I have recently completed a (fairly standard) Exchange 2007 install on a brand new (Windows 2008) server. I would now like to set up outlook web access. I have done nothing to change the default settings forOWA at this stage - however OWA does not work internally (or externally). I believe this is to do with the default security settings? Do I need to make changes to the 'default web site' inthe IIS 7.0 Manager? I have looked everywhere and cant find any simple instructions for what needs to be done to the default OWA set-up to get it working.

What roles are installed on the server?What URL are you using? Are you tring to access a mailbox on Exchange 07 or Exchange 03?Have you tried to go to https://localhost/exchange from the actual Exchange Server?BP

The following roles are installed o n the Exchange Server: Mailbox Server Client Access Server Unified Messaging Server Hub Transport Server The URL I am using is: https://localhost/owa from the actual Exchange Server. ( I have also tried https://localhost/owa and get the same result) Internet Explorer then comes up with the following message: There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website. Click here to close this webpage. Continue to this website (not recommended). More information When I click on Continue with this website the URL in explorer bar changes to: https://localhost/owa/auth/logon.aspx?url=https://localhost/owa/&reason=0 And I get a certificate error, and no page loads. I dont get to a point where I get to select a mailbox.

Hi, First please try to run get-exchangecertificate |fl and then post the output here.Also please post the certificate error here. Please check if the user or service account has been specified under the Advance Settings-> attribute Physical Path Credentials. Besides,Id like to know the OS version of the Exchange Server,if you have patched all the latest rollups for Exchange Server. More information about certificate share with you: Certificate Use in Exchange Server 2007 http://technet.microsoft.com/en-us/library/bb851505.aspx Regards, Xiu

[PS] C:\Windows\System32>get-exchangecertificate | fl AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-mel.pvh.localNotAfter : 23/02/2012 12:00:00 AMNotBefore : 23/02/2009 12:00:00 AMPublicKeySize : 1024RootCAType : NoneSerialNumber : 7CF983C1A73BF4AE4EA60312CC19CDABServices : NoneStatus : ValidSubject : CN=pvh-mel.pvh.localThumbprint : 43C05E3CEAAF76EC97D7D784075E800AC20E68B8 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-mel.pvh.localNotAfter : 23/02/2012 12:00:00 AMNotBefore : 23/02/2009 12:00:00 AMPublicKeySize : 1024RootCAType : NoneSerialNumber : 6037CC2A0A3FA39840CCEF94B45C58E5Services : IISStatus : ValidSubject : CN=pvh-mel.pvh.localThumbprint : F470C981991AF5B3177ADB798B26F76F78440235 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-mel.pvh.localNotAfter : 10/02/2012 12:00:00 AMNotBefore : 10/02/2009 12:00:00 AMPublicKeySize : 1024RootCAType : NoneSerialNumber : 7A4BDD8A9C545B914D49AF11DFFBA95EServices : NoneStatus : ValidSubject : CN=pvh-mel.pvh.localThumbprint : 33ED46541B16884394C252030FB698BA8E000809 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-mel.pvh.localNotAfter : 10/02/2012 12:00:00 AMNotBefore : 10/02/2009 12:00:00 AMPublicKeySize : 1024RootCAType : NoneSerialNumber : 5347CE22AF63BC9F471E35542E3F9D3FServices : NoneStatus : ValidSubject : CN=pvh-mel.pvh.localThumbprint : A79B9FA97C616CB485B101D42EF71909C8A09DA7 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {WMSvc-PVH-MEL}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=WMSvc-PVH-MELNotAfter : 7/02/2019 6:09:47 PMNotBefore : 9/02/2009 6:09:47 PMPublicKeySize : 2048RootCAType : RegistrySerialNumber : 96CE70E39025D6A7431D1844DBB33DFAServices : NoneStatus : ValidSubject : CN=WMSvc-PVH-MELThumbprint : 812971F8D7DB5540ABC653CAA8A6CDC50FC121BD AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-mel.pvh.localNotAfter : 9/02/2012 12:00:00 AMNotBefore : 9/02/2009 12:00:00 AMPublicKeySize : 1024RootCAType : NoneSerialNumber : B984DCF49EA7EAA84241DFC4C8DCC547Services : NoneStatus : ValidSubject : CN=pvh-mel.pvh.localThumbprint : 681B79AA0FD57C10EA02E7430FE0408289B1AD84 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel, pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-melNotAfter : 21/12/2009 5:12:08 PMNotBefore : 21/12/2008 5:12:08 PMPublicKeySize : 2048RootCAType : NoneSerialNumber : 9635EDD836BE86B146774A5E523E8141Services : IMAP, POP, IIS, SMTPStatus : ValidSubject : CN=pvh-melThumbprint : 2C554614BA61EBF39F904B121A20ADD16AAF782AI dont understand this: "Please check if the user or service account has been specified under the Advance Settings-> attribute Physical Path Credentials."AS stated above, " I have recently completed a (fairly standard) Exchange 2007 install on a brand new (Windows 2008) server." It has been well patched with the latest rollups. (Rollup6 for Exchange Server 2007 SP 1)any ideas? many thanks.

firewall?Can you get to OWA from the actual machine specifing localhost or the machine name?BP

as you can see from above , "The URL I am using is: https://localhost/owa from the actual Exchange Server."

Hi, I note that you have several certificates installed. For IIS services, you have two certificates, we need to verify whether a valid certificate has been issued to OWA from Internet Information Services(IIS) manager. And then try to remove the additional one. You can delete the certificate from Certificate MMC. 1. Please open Internet Information Services(IIS) manager(Note: Start-Administrative Tools- Internet Information Services(IIS) manager) 2. Find OWA virtual directory under Default Web Site and then right click on it. 3. Please navigate to Directory Security tab, click on View Certificate in Secure communication area. 4. Please check against Issue to on General tab to verify whether it is the same with the site name.(Note: URL for OWA: https://sitename/owa ) 5. Please check whether the certificate has a private key. 6. Please remember the Thumbprint(Note: you can find it from the drop-list in Detail tab) of this certificate, we need to find this certificate from certificate MMC. Then we need to verify this certificate in certificate MMC. 1.Please type MMC from a command prompt. 2.Click File-Add/Remove Snap-in-Add-Certificates-Add-Computer Account-Local computer-Finish. 3. In the console, please check whether it is under Trust Root Certification Authorities 4.Please find the certificate and check whether it is the same as the one for OWA virtual directory. AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-mel.pvh.localNotAfter : 23/02/2012 12:00:00 AMNotBefore : 23/02/2009 12:00:00 AMPublicKeySize : 1024RootCAType : NoneSerialNumber : 6037CC2A0A3FA39840CCEF94B45C58E5Services : IISStatus : ValidSubject : CN=pvh-mel.pvh.localThumbprint : F470C981991AF5B3177ADB798B26F76F78440235 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule}CertificateDomains : {pvh-mel, pvh-mel.pvh.local}HasPrivateKey : TrueIsSelfSigned : TrueIssuer : CN=pvh-melNotAfter : 21/12/2009 5:12:08 PMNotBefore : 21/12/2008 5:12:08 PMPublicKeySize : 2048RootCAType : NoneSerialNumber : 9635EDD836BE86B146774A5E523E8141Services : IMAP, POP, IIS, SMTPStatus : ValidSubject : CN=pvh-melThumbprint : 2C554614BA61EBF39F904B121A20ADD16AAF782A Regards, Xiu

Thank you for your help so far.the verison of Internet Information Services(IIS) manager that i have (version 7.0.6000.16386 ) does not have the commands you have listed.When i go to the OWA directory and right click on it (step 2 in your sintructions) i do not have an option "Directory Security".

Sorry, I missed that it is IIS 7. We can check the certificate through steps below. 1. Open IIS manager. 2. Navigate to Default Web Site. 3. Click Bindings from action pane. 4. Hit Https and then click edit. 5. In SSL certificate area, please try to select the certificate from the drop list. It should be pvh-mel.And you can access OWA use https://pvh-mel/owa. Besides,I recommend you to delete the additonal certificate from certificate MMC. Regards, Xiu

Thank you!There are8 options ( 7 Certificates)listedunder teh HTTPS SSL certificate area in "Edit Bindings"; they are Not Selectedpvh-mel.pvh.localpvh-mel.pvh.localWMSvc-PVH-MELpvh-mel.pvh.localpvh-mel.pvh.localpvh-mel.pvh.localMicrosoft ExchangeWhen i select each one and then choose 'view' they all say "This CA Root Certificate is not trusted", except for "WMSvc-PVH-MEL" and "Microsoft Exchange"which say " this certificate is intended for the following purposes, Ensure the identify of a remote computer, All insurance policies" Which one should i use?Also, what form(s) of authentication should i haveunder Default Web Site > Authentication? should it be anonymous? Forms? ???What form of authentication should i have under the OWA site > Authentication?

Hi,From my lab, it should be "Microsoft Exchange".Fordefault web site: "Anonymous Authentication" is enabled.For OWA: "Basic Authentication" is enabled.You can refer to the article below: http://msexchangeteam.com/archive/2008/02/01/447989.aspxRegards,Xiu

MartenPeck,The only concern I have is that your CA which appears to be pvh-mel.pvh.local is not trusted. Is this a domain CA? It appears to be self assigned....Keep in Mind that the Microsoft Exchange Cert is self assigned and only valid for 1 year while a cert from you CA can be good for X amount of years. I have seen clients who suddenly have OWA stop working b/c the default cert has expired and owa stops working.Depending on how many CAS servers you have in your environment and if you have ISA or not (using SSL Bridging) you may want to get a third party cert for your CAS server(s). Users will also get a cert warning when connecting to the exchange server if the cert is a self signed cert.BP