OWA cannot access mailboxes on new BE server

I have an FE Exchange server in a DMZ with FBA enabled.  Originally, we had 
a single BE server.  Everything worked as it should.  Recently, we introduced 
a new BE server to the mix.  It is on the same address space as the original 
BE server and is at the same build level (service pack) as the other exchange 
servers.  

When I move a mailbox from the original BE server to the new BE server, I 
cannot access that mailbox through the OWA URL on the FE server.  I can 
however, access the mailbox by using OWA directly on the new BE server (i.e. 
http://server/exchange).  I have searched for answers to this issue in 
various locations, but none of the suggestions have resolved the issue so 
far.  I have verified that my authentication and host header settings 
resemble the configuration on the original BE server.  I can even hit the new 
BE server's OWA from the FE server.

The DMZ is currently set with no ACL restrictions between the FE and BE 
servers.  I ran Ethereal on the FE server and analyzed the difference between 
login attempts to accounts on both BE servers.   The major difference is that 
I do not see Kerberos traffic in the failed attempts.  Everything else looks 
fairly similar.  I see LDAP lookups taking place to Domain Controllers, but 
the HTTP GET to the BE server never happens.  In the successful attempts, I 
see Kerberos traffic between the LDAP lookups and the HTTP GET request.  

The really odd part is that our Windows Mobile devices are able to access 
mailboxes on the BE server through the URL configured on our FE server.  I'm 
not sure what is different between the two access methods.

Has anyone dealt with this before?  I would be eternally grateful for any 
suggestions offered.

Thanks,

CDB
0
CDB (23)
9/27/2006 6:48:02 PM
exchange.admin 57650 articles. 2 followers. Follow

3 Replies
302 Views

Similar Articles

[PageSpeed] 1

Put the front-end server in your Intranet where it belongs and close all the 
dangerous ports you had to open in your firewall to make it work. 
Optionally, replace it with an ISA server or other web publishing appliance.
-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"CDB" <CDB@discussions.microsoft.com> wrote in message 
news:C98E1751-1FC9-4111-9D3D-D4E7289B5AED@microsoft.com...
>
> I have an FE Exchange server in a DMZ with FBA enabled.  Originally, we 
> had
> a single BE server.  Everything worked as it should.  Recently, we 
> introduced
> a new BE server to the mix.  It is on the same address space as the 
> original
> BE server and is at the same build level (service pack) as the other 
> exchange
> servers.
>
> When I move a mailbox from the original BE server to the new BE server, I
> cannot access that mailbox through the OWA URL on the FE server.  I can
> however, access the mailbox by using OWA directly on the new BE server 
> (i.e.
> http://server/exchange).  I have searched for answers to this issue in
> various locations, but none of the suggestions have resolved the issue so
> far.  I have verified that my authentication and host header settings
> resemble the configuration on the original BE server.  I can even hit the 
> new
> BE server's OWA from the FE server.
>
> The DMZ is currently set with no ACL restrictions between the FE and BE
> servers.  I ran Ethereal on the FE server and analyzed the difference 
> between
> login attempts to accounts on both BE servers.   The major difference is 
> that
> I do not see Kerberos traffic in the failed attempts.  Everything else 
> looks
> fairly similar.  I see LDAP lookups taking place to Domain Controllers, 
> but
> the HTTP GET to the BE server never happens.  In the successful attempts, 
> I
> see Kerberos traffic between the LDAP lookups and the HTTP GET request.
>
> The really odd part is that our Windows Mobile devices are able to access
> mailboxes on the BE server through the URL configured on our FE server. 
> I'm
> not sure what is different between the two access methods.
>
> Has anyone dealt with this before?  I would be eternally grateful for any
> suggestions offered.
>
> Thanks,
>
> CDB 


0
curspice6401 (3487)
9/28/2006 4:40:02 AM
Ed,

I don't see how this will help.  It is working with one BE server, just not 
the new one.  The FE server is only accessible via port 443 from the outside. 
 The overly-permissive DMZ -> Internal ACL's are equivalent to having the FE 
server on the same network as the BE server.  Have I misunderstood your 
suggestion?

-CDB

"Ed Crowley [MVP]" wrote:

> Put the front-end server in your Intranet where it belongs and close all the 
> dangerous ports you had to open in your firewall to make it work. 
> Optionally, replace it with an ISA server or other web publishing appliance.
> -- 
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
> 
> "CDB" <CDB@discussions.microsoft.com> wrote in message 
> news:C98E1751-1FC9-4111-9D3D-D4E7289B5AED@microsoft.com...
> >
> > I have an FE Exchange server in a DMZ with FBA enabled.  Originally, we 
> > had
> > a single BE server.  Everything worked as it should.  Recently, we 
> > introduced
> > a new BE server to the mix.  It is on the same address space as the 
> > original
> > BE server and is at the same build level (service pack) as the other 
> > exchange
> > servers.
> >
> > When I move a mailbox from the original BE server to the new BE server, I
> > cannot access that mailbox through the OWA URL on the FE server.  I can
> > however, access the mailbox by using OWA directly on the new BE server 
> > (i.e.
> > http://server/exchange).  I have searched for answers to this issue in
> > various locations, but none of the suggestions have resolved the issue so
> > far.  I have verified that my authentication and host header settings
> > resemble the configuration on the original BE server.  I can even hit the 
> > new
> > BE server's OWA from the FE server.
> >
> > The DMZ is currently set with no ACL restrictions between the FE and BE
> > servers.  I ran Ethereal on the FE server and analyzed the difference 
> > between
> > login attempts to accounts on both BE servers.   The major difference is 
> > that
> > I do not see Kerberos traffic in the failed attempts.  Everything else 
> > looks
> > fairly similar.  I see LDAP lookups taking place to Domain Controllers, 
> > but
> > the HTTP GET to the BE server never happens.  In the successful attempts, 
> > I
> > see Kerberos traffic between the LDAP lookups and the HTTP GET request.
> >
> > The really odd part is that our Windows Mobile devices are able to access
> > mailboxes on the BE server through the URL configured on our FE server. 
> > I'm
> > not sure what is different between the two access methods.
> >
> > Has anyone dealt with this before?  I would be eternally grateful for any
> > suggestions offered.
> >
> > Thanks,
> >
> > CDB 
> 
> 
> 
0
CDB (23)
9/28/2006 4:00:02 PM
Are you seeing any authentication attemps in the IIS logs of your BE
server? Also try running EXPBA on your backend server to see if it
reports any issues.

James Chong

CDB wrote:
> Ed,
>
> I don't see how this will help.  It is working with one BE server, just not
> the new one.  The FE server is only accessible via port 443 from the outside.
>  The overly-permissive DMZ -> Internal ACL's are equivalent to having the FE
> server on the same network as the BE server.  Have I misunderstood your
> suggestion?
>
> -CDB
>
> "Ed Crowley [MVP]" wrote:
>
> > Put the front-end server in your Intranet where it belongs and close all the
> > dangerous ports you had to open in your firewall to make it work.
> > Optionally, replace it with an ISA server or other web publishing appliance.
> > --
> > Ed Crowley
> > MVP - Exchange
> > "Protecting the world from PSTs and brick backups!"
> >
> > "CDB" <CDB@discussions.microsoft.com> wrote in message
> > news:C98E1751-1FC9-4111-9D3D-D4E7289B5AED@microsoft.com...
> > >
> > > I have an FE Exchange server in a DMZ with FBA enabled.  Originally, we
> > > had
> > > a single BE server.  Everything worked as it should.  Recently, we
> > > introduced
> > > a new BE server to the mix.  It is on the same address space as the
> > > original
> > > BE server and is at the same build level (service pack) as the other
> > > exchange
> > > servers.
> > >
> > > When I move a mailbox from the original BE server to the new BE server, I
> > > cannot access that mailbox through the OWA URL on the FE server.  I can
> > > however, access the mailbox by using OWA directly on the new BE server
> > > (i.e.
> > > http://server/exchange).  I have searched for answers to this issue in
> > > various locations, but none of the suggestions have resolved the issue so
> > > far.  I have verified that my authentication and host header settings
> > > resemble the configuration on the original BE server.  I can even hit the
> > > new
> > > BE server's OWA from the FE server.
> > >
> > > The DMZ is currently set with no ACL restrictions between the FE and BE
> > > servers.  I ran Ethereal on the FE server and analyzed the difference
> > > between
> > > login attempts to accounts on both BE servers.   The major difference is
> > > that
> > > I do not see Kerberos traffic in the failed attempts.  Everything else
> > > looks
> > > fairly similar.  I see LDAP lookups taking place to Domain Controllers,
> > > but
> > > the HTTP GET to the BE server never happens.  In the successful attempts,
> > > I
> > > see Kerberos traffic between the LDAP lookups and the HTTP GET request.
> > >
> > > The really odd part is that our Windows Mobile devices are able to access
> > > mailboxes on the BE server through the URL configured on our FE server.
> > > I'm
> > > not sure what is different between the two access methods.
> > >
> > > Has anyone dealt with this before?  I would be eternally grateful for any
> > > suggestions offered.
> > >
> > > Thanks,
> > >
> > > CDB 
> > 
> > 
> >

0
9/29/2006 1:57:57 PM
Reply:

Similar Artilces:

Two mailboxes
Hello, I have two mailboxes in my Outlook 2003. If I get a message to my 2'nd mailbox & click "reply" - default set in From field is usernamename from my first mailbox. How can I change it? I can choose manually by clicking From field & setting my first mailbox but I would like to fill it automatically. regards Joanna You'll need to use a 3rd party utility to change it automatically. http://www.slipstick.com/mail1/sendaccount.htm#tools -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Need Help with Common Tasks? http://www.outlo...

Set FROM field default > Replying to messages in somebody else's mailbox in Outlook 2k3 + exchange 2k3
Scenrio...... I have exchange server running with 1 main mail account where fresh emails come in from customers eg info@mycompany.com now this mailbox is opened by every users account so in the folder view they see their own account lets say dave@mycompany.com and the main info one...... dave inbox sent items outbox info inbox sent items outbox All fine and dandy and emails are working in and out. But if "Dave" for instance wants to answer an email int he info accounts inbox he must select his name in the "from" field everytime (I know I can al...

find the latest date in access 2007
hi there! I'm a bit stressed trying to get this sorted by I just cant! My question is the following. I have a database of three tables: Dis_cat, admission and patient. The Dis_cate table has only two categories : dead and alive. I just have to find out who was the last patient to die. I have this code in access: SELECT Dis_cat.category, Admision.outdate, Patient.pname FROM Patient INNER JOIN (Admision INNER JOIN Dis_cat ON Admision.dischno = Dis_cat.dischno) ON Patient.nhsno = Admision.nhsno WHERE (((Dis_cat.category)="dead")); But I cant find the latest date. I...

Cannot see Access querry in Microsoft word
I cannot access a Microsoft Access querry when I try to do a mail merge in Microsoft Word. (Microsoft Office 2003) See response in the mailmerge fields newsgroup -- Hope this helps. Please reply to the newsgroup unless you wish to avail yourself of my services on a paid consulting basis. Doug Robbins - Word MVP, originally posted via msnews.microsoft.com "Guy Delaney" <delaney@unitedsolution.net> wrote in message news:e7ccT6hnKHA.5700@TK2MSFTNGP04.phx.gbl... > I cannot access a Microsoft Access querry when I try to do a mail merge in > Microso...

Using Access Reports in other EXE file
Hello I'd like to use access reports from any access version XP, 2000 or 97; because of the easy way to build such reports. Have you ever found or built any solutions permitting to reuse such access reports objects in other exe files, developped in Visual Basic, Visual Studio or even Delphi.... Thanks a lot for your suggestions Hi. Most programming languages support launching an executable, so the Snapshot Viewer executable would be a good choice for viewing reports exported from Access as Snapshot (*.SNP) files. Access would not need to be installed on the computer in order to view ...

Public Folder access
How can i change it so an account i'm using for exchsync has owner privelages on the All Public Folders root on Exchange 5.5? Many thanks, Phill H. A problem with PF permissions here is the lack of granularity and the ability to append rather than overwrite. You would need to use some 3rd party tools to add the permission with granlarity. Aelita and I think NetIQ have such tools. >-----Original Message----- > How can i change it so an account i'm using for exchsync has owner privelages on the All Public Folders root on Exchange 5.5? > > Many thanks, > >Phil...

moving pst data to new outlook
hi to all, i would like to move date from my office system computer to my home system ...i have exported the info and when i go to import the system tell me that i do not have the ok how do i correct this problem ??? thanks for you help You can't import directly from a read-only (eg. cd-r/rw) source. You need to copy the pst file to the hard drive and remove the read-only attribute. oh and one other thing... if the pst file was burned to a cdr/rw at a speed faster than 4x, it might not be readable. "james" <fdijamesm@saturn2.com> wrote in message news:204a401c4591a$4...

Exchange Server status during DST change over
Can anyone point me at a resource for what to do during DST change back to normal time? I'm not talking what patches to install or how to "fix" your computer, I'm asking what do you do with the server during the hour rollback. Every resource on the web (that I can find) just talks about patch this, run that, etc. It may be an obvious answer but what do we do during the period of change over, when the clocks go back one hour? Leave the server on, shut it down so it doesn't have any connections, or what? Let it roll into the new time or shut it down during the proble...

Outlook Web Access Problem
Hi All, Heres short version of my recent post. On accessing my Exchange Server Outloook Web Access from internet through a firewall from Windows 2000 client, I am unable to login and after 3 tries get "Error: Access is denied". Please refer to my recent post with subject for explanation to question "OWA Access Is Denied for Win2k Users on internet" Thank You, rawCoder Havent seen the other posts, but this is always a good place to start: E200x: http://support.microsoft.com/default.aspx?scid=kb;en-us;326303 5.5: http://support.microsoft.com/default.aspx?scid=kb;en...

Public Folder client access permissions
Hi, I am unable to view MAPI permissions when i click client permissions from Public folder properties. The permissions I see instead is of Windows 2003 format... I want to view permissions in MAPI format. I am using ESM > Folders > Public Folder tree branch to assign permissions. ref url http://www.microsoft.com/technet/prodtechnol/exchange/2003/insider/pubfolderpermissions.mspx#EME if you see in the above URL, there are two windows, one is MAPI permissions other is Windows 2000 permissions..I want MAPI one..that is easier.. Your reference refers to different types of Public Fol...

convert sql file to access
Is there any way i can convert a sql file (downloaded as a backup from an online forum) to ms access? Basically the aim of doign this is to be able to print a custom made report from the forum data Well, there is a free working copy of sql server on your office CD (it is the desktop editing of sql server called MSDE). Perhaps you can just install that..and then view/edit the data? The MSDE . At that point, you can either a) simply export the data to something that ms-access can read. (if you have the sql server tools installed, then you can use the DTS services ..and export to ms-ac...

Tony Toews Blog re Access Copyrite
Hi I read Tony Trowes comment (with which I agree) and was wondering about copywrite (or copyright?). http://msmvps.com/blogs/access/archive/2007/11/12/google-s-motto-quot-don-t-be-evil-quot-hogwash.aspx So, here is a formula that I came up with this morning. = [SomeOtherField] I know, it's impressive. Question. Do I own the copywrite on this formula? OK I know this is daft example but some (all) of the codes and answers that are posted in this forum take quite a while to work out and are slightly more complex. I have been informed that copyright can be awarded or taken &q...

Server ftp
Salve a tutti, per caso sapete se � pi� sicuro un server ftp come file zilla o un servizio di storage come skydrive? ...

Office XP Professional User having Trouble Accessing Excel and Office Updates
I am suddenly having trouble accessing Excel and Office Updates. According to my profile I have the following version of Office: MSOffice XP Professional Version 2002 SP1 When I try to go in to Excel I get a Windows Installer pop-up. Then its goes to Windows Installer and I get an error message saying" the feature you are trying to use is on a network resource that is unavailable. Then I get Error 1706. Setup cannot fing the required files. The patch \\Puma\base\software\desktop\officexp\PROPLUS.MSI cannot be found I am also running into a similar problem when trying to ...

Problems With Access 97 in Access 2002
I have an Access 97 database that I am opening in Access 2002 in “compatability” mode. What is happening is that it goes into a “loop” – the status bar shows messages over and over. Sometimes I can break out of it. I can convert it Ok, however. What’s going on? ...

How do I access the 256 color palatte in excel #2
How do I access the 256 color palatte in excel Tools menu - Options - Color tab. -- Sincerely, Michael Colvin "Stick Frame" wrote: > How do I access the 256 color palatte in excel XL can only display 56 colors at any one time. You can change any of the 56 using Tools/Options/Colors, and clicking the Modify button. In article <6A3E973D-A17D-48FA-B07C-9242895DF17F@microsoft.com>, "Stick Frame" <StickFrame@discussions.microsoft.com> wrote: > How do I access the 256 color palatte in excel ...

Multivalued Field Functionality in Access 2003
Hello All, I am in a bit of a dilemma. I am trying to design an Access Database that quite frankly needs multivalued fields so that I can use a checked listbox, but I am limited to Access 2003 and cannot use Access 2007, in which I already have a fully working model. I am building a database with a central table, called GENERAL. There are 5 additional forms, DRUGNAME, ADDITIONALMEDICATIONS, INJURYINFORMATION, etc. Each one contains one field which has a list. For example the DrugName table would contain a list of all the prescription drugs that the person possibly could have been on. In 200...

CRM Mobile will not register with server
I have CRM Mobile setup. I log on on the phone and then I get waiting to register device, It will not register. I can view both websites that I need to and have SSL temporarily turned off for testing. I am using the Wifi on my phone with an internal IP address so I can access CRM. Also have tried the phone on a VPN connection. No Dice, Any suggestions. Hi Stephen, What we have found, after a couple MS cases, is to get it working on USB locally on a pc first then move out to other connection methods (wifi, web and vpn etc) as the first registration is pretty vital! What error...

new emails not being shown in inbox
Hey everyone, I have a really weird problem with Outlook 2003, have recently done a server migration and moved everyone over to a new domain, I exported someones email out from their older user area, and then imported it in the new user area, but now, it doesn't show any mail coming in. I closed outlook and went to mail2web.com, and sent myself 2 test emails, they were there, and left it 5 minutes, still there, so I opened and outlook and did a send/receive, and the email weren't there any more. So I did an Advanced find and it couldn't find the emails i was asking it for, howeve...

insert a new cell into an existing formula
I have a simple formula in excel that adds every 7th row for a total. When I add rows to this worksheet (in the center), the formula does not update to reflect the new cells. How do I get the SUM formula to update? A formula such =SUMPRODUCT((A1:A20)*(MOD(ROW(A1:A20),7)=0)) will reflect the changes if a row is inserted within the range. What is yours like? -- HTH RP (remove nothere from the email address if mailing direct) "Debbie" <Debbie@discussions.microsoft.com> wrote in message news:DE30DEA6-840E-48FB-B372-C9EC015E9258@microsoft.com... > I have a simple form...

Recipient Policies (Mailbox Manager)
On Exchange 2003, if I set up a Recipent Policy (Mailbox Manager) to clear out my users Junk Email folder, can I apply this to a group? I have set up a security group and built the LDAP query in Mailbox Manager window, but just wanted to check it was going to act on the member of the group and not the actual group itself. Thanks If you preview the filter do you get the correct list of accounts? Post the filter to the list. You should always test to create a test group and accounts. Nue "K" <@.> wrote in message news:e7DfV05YGHA.4580@TK2MSFTNGP03.phx.gbl... > On E...

Where do I paste in the following Access SQL code into my routine?
Access code: SELECT AXA_BILLING1.[Profile Name], Sum(AXA_BILLING1.[Parts In]) AS [SumOfParts In], Sum(AXA_BILLING1.[Parts Out]) AS [SumOfParts Out] FROM AXA_BILLING1 GROUP BY AXA_BILLING1.[Profile Name]; VBA code: Dim conDB As ADODB.Connection Dim recDB As ADODB.Recordset Dim i As Integer Sheets("NDM-Assoc").Select Range("A1:E65500").Select Selection.ClearContents i = 1 Set recDB = New ADODB.Recordset Set conDB = New ADODB.Connection conDB.CursorLocation = adUseClient conDB.Open "PROVIDER=Microsoft.Jet.O...

After hitting Send-New a Follow up MsgBox
Hi, I was wondering if after I hit the send button to send an email, I would like a message box to appear to ask if I want to set a reminder that I need to follow up on this message. If I click yes, then it will show up in my tasks If I click no, then the message sends normally. Thanks, Sean ...

errors on exchange server
we are generating a report only of our mailbox manager and i noticed we just started getting a 1031 error. we haven't run our mailbox clean up in a few (7) months and has been running for a few hours. we have no problem withthe routing engine and i am assuming this message cam up because of the resources being dedicated to the Clean up engine. is this correct? ...

new to group
I'm kinda new around here.. I've been using Access on and off for a couple of years.. I'd like to find some good resources-- like websites-- for Access 2007.. are there any Access 2007 specific websites that are important to keep up with? thanks -Thomas Hi: You might want to check out Jeff Conrad's site.. http://accessjunkie.com/default.aspx It provides various links. HTH Fred Boer "IRS Intern" <irsintern@hotmail.com> wrote in message news:1177463086.602342.92380@r3g2000prh.googlegroups.com... > I'm kinda new around here.. I've been using A...