[JDMils]

One of my users is using a MAC running Safari and now Firefox. She tries to access our webmail using http://webmail.v.com.au which asks her to login with her credentials.

Once she presses the Login button, the address bar changes to http://internal_mail_server.v.com.au and the browser tells her "Firefox can not find the server at internal_mail_server.v.com.au.

Why is webmail giving out the internal server name of the Exchange server when this external user is not connected to our network.

PS. Her browser works as she can google.

[Sembee]

Do you have more than one server?
Considering your other question, I am wondering if your IIS configuration for Exchange isn't configured correctly.
Basically what happens is that Exchange allows the login then if the user has logged in to another server they are redirected to the actual home of their mailbox. This will be the server's real name, not its external name.

Simon.

[JDMils]

You're a mind reader Sembee. The user was moved from XMAIL to XMAIL2. Some users are still on the old Exchange server XMAIL and some are on the new one XMAIL2.

So, how do I fix this considering the user is an external user who only connects via WebMail.

[JDMils]

I just found out that you can not have OWA (WebMail) for users on both servers- it has to be all on the new server unless I setup a front-end server which then routes the OWA requests to the relevant server.

Anyone done this before?

Edit: OK- Another idea- I'll simply forward all traffic on port 443 (https) to XMAIL2 and keep all traffic on port 80 (http) to XMAIL. I think I need to export a certificate from XMAIL to XMAIL2- now has anyone done THAT b4?

[JDMils]

OK. I've setup the SSL port to redirect to the new server. Now what do I do about the certificate?

Do I have to move the certificate from XMAIL to XMAIL2 and how will that work if the servers have different names? I'm stumped.

[Sembee]

You have two options only.

1. Both servers have unique URLs, with unique SSL certificates. That will mean both servers being exposed to the internet and the users know which server their mailbox is on.
2. You purchase a third server and Exchange 2003 standard license and configure a frontend server.

What you have done with sending port 80 traffic to one server and 443 traffic to another works, but isn't exactly secure as all users on the server with port 80 traffic have no security on their mailbox.

What I tell clients who are introducing a second server is that they should budget to actually introduce two additional servers so that a frontend server can be deployed as well. It makes the deployment and management of a multiple server org much easier, particularly for the users.

Simon.

[JDMils]

Sembee,

I understand what you're saying, but my situation is such that we are moving all users across to the new server and I need to get a new certificate setup on the new Exchange server.

Quote:

all users on the server with port 80 traffic have no security on their mailbox.

I don't understand how this makes the mailboxes on the port 80 server less secure. Anyone can log onto the port 443 server just as they would the port 80 server if they have the username & password of the relevant user. Anyone can log into both servers in this case.

Anyhow, is there a special way to create a new certificate on the new Exchange server?

EDIT: Another thing.....The users now accessing OWA on the new server, XMAIL2, type in https://webmail.v.com.au to access the OWA, but it comes up with "Site under construction". I figgered out that they need to add the virtual directory to the web address to get it to work, eg: https://webmail.v.com.au/WebMail. Is there anyway to make the virtual folder come up by default?

[Sembee]

Without the use of SSL you have no security - anything can attempt to login, the server is exposed to a brute force attack and the usernames and passwords are sent across in the clear. It isn't just the ability to login that makes a server secure.
There are now too many people in IT who were not around when Code Red struck in the late 1990's. That attacked port 80 and caused chaos.

With SSL, you get a port that is not as frequently scanned, where there is an SSL certificate which the attacker needs to know the name of (most attackers are doing bulk scans).
By your argument, why do banks use SSL? Why does Amazon etc? It isn't just about credit card information.

The virtual directories are not something that you have to create. OWA is accessed by the url server/exchange - no other URL is available by default and I strongly advise against trying to use another URL. Before you start playing around with the URL format I would suggest that you get Exchange to work correctly as it was designed. Trying to change things away from the default simply adds another layer of things that could go wrong.

SSL certificates should be purchased. That is a multiple step process, where you create the certificate on the server, send the request to a certificate supplier and then get a response. The response is then processed on the same server. Nothing special about the certificate for Exchange in E2000/2003. It is simply a certificate placed in to IIS in the usual way. All of the certificate suppliers have instructions on how to create and process a request.

Simon.

[chuteo007]

Hi, guys.
I haved a problem with my OWA.
- My internal OWA address: https://localdomainname.lan/exchange
- My internet OWA address: https://internetdomainname.com/exchange
- My CA for Default Website: Name or Common Name in the certificate request wizard is internetdomainname.com.
- When I access the url https://internetdomainname.com/exchange, The page required username/password for login internetdomainname.com. I typed the local domain username/password for signed in, but not success. Please help me to solve the problem.

[JDMils]

If your domain credentials are:
u- YourName
p- Password
d- localdomainname.lan

Then when you log into OWA, use:
u- YourName@localdomainname.lan
p- password