OWA 2013 internal/external Untangle

I know the general topic has been touched on a few times pertaining to a internal/external setup, but I wanted to bring the topic up again to see if any new ideas are out there.
With the TMG wind-down I built up a Untangle server and so far and fairly happy with it.  As most people probably have said, great in some areas but certainly lacking in some of the features TMG offered.
But... the one major feature I miss with TMG is the ability for it to handle FBA for internal sites like OWA.  Since the UT appliance requires the barebones forwarding of traffic directly to the Exchange/OWA internal IP, I have to have FBA enable for
everything.  That of course breaks the neat ability to have internal clients auto login with integrated auth.
I did come across a few posts of people trying to create separate OWA sites so internal users could use integrated windows auth, and the other site would continue to use FBA for external users. I tried following the general outline of what I was seeing and
created a separate OWA and ECP site, but every time I tried changing authentication settings I completely hosed the entire log ability.  That was multiple headaches with every change attempt so I didn't try to push the idea past a few attempts.
So... I suppose this is a multi part question.  If not using a TMG setup, can anybody offer suggestions on what is realistically possible in terms of having a internal/external option. 
Thanks

I share your pain.  I've set up separate OWA websites on Exchange 2007 and 2010 using port 444 or 4433 with basic authentication which TMG would connect to.  When trying to do that in Exchange 2013, I experienced what you say.  I've since
read that it can be done, but I haven't yet tested it myself so I can't promise that it would work.  In your case, assuming your device will send to a different port, you'd want to make that new OWA web site set for forms authentication.
This thread describes the process others report that they've used.
http://social.technet.microsoft.com/Forums/exchange/en-US/9fcd360f-6658-4940-add7-2f13265cf86b/multiple-owa-sites-on-a-single-server-2012-with-exchange-2013-mailbox-cas?forum=exchangesvrclients
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Similar Messages

  • Unable to send or recive email Internal & Externa ... Exchange 2013

    Hi all
    duo to some previse problem I hade to recover the server hard drive with a backup image.
    I recover the server with the windows installation cd &  backup image that I stored  on external HD
    the recover was done successfully & fix this issue and return the server to the time that the image was taken
    now after recovering the server unable to sent or receive e-mail from
    Internal & External
    for all users
    outlook is connected Internal & External for all users
    the web app is working Internal & External for all users
    all Exchange services are started and running
    the Exchange Server is on a one machine
    the domain is on another machineall server
    at the same network
    all servers is behind TMG server
          Thank you all

    Amy Wang
    thank you for your organized steps
    sure I disconnected all server
    that are not using with Exchange from the beginning.
    and I also reconfigure the DNS  Server\<Exchange server name>
    and I recheck the reverse lookup zone.
    as I said before the exchange was working fine until a power loss make me unable to open the ECP
    witch lead me to recover the server from a backup image
    PS. the recover was made at 8/10/2014 & the image that I use to recover was taken on 8/2/2014
    the domain server is another machine & did not recovered to that date 8/2/2014 couse it has no problem
    could this effect the relation between the domain & the exchange
    knowing that the recovering is made by windows installation cd 
    first format the HD than recopy the image that was taken on 8/2/2014
    thank you

  • OWA/ecp internally redirects to externalURL value!!

    Hi
    We have 3 CAS servers.  2 are in main site and One of these CAS servers is on the remote site.  I am having a really weird issue with the CAS server in remote site called CAS3.
    InternalURL and ExternalURL values are the same and available in both internal & external DNS.
    If we go to https://cas3 it redirects over to https://owa.domain.com address!!!!!!!!
    I did the following and no difference :-(
    1. Did an IISreset
    2. Made sure there are NO IIS redirections on / /owa & /ecp
    3. I changed InternalURL and ExternalURL value of CAS3 server to internal FQDN
    None of the above worked.  I don't have such issues with CAS1 and CAS2.  What gives???????
    Note: All mailboxes are on the production site mailbox servers.  

    Hi Kman2K,
    One of all circumstances that CAS will only perform a redirection action as below:
    For Outlook Web App requests, if the mailbox’s location is determined to be in another Active Directory site and there are CAS2013 members in that site that have the ExternalURL populated, then the originating CAS will redirect the request unless the
    ExternalURLin the target site is the same as in the originating site – in which case CAS will proxy (this is the multiple site single namespace scenario).
    More details to see:
    Exchange 2013 Client Access Server Role
    http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
    Thanks
    Mavis Huang
    TechNet Community Support

  • Changing Internal & External URLs?

    We run split DNS so right now for all services the internal and external Exchange 2010 URLs are simply set to mail.domain1.com.
    If I change them to mail.domain2.net, assuming there is a valid cert on the Exchange box for mail.domain2.net, and assuming that split DNS points mail.domain2.net to the internal/external IP of the Exchange box, new clients should pick up the new domain.
    What happens to existing clients i.e. Outlook and ActiveSync?
    Will they continue to use mail.domain1.com until the account is removed and added again, or do they do a periodic refresh/update/poll of which setting to use?
    In particular would the URL used by Outlook Anywhere be updated on the client automatically?
    This topic first appeared in the Spiceworks Community

    Hi,
    For the migration from the Exchange 2007 to Exchange 2013, we need change the external URLs with the new Exchange 2007 host name legacy.domain.com and migrate all mailboxes including public folders.
    For more information about the migration, you can refer to the following articles:
    http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration.aspx
    http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-4-step-by-step-exchange-2007-to-2013-migration.aspx
    If you have any question, please feel free to let me know.
    Thanks,
    Angela Shi
    TechNet Community Support

  • Lync internal / external web services FQDN

    I have a Standard edition 2013 FE server
    Should my internal/external web services url in DNS point to my FE internal IP or my Reverse proxy public IP?
    For mobility it says it should point to the external IP but for address book updates etc surely I want my internal windows clients using the FE pool directly?
    I am unable to differ them on 2013 standard edition...
    ***Don't forget to mark helpful or answer***

    The external web services works in conjunction with a reverse proxy in the perimeter network. It provides clients external access to by using these web services. The FQDNs configured here are sent to clients when they log on, and are used to make an HTTPS
    connection back to the reverse proxy when connecting remotely. The reverse-proxy server forwards the external web service FQDN to an internal hardware load balancer, or directly to the pool. The reverse proxy must be able to resolve the external web services
    FQDN to the IP address of the internal Web server. The external web services FDQN must be resolvable in the public Internet.
    If your internal server is a Standard Edition server, the internal FQDN is the Standard Edition server FQDN. If your internal server is a Front End pool, the FQDN is a hardware load balancer virtual IP (VIP) that load balances the internal web farm servers.
    A hardware load balancer is required in a Front End pool with more than one Enterprise Edition server. A load balancer is not required for a Standard Edition server or a single Enterprise Edition Front End Server.
    For DNS configuration, you can refer below link
    http://expertslab.wordpress.com/2014/04/09/dns-requirements-for-mobility/
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
    Mai Ali | My blog: Technical

  • OWA 2013 and Timeout

    OWA 2013 (CU6) timeout values have been set according the following article.
    http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/OutlookOWA/how-configure-public-and-private-computer-settings-owa-2013.html
    On the "external" or "public" side - default is 15 minutes.  When 15 minutes of inactivity occurs, OWA does not exit the session.  Instead the content remains on the screen - and you can browse around the information that remains
    in the display.  You cannot create a new message or open a message in a new window.
    If a browser "refresh" is sent the logon to OWA screen appears.
    Contacted Microsoft and they were also able to reproduce this same behavior.
    This is not a secure way to handle timeout.  Anyone else experience this?

    Hi,
    The time-out feature will only works with Forms-Based Authentication method enabled on CAS server.
    http://technet.microsoft.com/en-us/library/bb124787(v=exchg.141).aspx
    Although this document applies to Exchange 2010, it’s just the same in Exchange 2013.
    In addition, is there TMG in your deployment? If yes, please refer to the following document to
    configure the idle session time-out period for Outlook Web Access clients.
    Before performing this task, we must have a Web listener that uses forms-based authentication for Outlook Web Access.
    http://technet.microsoft.com/en-us/library/cc995140.aspx
    Best Regards.

  • How many DNS record need to create in Internal & external DNS server for exchange?

    Hi friends,
    I recently installed Exchange Server 2010 in my organization for testing purpose and I've register a pubic ip too for exchange server on godaddy.com. How many
    internal & External DNS records reqired to configure on external & Internal dns server so my all feature like Auto-discover, Activ -sync,& webmail start working perfectly.
    It's my first time configuring exchange for a organization.
    Thanks & Regards,
    Pradeep Chaugule

    Hi,
    Just as what ManU Philip said, you need to create
    Autodiscovery.domaincom and mail.domain.com for external dns server.
    Generally, you configure your Exchange Servers as DNS clients of your internal DNS server.
    Refer from:
    http://technet.microsoft.com/en-us/library/aa996996(v=exchg.65).aspx
    Best Regards.

  • Routing issue with dual Ethernet NICs - Internal/External Configuration under Windows 8.1 - what am I doing wrong ?

    I have a PC hosting Windows 8.1, attached to two Networks. One leads to the internet - and uses the private IP address (172.*)  the other is purely internal (also using the private address 198.*) but,  has no internet connectivity.  I'm finding
    that if I don't disable my internal NIC, I can't access any internet sites. Is this a bug, or have I not done something correctly.
    I have also, a Windows 7 PC, attached to the same Networks, and it exhibits no issues when connecting to either the internet or to internal locations.
    (Both are Enterprise builds, though only across a Windows for Workgroups network).
    Can anyone tell me what I need to be doing with Windows 8.1 please, to make both internal & external network connectivity work as is the case with Windows 7 ?
    I'm only running IPv4, and both Wired Networks have at their respective ends, Routers that support DHCP & NAT. Though the internal Router's external port is not connected to anything.
    Thanks in advance...

    Hi,
    Can you tell me what you have tried so far and how did you set?
    Firstly please update all network adapter driver.
    After that, do the following:
    1. Open the Command Prompt (Admin).
    2. Run "Ipconfig /all" to check your nics IP information.
    3. Use route command tell the computer which interface you want the packets to leave from.
    Assuming Network A is...
    10.10.11.0 /24
    Router is 10.10.10.1
    and Network B is...
    10.10.12.0 /24
    Router is 10.10.10.2
    then use this command:
    route add 10.10.11.0 mask 255.255.255.0 10.10.10.1 -p
    route add 10.10.12.0 mask 255.255.255.0 10.10.10.2 -p
    Hope this helps.
    Karen Hu
    TechNet Community Support

  • How to transfer a 8GB .MOV file from MacBook Air (late 2013) via external HD (Samsung S2 Portable) to a Dell laptop ?

    Hi guys and galls,
    How can I transfer a 8GB .MOV file from MacBook Air (mid 2013) via external HD (Samsung S2 Portable) to a Dell laptop ? The mentioned file currently will not let me transfer it to my ext HD. I want to upload it afterwards to a Dell laptop with Windows software installed.
    Reformatting the drive doesn't seem to be the sollution, since this will erase all the data stored on the ext HD, and it will only allow me to use the drive with either Apple or Microsoft equipment.
    Please HELP, running out of options here... Thnx, "Apple-Dummy"

    Apple-Dummy wrote:
    How can I tell whether my External HD is formatted NTFS?
    Attach the HDD to your MBP.  Click on the icon on the desktop COMMAND+I. It will produce a display such as this and look what it says by FORMAT.
    How do I format my External HD: FAT or ExFAT?
    Do this on a PC.  You will have to use the Windows equivalent of Disk Utility.  I am not a Windows user so I cannot give you detailed information regarding this.  I have seen on these forums that there are at times compatibility problems if formatted on a Mac.
    Which one is preferred, FAT or ExFAT? And why?
    Use ExFAT.  FAT has a file size limitation of 4 GB.
    Ciao.

  • Internal/External displays blank when external connected while sleeping

    When I connect my external display to my MBP (late 2011) while it's sleeping, the MBP awakens but both the internal & external display are blank.
    The MBP is running ML and is connected to external display via DVI. No response to external Logitech keyboard or internal keyboard. Currently my only recourse is to ssh in from a co-located Vista machine & 'sudo reboot'.
    If MBP has recently been used  (say < 5 min or so), everything's fine -- external display fires up & external KBD/Mouse work.
    I'd be interested in any way to prevent this problem if I forget to open MBP for a moment before connecting Power/DVI/USB. Alternately, a command
    I could issue via SSH to reinitialize display would be great.
    Thanks. Kent

    Pleased ignore this thread - managed to double post somehow ....? Sorry
    Chris

  • Internal/External Action in Integration Scenario

    Hi,
          What is the simple logic of defining an Action Internal/External in an integration scenario.
    For Instance, A Web application "A" is accessing "PS-EPS"(SAP) system to check the existense of Network.
    What will be the type of Usage at both ends. Why?
    Thanks,
    Debashish Sarkar

    Hi Ajith,
    Yes, you were correct go ahead.
    Refer the below link:
    http://help.sap.com/saphelp_nw70ehp2/helpdata/en/68/88a440df800160e10000000a1550b0/content.htm

  • Source system set up for internal / external access

    Hi all.
    We have an EP 6.0 (NW04 SP16) system delivering BW data from a back-end BW 3.1/3.2 system.  We are using BW Report iViews to deliver all reports to external and internal users.  I am having a very specific problem when setting up the source system for the BW system.
    The BW Report iView object uses the WAS hostname parameter(found under: System Administration -> System Configuration -> Systems -> BWSourceSystem -> Open ->Object -> "Web Application Server (WAS)") when retrieving the back-end BW report. 
    When this parameter is set using an internal host id (internal_host.company.com) internal users can access the report in question, but external users can't.  Alternatively, when this parameter is set using an external host id (ie. the host of our DMZ proxy server) external users can access the report, but internal users can't.
    I need to find a way to use one hostname for this parameter that will work for both internal and external users.  I have worked with the HTTPURLLOC table and this solution works great for URL iViews, but not for BW Report iViews.  Does anyone have any suggestions?  Thanks!

    Hi Shashi.
    We did find a solution using web dispatcher.  We actually installed two instances of web dispatcher... one in our DMZ for external access and another one our corporate LAN.  The web dispatchers are configured identically and the EP instance knows only one hostname:
    name.company.com
    The port passed to the URL https://name.company.com:port is what tells web dispatcher what to do with the request (ie. pass the request to EP, BW, ECC, R/3, etc.).
    Be aware that EP allows for only one hostname for Source System Setup - my name.company.com in my example above -(this is the EP Web Application Server hostname (WAS) parameter found under System Admin - System Config - Systems) - so you may need to do something like we did:
    register name.company.com on the internet as a public address and use that DNS mapping for external users (using your DMZ version of webdispatcher).  Subsequently, use internal DNS or host name mapping to register an internal private addresss for name.company.com (using your LAN version of web dispatcher).  this will allow both internal / external users access to the portal and other SAP back-end systems.
    It may sound a bit kludgy, but believe me - we tried everything to make this work.  I took this all of the way to SAP and this was the recommendation SAP made for allowing both internal and external users access to portal and BW data.
    Hope this helps!

  • OWA 2013 : An error occurred while signing this S/MIME message. No certificate was found.

    Hi,
    I've configured SMIME (certificate templates, signing/encryption certificate, etc.)
    All users receive their certificate, and in Outlook (2010) everything is working as expected.
    When I use the OWA 2013 however to send an encrypted message, I receive the error :
    "An error occurred while signing this S/MIME message. No certificate was found. If you have a smart card-based certificate, insert the card and try again."
    environment : exchange 2013 SP1, ie 9 and 10
    Get-SMIMEConfig
    [PS] D:\Scripts>Get-SmimeConfig
    RunspaceId                                       : 24178a41-aead-45fc-a4c2-5504b2541e7e
    OWACheckCRLOnSend                                : False
    OWADLExpansionTimeout                            : 60000
    OWAUseSecondaryProxiesWhenFindingCertificates    : True
    OWACRLConnectionTimeout                          : 60000
    OWACRLRetrievalTimeout                           : 10000
    OWADisableCRLCheck                               : False
    OWAAlwaysSign                                    : False
    OWAAlwaysEncrypt                                 : False
    OWAClearSign                                     : True
    OWAIncludeCertificateChainWithoutRootCertificate : False
    OWAIncludeCertificateChainAndRootCertificate     : True
    OWAEncryptTemporaryBuffers                       : True
    OWASignedEmailCertificateInclusion               : True
    OWABCCEncryptedEmailForking                      : 0
    OWAIncludeSMIMECapabilitiesInMessage             : False
    OWACopyRecipientHeaders                          : False
    OWAOnlyUseSmartCard                              : False
    OWATripleWrapSignedEncryptedMail                 : True
    OWAUseKeyIdentifier                              : False
    OWAEncryptionAlgorithms                          : 6610
    OWASigningAlgorithms                             : 8004
    OWAForceSMIMEClientUpgrade                       : True
    OWASenderCertificateAttributesToDisplay          :
    OWAAllowUserChoiceOfSigningCertificate           : False
    SMIMECertificateIssuingCA                        :
    SMIMECertificatesExpiryDate                      :
    SMIMEExpiredCertificateThumbprint                :
    AdminDisplayName                                 :
    ExchangeVersion                                  : 0.1 (8.0.535.0)
    Name                                             : Smime Configuration
    DistinguishedName                                : CN=Smime Configuration,CN=Global Settings,CN=customer,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=customer,DC=com
    Identity                                         : Smime Configuration
    Guid                                             : 1184683a-2fcd-446b-98a6-bf0fb16ca282
    ObjectCategory                                   : customer.com/Configuration/Schema/ms-Exch-Container
    ObjectClass                                      : {top, container, msExchContainer}
    WhenChanged                                      : 17/06/2014 14:21:52
    WhenCreated                                      : 17/06/2014 14:21:52
    WhenChangedUTC                                   : 17/06/2014 12:21:52
    WhenCreatedUTC                                   : 17/06/2014 12:21:52
    OrganizationId                                   :
    OriginatingServer                                : DC1.customer.COM
    IsValid                                          : True
    ObjectState                                      : Unchanged

    Have you set up a virtual certificate collection? Looks like that's new with Exchange 2013:
    http://technet.microsoft.com/en-us/library/dn626158(v=exchg.150).aspx
    http://technet.microsoft.com/en-us/library/dn626155(v=exchg.150).aspx
    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  • PS ; Network Activities (Internal & external) monitoring or evaluation

    Hi
    Can any one guide me how to  pull out a std report for viewing the dates maintained in Activities (Internal & external) in Network, planned dates vs actual dates of confirmation of activities.
    Pl help
    Srihari

    Hi Shrihari,
    U can use CN41N to get dates maintained in Activities (Internal & external) in Network, planned dates vs actual dates of confirmation of activities.
    Thanks & Regards,
    Jatinder Bansal

  • OWA 2013 Apps in shared mailbox

    Exchange 2013 SP1: Whenever I open my own mailbox in OWA (2013), I can see the 'Apps Bar' at the top of the email (such as Bing maps, Action Items etc) - but when I (or anyone else in the org) goes to 'Open another mailbox' that they
    have full access permissions to, this App bar disappears as soon as the other mailbox loads. This causes an issue for us as one of the apps is Symantec Enterprise Vault. The same thing appears to happen in the full Outlook 2013 client as well.
    Is there any way to make the App Bar appear when opening another mailbox?
    Thanks in advance.
     

    Hello,
    Thank you for the reply.
    This is a quick note to let you know that we are performing research on this issue.
    Thanks,
    Simon Wu
    TechNet Community Support

Maybe you are looking for

  • Error when connecting to CS6

    Hi everybody, I recently upgraded a customer application from CS4 to CS6. Most things went quite fine, but now I came across a problem I can't fix. This problem only appears when the PC, the application and InDesign are running on, doesn't have the o

  • Fotostream doesn't work in iPhoto

    Since two weeks Fotostream doesn't work in iPhoto. First it starts with not updating the Fotostream of my Account. I wondered and deactivated Fotostream and iCloud functionality in iPhoto. With no reaction I logged out with my Account in the OSX sett

  • DB proc - do you need to create a table to pass a ref cursor record type?

    I want to pass a limited selection of columns from a large table through a DB procedure using a REF CURSOR, returning a table rowtype: CREATE OR REPLACE package XXVDF_XPOS_DS021_ITEMS AS      TYPE XXVDF_XPOS_DS021_ITEM_ARRAY      IS REF CURSOR      r

  • I have set text size to Auto but it starts too small

    I have created a form in Acrobat Pro 9, and set text size to Auto in all fields. I know it is limited to the height of the field, but  one of the fields is a block for multi-line paragraghs.  Size is set to Auto, font to Times Roman.  When I open the

  • Only the trackball works!

    And the trackball click feature doesn't work either. I can only scroll around with the trackball, but I can't use the trackball as a button. My blackberry can recieve calls and messages. The screen becomes activated when plugged into the charger or b