RE: OWA 403 Forbidden, POP3,
- From: v-chacez@xxxxxxxxxxxxx (chace zhang)
- Date: Fri, 10 Nov 2006 08:00:57 GMT
Hi,
Thank you for posting here.
From your post, I understand you after you rebuild SBS Server, youexperienced a couple of problems. Please understand this newsgroup is a one
issue based service, to keep the thread clean, let's focus on OWA 403
Forbidden issue, thanks for your understanding
Based on my research, the symptom indicated that the web site only allows
restricted source IP. This is a normal behavior for a newly installed SBS
box. The SBS setup wizard implants IP restrictions on the default web site.
We can run the CEICW to enable particular web services so that the
restrictions on the virtual directory will be removed. Can I assume that
you have already run the CEICW on the SBS server? If not, please open
Server Management console, navigate to 'To Do List'. Click 'Connect to the
internet' in the right panel. In the web services configuration window,
select the web functions which you want to use from the internet. When you
select to allow "Outlook Web Access" when running CEICW, the component will
modify the IIS connection permissions for the OWA-specific virtual
directories to allow clients from any IP address to connect, while the rest
of the site only allows local IP addresses to connect. Follow the wizard to
complete the configurations. After doing this, will the problem be resolved?
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
A step by step explanation of the CEICW:
http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm
If the issue still persists after above steps. To verify is there an IP
restriction configured on the website!
1. Click Start, point to Administrative Tools and click Internet
Information Services (IIS) Manager.
2. Expand your server | Web Sites | Default Web Site, right-click Default
Web Site and click Properties.
3. On the Directory Security tab, click Edit in the "IP address and domain
name restrictions" section.
4. What IP address access restrictions have been configured?
5. Also check this setting for the Exchweb and the Exchange virtual
directory.
You don't need port 80 inbound open.Port 80 is still the most attacked port
on the internet.
Please use HTTPS instead of HTTP to access OWA and forward port 443 from
the router to your external nic.
1. Make sure you have Exchange SP1 installed
2. Clear the IIS server files. To do so, follow these steps:
a. Go to your "%SystemRoot%\IIS Temporary Compressed Files" (C:\WINDOWS\IIS
Temporary Compressed Files or C:\WINNT\IIS Temporary Compressed Files)
directory.
b. Select all of the content in this directory and delete it.
3. Click Start->Run, type "iisreset" (without the quotes) and click OK to
restart the IIS services.
At the client side:
a. Open IE, and go to Tools -> Internet Options.
b. Select Delete Files, check "Delete all offline files" and click OK to
confirm that you want to delete the content. Then check if the issue
disappears.
This issue may also be caused by URLSCAN installed on IIS if it is not
configured per the Exchange 2003 OWA template. For more information, see:
823175: Fine-Tuning and Known Issues When You Use the Urlscan Utility in
an Exchange 2003 Environment
http://support.microsoft.com/?id=823175
If URLscan is uninstalled, can the problem be reproduced?
1. 'Add/Remove Programs', highlight the item 'UrlScan 2.5' and click
'Change/Remove'.
2. Follow the wizard to 'Uninstall'.
3. Open up a command console and issue 'iisreset'.
4. Does the issue still occur?
In addition, this may also occur if you install OfficeScan (version 6.0 or
6.1) as part of Trend Micro Client/Server/Messaging (CSM) Suite 2.0 for
SMB. When you install OfficeScan, the setup program prompts you whether to
install OfficeScan on the Default Web Site or on a new virtual site. If you
install it on the Default Web Site, or on the Web site that contains the
Exchange virtual directories, you will see these symptoms because of a
custom MIME type that OfficeScan adds to the Web site and to the virtual
directories under the Web site.
You could resolve this issue by uninstalling OfficeScan and reinstalling it
on a new virtual site, instead of installing it on the Default Web Site.
For more information, see Solution 18148 in the Trend Micro Knowledge Base
at the following URL:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=18148
As a workaround, you can remove the OfficeScan MIME Types value from the
Default Web Site and from the Exchange virtual directories. Use the
following steps to remove this MIME Types value:
1. Open Internet Information Service (IIS) Manager.
2. Expand the server and then expand the Web Sites folder.
3. Right-click the Default Web Site, and then click Properties.
4. Select the HTTP Headers tab.
5. Click MIME Types.
6. Select the " .* application/octect-stream" entry and click Remove.
7. Click Yes to confirm, and then click OK two times.
8. In the Inheritance Overrides dialog box, select Exadmin, Exchange,
exchange-oma, OMA, and Public (hold down the Ctrl key while clicking to
select multiple), and then click OK.
9. Right-click Default Web Site, and then click Stop.
10. Right-click Default Web Site, and then click Start.
11. Run the "iisreset" command.
After you remove and reinstall OfficeScan or remove the OfficeScan, delete
the Internet Explorer temporary Internet files on the client computer
before using OWA again. If clearing the temporary Internet files does not
resolve the problem on the affected client computers, completely remove
Internet cache files, and enable the Internet Explorer option to check for
newer versions of stored pages on every visit. To do so, follow these steps:
1. Close all instances of Internet Explorer.
2. Open Internet Properties in Control Panel.
3. Click the General tab.
4. Click Delete cookies, and then click OK when prompted to confirm.
5. Click Delete Files, click the check box to "Delete all offline content"
when prompted, and then click OK.
6. Click Settings, and then click "Every visit to the page" under "Check
for newer versions of stored pages."
7. Click OK two times.
If the problem persists, please let me know your troubleshooting
information against above steps, collect following info and send me the
metabase file on your SBS server to me at v-chacez@xxxxxxxxxxxxx
1. How did you rebuild SBS Server? Did you reinstall it from scratch?
2. What is the edition of your SBS?
3. How many NICs on SBS Server? Do you install ISA 2004 on SBS box?
4. Metabase
=======
a. Install .NET Framework Version 1.1:
http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f589-4842-
8157-034d1e7cf3a3&DisplayLang=en.
b. Install MBExplorer by installing IIS 6 Resource Kit Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
B628-ADE629C89499&displaylang=en.
c. Once it is installed, access it from Start, Programs, IIS Resources,
Metabase Explorer.
d. In the left pane, right click ''LM'' (under your server computer name)
to choose ''Export to file'', and then save it as IIS.mbk.
e. Compress this mbk file and send it to me for analysis.
Hope this helps, if you need more assistance on this issue, please do not
hesitate to let me know.
Have a nice day!
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "CJH" <cjh@xxxxxxxxxxxxxxxxxxxx>
| Subject: OWA 403 Forbidden, POP3,
| Date: Thu, 9 Nov 2006 15:50:41 -0600
| Lines: 27
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
| X-RFC2646: Format=Flowed; Original
| Message-ID: <e2jOQgEBHHA.4348@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: profiletechgroup.com 66.93.17.78
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP04.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:311500
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Had to rebuild server over the weekend due to a Crash, and a backup that
| would not recognize hardware.
|
| Was able to retrieve all user data, and E-mail (I assume).
|
| Server is basically up and running, but a couple of critical services are
| giving fits.
|
| 1. https:/www/company.com/remote (RWW Works, Can get to
desktops/servers
| 2. * OWA Get to Login screen, and then Error 403 Forbidden <===
Need
| this one
| 3. * POP3 Connectot, Unable to connect on 110
| 4 * IMAP4 Connection Unable to connect on 143
| 5 * Active Sync to a Treo phone connects just fine, error when
download
| of data starts
| 6 Outlook Desktop works just fine
| 7. Shared directories etc OK.
| 8. CompanyWeb does work OK (Only used Intranet)
| 9 All Automatic Services running.
|
| OWA Originally worked as expected. Between patches, updates, Install of
| Trend Micro SMB something has gone astray, and I am at a loss where to
look
| any more.
|
| Looking for input.
|
|
|
.
- Follow-Ups:
- Re: OWA 403 Forbidden, POP3,
- From: CJH
- Re: OWA 403 Forbidden, POP3,
- References:
- OWA 403 Forbidden, POP3,
- From: CJH
- OWA 403 Forbidden, POP3,
- Prev by Date: Re: SBS DHCP Service Install
- Next by Date: Upgrade existing SBS 2003 SP1 Std Edn to SBS 2003 R2 Std Edn
- Previous by thread: OWA 403 Forbidden, POP3,
- Next by thread: Re: OWA 403 Forbidden, POP3,
- Index(es):
Relevant Pages
|
