Tag Archives: IIS

External Connections to Internal Web Servers Over 443 Fail

Posted by

0


Probably one of the strangest issues I’ve seen, at least it seemed that way at the time.

Scenario:

2 internal web servers experiencing the symptom, one running 2010 OWA and the other a custom web application on 443. All internal users can hit each page just fine. External users cannot hit the pages and they just receive a timeout. However, if the admin logs into either of the two servers locally or via RDP and then you try again externally, it works and they can hit the web pages. This behavior only happened on 443. Customer was just using a Cisco ASA for their firewall with no web publishing.

Resolution:

Customer was a school district and I was reminded of a former life where I worked for a school district where web filtering was common. We found out that external users could only hit the pages when an Admin was logged into either of the servers; not a regular user. Combined with the below Cisco thread I found when trying to potentially pin this on the ASA it seemed a web filter or Intrusion Detection System was killing our connections.

https://supportforums.cisco.com/thread/2043090

According to the thread a Filter/IDS on the inside could potentially be issuing resets for web traffic that it did not like. In our case it was the customers “iBoss” content filter that started blocking access after a firmware update. It worked when an Administrator was logged into the web servers because it could filter based on the currently logged on AD account and there were exclusions for the Admins.

WWW Service Missing !!

Posted by

0


While not specificaly a exchange issue but could be on a Exchange server.
Had a situation where the WWW service was missing even after re-installing IIS.

Turns out there was a Group policy that changed permissions on the registry and did not allow the install.

Solution:

  1. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
  2. Give full control to the administrators group on the SVCHOST key
  3. Un-install WWW service only
  4. Re-install WWW service

Now the service should be there and running

SBS 2008 and RU3 and Outlook Repeat Login Prompt

Posted by

3


UPDATE Exchange RU9 is supposed to fix this

On Small Business Server 2008 we have see that if you install RU3 you may start getting repeatedly prompted for log in credentials when opening outlook.

I believe that is because of some additional NTLM security that is put in place which I believe is included with RU3 based on this blurb in the update documentation

“After you install this update, the authentication mode that is set for the Web site at http://companyweb changes from the NTLM authentication to the Kerberos authentication. The reason this change occurs is because we recommend that you use the Kerberos authentication instead of the NTLM authentication.”

The solution I found so far was

  1. Remove RU3 for now.
  2. re-apply the Windows Authentication on the EWS, OAB, and Autodiscover virtual directories
    1. Open Internet information Services (IIS) Manager
    2. Expand the Server -> Sites -> SBS Web Applications
    3. Click on autodiscover -> authentication ->
      image
    4. windows Authentication -> Disable -> enable
      image
    5. Repeat for OAB and EWS virtual directories
  3. restart the server

Note: It may be necessary to add the root exchange URL to the “intranet sites” for on the clients

Tools -> Internet options -> security tab -> Local Intranet -> Sites -> advanced -> add -> https://remote.domain.com

image