I am new here. I have a issue with IIS6 and OWA with SSL enabled and also forms authentication enabled in Exchange 2003. I can access OWA internally no problem. When i try to access Externally i get error HTTP Error 403.6 Forbidden: IP Address of the client has been rejected. I have allowed all IP Addresses within IIS6 - Directory Security - IP Addresses and Domain. I have also run iisreset. When i disable forms authentication with Exchange Virtual Directory it works Internally and Externally. But when i enable forms authentication it works internally but NOT EXTERNALLY. I get the above error. Can someone please help as it is very urgent

This is not the place to get urgent help. Most of us are volunteers and get back to you when we can. If it's working internally but not externally, then you need to figure out what's different about the traffic from the outside. Perhaps your firewall is manipulating the session somehow. You're welcome to peruse your IIS logs to see what might be different about requests from outside.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Ed Thanks for reply i just copied and pasted from another forum. lol I know people do this when they can and it is appreciated :-) its just something i am required to resolve urgently. IIS logs where are they as i was looking at them the other day and they were showing as 2010 but the log was for the OWA issue. Maybe i was not looking in the correct place. Thanks kendo

Maybe so, but since you didn't tell me anything more I have no way of knowing.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Hi Ed This is the IIS Log when trying to access externally. Date: 2012-01-22 22:54:21 #Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken 2012-01-22 22:54:21 W3SVC1 SERVER 192.168.x.x GET /exchange - 443 - 101.170.203.157 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:9.0.1)+Gecko/20100101+Firefox/9.0.1 - - server.domain.com 401 2 2148074254 332 345 234 2012-01-22 22:54:21 W3SVC1 SERVER 192.168.x.x GET /exchweb/bin/auth/owalogon.asp url=https://server.domain.com/exchange&reason=0 443 - 101.170.203.157 HTTP/1.1 Mozilla/5.0+(Windows+NT+5.1;+rv:9.0.1)+Gecko/20100101+Firefox/9.0.1 - - server.domain.com 403 6 0 1744 417 15 This is the IIS log when accessing Internally. #Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie) cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken 2012-01-22 23:08:43 W3SVC1 SERVER 192.168.x.x GET /exchange - 443 - 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) - - server.domain.com 401 2 2148074254 332 258 0 2012-01-22 23:08:43 W3SVC1 SERVER 192.168.x.x GET /exchweb/bin/auth/owalogon.asp url=https://server.domain.com/exchange&reason=0 443 - 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) - - server.domain.com 200 0 0 14082 330 187 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x POST /exchweb/bin/auth/owaauth.dll - 443 - 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD https://server.domain.com/exchweb/bin/auth/owalogon.asp?url=https://server.domain.com/exchange&reason=0 server.domain.com 302 0 0 398 691 15 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x GET /exchange - 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchweb/bin/auth/owalogon.asp?url=https://server.domain.com/exchange&reason=0 server.domain.com 302 0 0 408 574 78 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x GET /exchange/ - 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchweb/bin/auth/owalogon.asp?url=https://server.domain.com/exchange&reason=0 server.domain.com 200 0 0 1589 575 15 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x GET /exchange/user/ Cmd=navbar 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/ server.domain.com 200 0 0 19421 500 0 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x GET /exchange/user/Inbox/ Cmd=contents 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/ server.domain.com 200 0 0 20412 508 15 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x GET /exchweb/6.5.7638.1/controls/tf_Messages.xsl - 443 - 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://bob.domain.com/exchange/user/Inbox/?Cmd=contents server.domain.com 200 0 0 11927 484 0 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x SEARCH /exchange/user/Inbox/ - 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/user/Inbox/?Cmd=contents server.domain.com 207 0 0 15512 1497 203 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x SUBSCRIBE /exchange/user/Calendar - 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/user/?Cmd=navbar server.domain.com 200 0 0 403 579 0 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x SUBSCRIBE /exchange/user/Tasks - 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/user/?Cmd=navbar server.domain.com 200 0 0 400 576 0 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x SEARCH /exchange/user/Calendar - 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/user/?Cmd=navbar server.domain.com 207 0 0 1897 1584 0 2012-01-22 23:08:51 W3SVC1 SERVER 192.168.x.x SEARCH /exchange/user/Tasks - 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/user/?Cmd=navbar server.domain.com 207 0 0 409 1662 140 2012-01-22 23:08:52 W3SVC1 SERVER 192.168.x.x GET /exchange/user/Inbox/Policy+Patrol+notification:+Evaluation+period+has+expired-58.EML cmd=preview 443 user 192.168.3.10 HTTP/1.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+Trident/5.0) ASPSESSIONIDSAQDATCQ=NNPNHLECNKINANFDHPFPNIDD;+sessionid=b6800856-a37f-4a60-93e3-a691687e86f7:0xc09;+cadata="1qIO9+29TiZa4gjvwdOpBkemDkUB1Z62EtLlzhWUv7t8lJII67VCarg==" https://server.domain.com/exchange/user/Inbox/?Cmd=contents server.domain.com 200 0 0 6339 606 46 I look forward to your help. Thanks Beforehand

From outside, users are getting a 403, which means forbidden. Are they able to authenticate? Have you configured forms-based authentication?Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."