Hi,We have a Win server 2003 SBS SP2 and I need to run OWA on port 8080. Within the network both http://servername/exchange and http://servername:8080/exchange works fine. From outside the network the default website http://external-IP:8080/ works, but when I go to http://external-IP:8080/exchange I get a ' page cannot be displayed after the login popup'. (I can also see the login in the eventviewer) Settings: Default website: IP all Unasigned, TCP port 8080 (multiple identities: default port 8080, internal-IP port 80, external_IP port 8080, 127.0.0.1 port 80), authentication: enable anonymous access. Exchange (under default website) authentication: enable anonymous access/integrated windows auth./basic authenth. I already tried repairing OWA by recreating Microsoft-Server-ActiveSync, OMA, Exadmin, Exchange, Public, ExchWeb and the DS2MB key

Is port 8080 forwarded internally?Also, you are aware you will be sending network traffic unencrypted over 80 and 8080 this way?

Yes our firewall forwards port 8080 (I also see the default website on http://external-IP:8080). I am aware that traffic is unencrypted and this is excepted at the moment (outlook web access is only enabled for a test-user. I like to take it step by step).

And what do you get when you surf to http://external-IP:8080/exchange ? I'm not fully knowledgable of SBS, but I'm told on SBS Premium, there's a file "premiuminstallsteps.htm" that contains step by step instructions for installing and configuring ISA on the Premium Technologies CD.

I would say to use SSL and that would use port 443. Daniel Petri has a great howto, you can find it here.. http://www.petri.co.il/configure_ssl_on_owa.htm also http://itknowledgeexchange.techtarget.com/itanswers/howto-internally-redirect-http-for-outlook-web-access/Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

To my understanding Wilbert doesn't want 443 and wants Exchange served on 80 as well as 8080 if I'm correct.

Hi,Did you mean the issue was encountered after inputting the username and password? If it is, that seems the issue is related to the authentication.If possible, please post the IIS log on the forum.ThanksAllen

Sorry for the late reply, I work at this office just for 2 afternoons a week. To clarify some points; I want OWA to work on port 8080 because our firewall already uses port80 and 443 and that cant be changed. ------------------------------------------------------------Again; the default website is shown on port 8080 (http://external-IP:8080) but when I go to http://external-IP:8080/exchange I get the page cannot be displayed'after the login (Firefox even shows the two frames). The strange thing is; when I use the internal IP I can login using both 80 and 8080.....When I first go to http://external-ip and then to http://external-IP/exchange the IIs log shows: 2009-11-12 14:50:20 W3SVC1 (server-IP) GET /Default.htm - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 304 0 0 2009-11-12 14:50:20 W3SVC1 (server-IP) GET /images/sbslogo.gif - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 304 0 0 2009-11-12 14:50:20 W3SVC1 (server-IP) GET /images/spacer.gif - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 304 0 0 2009-11-12 14:50:20 W3SVC1 (server-IP) GET /images/sts.gif - 80 - (Ip from person loggingg in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 304 0 0 2009-11-12 14:50:20 W3SVC1 (server-IP) GET /favicon.ico - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 404 0 2 2009-11-12 14:50:20 W3SVC1 (server-IP) GET /images/remote.gif - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 304 0 0 2009-11-12 14:50:20 W3SVC1 (server-IP) GET /images/help.gif - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 304 0 0 2009-11-12 14:50:25 W3SVC1 (server-IP) GET /exchange - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 401 5 0 2009-11-12 14:50:34 W3SVC1 (server-IP) GET /exchange - 80 - (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 401 1 0 2009-11-12 14:50:34 W3SVC1 (server-IP) GET /exchange - 80 (DOMAINNAME)\(username) (Ip from person logging in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 302 0 0

All is on port 80 .. your problems where with port 80. So, this isn't the proper log part or 8080 traffic doesn't even reach the Exchange server. There is no firewall active blocking 8080? Michel de Rooij, MCITP Ent.Msg | MCTS W2008, E2k7Conf | MCSE+Msg2k3 | MCSE+Inet2k3 | Prince2 Fnd | ITIL

On the firewall there is the port forward: extern-IP:8080 -> internal IP of the server:80And I DO SEE the default website, if port 8080 was blocked I would not see the default website, wouldn't I?I even see a successfull login in the eventviewer.

P.s I think the portforward explains the fact you only see port 80 in the IIs log.From outside I even see other pages like http://external IP:8080/ClientHelp/

(Just sharing for information) I tried following; I disabled outlook web access in the active directory.I went to http://internalIP/exchange and after login in I get a HTTP/1.1 403 Forbidden like I should.I went to http://externalIP:8080/exchange (from outside the network) and after login in I still see the page cannot be displayed.So maybe somehowsome rightsare not correct? Although I see a successful login in my event viewer and when I try to login with a not existing username the login screen pops up again.

Oops. I should drink more coffee :) 304 means not modified and 401 is an authentication issue. it clearly is an authentication thing. What do you get when you disable anonymous access for the /exchange virtual directory. Reading material: http://blogs.msdn.com/david.wang/archive/2005/07/14/HOWTO_Diagnose_IIS_401_Access_Denied.aspx Michel de Rooij, MCITP Ent.Msg | MCTS W2008, E2k7Conf | MCSE+Msg2k3 | MCSE+Inet2k3 | Prince2 Fnd | ITIL

No problem Michel, your help is appreciated J No I get: Login inter: works fine (automatic via integrated win authentication) Login extern: same thing IIS: 2009-11-12 16:39:41 W3SVC1 192.168.31.10 GET /exchange - 80 - 77.61.165.82 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 401 2 2148074254 2009-11-12 16:39:46 W3SVC1 192.168.31.10 GET /exchange - 80 - 77.61.165.82 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 401 1 0 2009-11-12 16:39:46 W3SVC1 192.168.31.10 GET /exchange - 80 SV-DOMAIN-1\duyv 77.61.165.82 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 302 0 0 But again, one step further, and I know now how to read the IIS logs.I'm going to sleep over it and will play with it an other day.

Good link, thanks.

Hi,Please check whether the firewall supports the Intergrated Windows authentication, and uncheck the anonymous access on the Exchange virtual directory to check this issue.ThanksAllen

Any progress on this Wilbert?Michel de Rooij, MCITP Ent.Msg | MCTS W2008, E2k7Conf | MCSE+Msg2k3 | MCSE+Inet2k3 | Prince2 Fnd | ITIL http://twitter.com/mderooij

No, no progress.Im really stuck and got no idea where to look further. With integrated and basic authentication enabled (default domain is selected) and I login with domain\username & password or username & password, I get: 401.2 - Logon failed due to server configuration. 401.1 - Denied by Invalid User Credentials 302 - Object moved -------------------------------------------------------------------------------------------------------------------------------------- IIS log: W3SVC1 (serverIP)GET /exchange - (ip person login in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 401 2 2148074254 W3SVC1 (serverIP)GET /exchange - (ip person login in) Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 401 1 0 W3SVC1 (serverIP)GET /exchange - 80 (domain)\(username) 77.61.165.82 Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 302 0 0 -------------------------------------------------------------------------------------------------------------------------------------- With ONLY basic authentication enabled I get: 401.2 - Logon failed due to server configuration. 302 - Object moved (within the networkwith all variations of authentication methodes work fine)

Update: when I put a / at the end of the address (http://externalIP:8080/exchange/) I get rid of the 302 - Object moved I even see the two frames and at the bottom of the screen I see he wants to open the pagehttp://externalIP/exchange/username@domain.com/Inbox/?Cmd=content IIS Error codes: 401.2 - Logon failed due to server configuration. 200 - OK. The client request has succeeded.(Could the problem be http://externalIP/exchange/username@domain.com/Inbox/?Cmd=content not showing 8080 in the address?)

I keep on looking at the 401 2 2148074254 (denied by server configuration) when I log in from outside.I have only set ' basic authentication' as authentication methode and intern it works fine.Does anyone has a bright idea on how this is possible?

(for those who find this interesting)I changed the Home directory of the default website to that of exchange (\\.\BackOfficeStorage\domain-name\MBX)And now, after logging in,I'm looking at: Directory Listing Denied This Virtual Directory does not allow contents to be listed.

Aha, these errors occurs when the Exchange Server Virtual Directory is set to be the IIS home directory.

Still no progress? What's the result of (from internet) http://externalIP:8080/exchange/username@domain.com Michel de Rooij, MCITP Ent.Msg | MCTS W2008, E2k7Conf | MCSE+Msg2k3 | MCSE+Inet2k3 | Prince2 Fnd | ITIL I blog on http://eightwone.wordpress.com/ and tweet on http://twitter.com/mderooij

Still no progress, this is my longest living problem....Adding the/username@domain.comresult in the same thing; after the login the page is timed out.W3SVC1 internIP GET /exchange/user@domain.com/ - 80 - UserIP Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 401 5 0 W3SVC1 internIP GET /exchange/user@domain.com/ - 80username UserIP Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.2;+WOW64;+Trident/4.0;+.NET+CLR+2.0.50727;+.NET+CLR+1.1.4322;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 200 0 0

Well, if you cant get it to work the way it has to be, it has to be the way it works.Changed the firewall and got everything working on default port 80.....