its FAT formatted (it will still work) > OK > Next.
7. Enter a password > confirm the password > Next.
8. Next.
9. Finish.
Step 3 Import the Certificate into ISA
1. Take the .pfx file to the ISA Server, log in > Start > Run > mmc {enter}
2. Add/Remove Snap In.
3. Add.
4. Scroll down and select “Certificates” > Add.
5. Select computer account.
6. Select “local computer” > Finish > Close > OK to return to the console so you are looking at the certificate console.
7. Expand Certificates > Personal > Certificates (note you may need to stop at personal if the certificates sub folder does not exist – this happens if there are NO certificates on the server already) >Right Click in the right hand window > All Tasks > Import.
8. Next.
9. Browse to the pfx file (Note Change “files of type” to “All Files (*.*)” > Open > Next.
10. Enter the password you gave the certificate > Next.
11. Next.
12. Finish.
Step 4 Publish OWA with ISA
1. Launch the ISA Management Console > Navigate to > Arrays > Server-name > Right Click “Firewall Policy (Server-name)” > New > “Exchange Web Client Access Publishing Rule.”
2. Give the rule a name e.g. Exchange > Next.
3. OWA, OMA and Active Sync > Next.
4. Select “Publish a single web site or load balancer” > Next.
5. Select “Use SSL to connect to the published Web server or server farm using HTTP (Recommended)” > Next.
6. Internal Site name e.g. server1 > Tick Use Computer name or IP address and enter the IP address of the exchange box e.g. 172.254.254.1 > Next.
7. Public Name > enter the public name e.g. owa.yourdomain.co.uk (clients need to be able to resolve this on the internet).
8. At The Web Listener Page > New.
9. Give it a name e.g. ExchSSL.
10. Require SSL secured connections with Clients > Next.
11. Select the External Interface > Click Select IP Addresses.
12. Tick “Specified IP Addresses..” > OK > Next.
13. Select “Use a single cert for web Listener” > Click Select Certificate > Select the Certificate you imported earlier > Select > Next.
14. “HTML Form Authentication” > Select Windows (Active Directory) > Next.
15. Untick Enable SSO > Next.
16. Finish.
17 Next.
18. Next.
19. Next.
20. Finish.
21. Click the “Apply” Button at the top.
22. When its done click OK.
Step 5 Test It
1. Fire up an internet Explorer connection and accept the Certificate.
2. Log in.
3.You are up and running.
Related Articles, References, Credits, or External Links
Note this is for Outlook Web Access, for Outlook CLICK HERE
KB ID 0000088
Problem
There are certain reasons that OWA blocks particular file extensions, this is a good thing and I DO NOT RECOMMEND you change those settings, however there are situations where you need to, if you have to do this, I strongly suggest you change things back to how they are set up by default when you are finished.
The error message you will see when OWA has stopped an attachment is,
“Outlook Web Access has blocked access to attachments, Blocked attachments: {attachment name}”
Below, I’ll run through what to do to let an .exe file which is about as dangerous an attachment as your ever going to work with..
Solution
1. Log onto the Exchange Server with administrative privileges >Start > All Programs>Microsoft Exchange Server 2007 > Exchange Management console > Expand Server configuration > Client Access > Ensure the Server is selected at the top > Select the Outlook web access tab at the bottom > Right Click the Website named “owa (Default Web Site)” unless you changed it > Select Properties.
2. The TWO tabs you need to adjust are, Private Computer File Access Public Computer File Access
3. Those tabs relate to where the client is logging in from, which THEY decide on the login page.
4. On the appropriate Tab > “Direct File Access” section select “Customize” > Click Block.
5. Select the extension in question and hit the “Red X” to Delete.
6. Log back into OWA and the .exe attachments are now available.
Job Done – Remember to change it back afterwards, If your a sysadmin remember your network is only as secure as the most stupid person on the network – do you really want this security hole leaving open with your army of “numb users!” out in the wild?
Related Articles, References, Credits, or External Links
Seen on Outlook 2007 and Outlook 2010 talking to Exchange 2007 (Note this fixes Outlook 2007 but NOT 2010.) When opening the “Out Of Office Assistant.”
Your Out of Office Settings cannot be displayed, because the Server is currently unavailable. Try Again Later
Other Symtoms
1. You see hash marks in the Scheduling Assistant.
2. You see “Object reference not set to an instance of an object.” error when running the Poweshell cmdlet Test-OutlookWebServices.
3. The OOF Log shows “Response error code: 00000000” and “HTTP status code: 0”.
Solution
This is caused by a .NET error.
To Fix it install this HOTFIX (Afterwards neither Exchange or Outlook needs restarting.)
To Workaround.
Option 1
Use the out of office assistant with Outlook Web Access.
Option 2 (On a client by Client basis)
Note: This will only work if you have Schedule+ Free/Busy Public folders, you will only have this if you ticked “Yes” at the “Do you have computers running Outlook 2003..” option when Exchange was installed.
1. On the affected Outlook machine, Click Start > Run > regedit > {enter}
2 Navigate to, HKEY_CURRENT_USERSoftwareMicrosoftOffice12.0OutlookOptionsCalendar
3. Right click in the right hand window > New DWORD
When trying to access Outlook Web App (or Outlook Web Access for those used to earlier versions of Exchange), you see a blank white page and nothing else.
Exchange 2010 installs with it’s own (self signed) certificate. To stay free of security errors and warnings, the best bet is to purchase a “publicly signed” digital certificate and use that.
The following process uses the Exchange Management console to create a CSR (Certificate Signing Request). Then what to do with the certificate, when it has been sent back to you.
Out of the box, Exchange (quite rightly) secures Outlook Web Access so that you have to access it via https. The problem is some of your users are used to accessing websites via http, (or simply typing a URL in their browser, without typing any prefix, so it defaults to http).
If you try and access OWA via http://server.domain.com/owa..
There are a number of ways to get round this, the simplest is to redirect that error message (above) back to the correct OWAURL.
WARNING: DO NOT do this on a Microsoft SBS Server. (For SBS you need to create the custom error messages on the OWA Virtual Directory (directly)). This procedure assumes you have a stand alone Exchange CAS server with no other web services or virtual directories being served from its IIS.
Solution
1. Open IIS Manager and drill down to the Default Web Site > Error Pages.
2. Add > Status code = 403.4 > Select “Respond with a 302 Request” > Type in the correct (https) URL for your OWA site > OK.
3. Then restart the website (or reboot the server).
Note: DONT attempt to test this in the Exchange server itself! That will always show the original error, you need to test it from a client machine.
Related Articles, References, Credits, or External Links