none
External Access to ECP RRS feed

  • Question

  • Good morning. I think this is an easy one and I am close but just dont get it.

    If I log into OWA using the internal URL and click OPTIONS it redirects me to the internal ECP.

    If I log into OWA usint the external URL and click OPTIONS I get an error "

    Your mailbox can't be accessed using the address you entered. To obtain the correct address, please contact your helpdesk. "

    Internal and External URL look fine when I look at the ECP properties.
    Does this make sense?

    Thanks

    Drew

    Wednesday, July 14, 2010 4:25 PM

Answers

  • FIXED!

    IIS --> ECP -- Authentication --> Edit Basic Auth --> Default domain.

    Tested and it workss YAY!

    Thanks to all for your hlepl.

    • Marked as answer by Sam Booka Friday, July 16, 2010 4:26 PM
    Friday, July 16, 2010 4:26 PM

All replies

  • I'm assuming you have already read this document: http://technet.microsoft.com/en-us/library/dd876904.aspx

    Verified your SSL settings are correct in IIS? Made sure your authentications mechanisms are a match with owa settings? Generally speaking, the default authentication mechanisms are basic with Forms Based Authentication enabled. 

    If you do a "get-ecpvirtualdirectory", you will be able to see all the authentication and URL names all in one shot in one place piece of cake.

    J.

    Wednesday, July 14, 2010 5:22 PM
  • yep.. I tried that doc. Here are my current settings. Before I was getting the mailbox was unavailable. Now I am getting "user/password incorrect"

    [PS] C:\Windows\system32>Get-OwaVirtualDirectory |fl *auth*

    ClientAuthCleanupLevel        : High
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    ExternalAuthenticationMethods : {Fba}

    [PS] C:\Windows\system32>Get-EcpVirtualDirectory |fl *auth*

    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    ExternalAuthenticationMethods : {Fba}

    Wednesday, July 14, 2010 6:22 PM
  • I should mention again that if i go explicitly to my internal URL  https://cas01/ecp it works fine. (well, not anymore)

    If I go explicity to OWA https://cas01/owa and from there choose options it works fine. (well not anymore.. but I can get working again)

    At no time does ECP work externally. Either the Auth failure above or the the mailbox cant be accessed message.

    Wednesday, July 14, 2010 6:28 PM
  • How are you publishing OWA and ECP externally?  ISA/TMG or NAT translation through firewall?  How does the rest of the external stuff check out?

    https://www.testexchangeconnectivity.com/

     


    Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

    Wednesday, July 14, 2010 7:15 PM
  • I would say that make sure that publishing rules in TMG/ISA includes the /ecp path. and make sure that external URL is correct and restart IIS and try again
    Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com and if you Liked my post please mark it as helpful and accept it as an answer
    Wednesday, July 14, 2010 7:18 PM
  • Ok.. we use NAT to get through the firewall.

    I tried login in to OWA using IE8. Works

    Click on OPTIONS and get page cannot be displayed.

    I tried login in to OWA using Firefox. Works.

    Clicked on OPTIONS and get prompted to authenticate. If I reauthenticate it works.

    OWA is set to use FBA-Domain\user

    ECP is set to Integrated windows.

    Sooooo.. I set BOTH to FBA and I can log in to OWA ok.. get authentication failed for ECP.

    Thoughts? I have no idea why this isnt working.

    Thursday, July 15, 2010 4:28 PM
  • By the way.. we are still using the self signed cert.. could this be related to the issue?
    Thursday, July 15, 2010 7:04 PM
  • Try assigning your external URL an internal IP using the hosts file on your local machine.  Then from your corprate private lan, connect to owa and ecp and see if it works.  If it works, delete the entry from your hosts file and try it again, but this time from outside your network.  See if it works or if the error changes.  It's just a hunch, I've been dealing with a bunch of CRL list issues recently and in the back of my head think maybe it's something related to that.

    J.

    Thursday, July 15, 2010 7:19 PM
  • I think I figured it out.

    I can logon to OWA with Username but I have to use domain\username to get into ECP.

    get-ecpvirtualdirectory has the Logontype as USERNAME but the defaultdomain is blank.

    I tried set-ecpvirtualdirectory -identity cas01\ecp* -defaultdomain HFX but that doesnt work.

    Do you know what the correct syntax is? or shoudl I be doing this from IIS or EMC ?

    Thursday, July 15, 2010 8:37 PM
  • Ok.. definitely the problem.

    At home (where I dont worry about wonky IE caching issues) if I log in with domain\username all works fine.

    Any ideas how to get the domain\ hardcoded into the ECP?

     

    Friday, July 16, 2010 1:18 AM
  • FIXED!

    IIS --> ECP -- Authentication --> Edit Basic Auth --> Default domain.

    Tested and it workss YAY!

    Thanks to all for your hlepl.

    • Marked as answer by Sam Booka Friday, July 16, 2010 4:26 PM
    Friday, July 16, 2010 4:26 PM