none
OWA - Error Code: 403 Forbidden

    Question

  • Hi All,

    I'm having difficulty getting my OWA to work on my SBS2003 box.
    When I try to access the OWA site (https://mail.mydomainname.com.au/exchange) I get the following error message:

    The page cannot be displayed

    Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

    Try the following:

    • Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
    • Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
    • Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.

    Technical Information (for support personnel)

    • Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

    I originally noted that the certificate name was different (originally www.mydomainname.com.au), I re-ran the SBS internet connection wizard and when prompted created a new certificate for mail.mydomainname.com.au. So when I try to access the site it is still warning me that it is not a public certified certificate, but still allows me to proceed to the web site by clicking on a link (which is when I get the above error message).

    In my research I have seen sites that suggest that the Virtual Folders are corrupt and need to be recreated? I'm not sure if I should do this on an SBS box though.

    Any help would be greatly appreciated.

    Thanks.
    Thursday, October 16, 2008 4:59 AM

Answers

  • It seems that you have an ISA server along with your SBS server, as the error code "Forbidden server denied specified Uniform Resource Locator 12202", is due to ISA server.

    Which ISA server are you using? ISA 2004 or 2006?

    Either the external requests are being blocked by ISA or ISA isn't configured properly.

     

    Try to re-run the wizard and where it asks for the fully qualified server name (eg. server.domain.local) appeared as the default. By putting in www.domain.com (the server will registered .com address).

    Check these links:

     

    www.domain.com (the server will registered .com address).

    Check these links:

     

    http://support.microsoft.com/kb/947124

    http://www.sbsusers.net/techinfo/SBS_BP.htm

    Wednesday, October 22, 2008 12:43 AM
  • Well we are modifying the way how the server connects to the internet, using firewall.

    There would be no change at all for the internal users, and if you have any doubts you can try this after hours.

     

    The only reason why I am asking you to do this step, is as I believe that internet requests are getting filtered at your firewall.

     

    You can try to telnet your server from the external computer using port 80 and 443. And check if it gets through or is filtered.

    Wednesday, October 22, 2008 5:02 PM

All replies

  • Hi,
     
    After you installing a new certificate on default web site,can you access OWA now?
     
    Besides,what do you mean Virtual Folders?
     
    Regards,
    Xiu
    Friday, October 17, 2008 6:08 AM
  • No, after creating a new certificate I still can not access OWA.

    The virtual folders in Exchange System Manager. Here's an example of one of the links I found to do the reset:
    http://support.microsoft.com/default.aspx?kbid=883380
    Again, though, I don't know if this should be done given my specific problem, I only mention it as I've seen other forums that suggest this path.

    Thanks.
    Friday, October 17, 2008 7:12 AM
  •  

    Check all virtual dirs in IIS if they have SSL enabled.

     

    SSl should only be enabled on /exchange

     

    Also, are you able to browse /exchange..it should bringup the OWA of loggedin Admin.

    If nothing works you can folowup the steps memntioned in the support article above, but before that take a backup of IIS.

     

    Regards

     

    Gaurav.

    Friday, October 17, 2008 8:39 PM
  • Follow the steps mentioned by v-9gtras and also check if SSL is enforced on the default website? We should not have SSL enforced on default website.

     

    Also try to browse default website, and check if you get "Page Under Construction" message.

     

    Friday, October 17, 2008 9:41 PM
  • Thanks guys for your posts.

    Something else worth mentioning is that if I browse over the LAN to https://SERVERNAME/Exchange it works fine. I can see and log into OWA. This is only happening when I try to access it outside of the office.

    It makes me think that it's not something to do with OWA itself (virtual directories etc) but the networking between the router and the server?

    As far as I was aware, though, it only needs ports 80 and 443 to access OWA?
    I have any request coming into the router on port 443 forwarded to the SBS server that is running Exchange (only 1 server, nothing complex).

    Thanks.
    Tuesday, October 21, 2008 11:58 PM
  • Oh, and I've obviously got port 25 already going through to the server for SMTP. No problems there.
    Wednesday, October 22, 2008 12:00 AM
  • It seems that you have an ISA server along with your SBS server, as the error code "Forbidden server denied specified Uniform Resource Locator 12202", is due to ISA server.

    Which ISA server are you using? ISA 2004 or 2006?

    Either the external requests are being blocked by ISA or ISA isn't configured properly.

     

    Try to re-run the wizard and where it asks for the fully qualified server name (eg. server.domain.local) appeared as the default. By putting in www.domain.com (the server will registered .com address).

    Check these links:

     

    www.domain.com (the server will registered .com address).

    Check these links:

     

    http://support.microsoft.com/kb/947124

    http://www.sbsusers.net/techinfo/SBS_BP.htm

    Wednesday, October 22, 2008 12:43 AM
  • ISA 2004 is in use.
    I assume you are talking about the Internet Connection Wizard..?

    Thanks.
    Wednesday, October 22, 2008 1:08 AM
  •  

    Yes the internet connection wizard, and dont select "Do not change ****** " for any option.

    Also check if you are able to open OWA from the ISA server, ie accessing OWA by entering the servername/exchange

     

    Wednesday, October 22, 2008 2:08 AM
  • Can I run this while staff are logged into the system?
    '
    dont select "Do not change...' - what effect will this have on the existing Exchange system? Will it affect the existing mailbox store at all? I'm assuming not.

    Thanks.
    Wednesday, October 22, 2008 3:26 AM
  • Well we are modifying the way how the server connects to the internet, using firewall.

    There would be no change at all for the internal users, and if you have any doubts you can try this after hours.

     

    The only reason why I am asking you to do this step, is as I believe that internet requests are getting filtered at your firewall.

     

    You can try to telnet your server from the external computer using port 80 and 443. And check if it gets through or is filtered.

    Wednesday, October 22, 2008 5:02 PM