Web Application Proxy (Reverse Proxy) and Exchange 2019 configuration issue

0

I am noob with regards to DMZ configuration, I've never done such a thing before so I have very little knowledge on the subject, I did follow as closely as i could and configured a DMZ server with IIS WAP / Application Reverse Proxy.

Everything seems to work except for exchange and I don't understand why. I've configured CRM, RDP and our company website and all that works flawlessly, but i am unable to get Exchange working.

Exchange works internally and I am able to send and receive emails fine. But auto discover / OWA is not working externally.

Error I get when browsing the address https://mail.bayonetventures.com/owa

502 - Web server received an invalid response while acting as a gateway or proxy server. I enabled Failed request Tracing Rules and the XML can be attached if needed. but here is what i see wrong in that XML log.

<failedRequest url="https://mail.bayonetventures.com:8443/owa/" < this should just be mail.bayonetventures.com/owa not sure where its getting 8443 from
siteId="1"
appPoolId="DefaultAppPool"
processId="1364"
verb="GET"
remoteUserName=""
userName=""
tokenUserName="NT AUTHORITY\IUSR"
authenticationType="anonymous"
activityId="{80000044-0001-FE00-B63F-84710C7967BB}"
failureReason="STATUS_CODE"
statusCode="502.3"
triggerStatusCode="502.3"
timeTaken="42015"
xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
>

After a few hours of troubleshooting So currently when i go to https://mail.bayonetventures.com/owa i no longer get 502 error but what i do get is a 401 error and i am not sure what the issue is.

So my current config is as following:

  1. EXCH-01 Server Hosts Exchange 2019
  2. ADFS-01 Server hosts ADFS 3.0
  3. BayVL00-DMZ is IIS + WAP/ARR configuration on a different network/VLAN. BayVL00-DMZ has ARR configured on port 8443 which is where the port i guess in the log is coming from. So the URL in the log seems to be incorrect should it be 443 or no port at all?

Log:

<failedRequest url="https://mail.bayonetventures.com:8443/owa/sessiondata.ashx?appcacheclient=1&amp;acver=15.1.1261.39&amp;crr=1"
siteId="1"
appPoolId="DefaultAppPool"
processId="2624"
verb="POST"
remoteUserName=""
userName=""
tokenUserName="NT AUTHORITY\IUSR"
authenticationType="anonymous"
activityId="{80000027-0000-C900-B63F-84710C7967BB}"
failureReason="STATUS_CODE"
statusCode="401"
triggerStatusCode="401"
timeTaken="0"
xmlns:freb="http://schemas.microsoft.com/win/2006/06/iis/freb"
>

Aasim Shakil Pathan

Posted 2019-06-12T10:46:40.010

Reputation: 11

Answers

0

Check whether the IIS WAP can successfully ping the FQDN of Exchange server.

And check the port 443 is released or not.

joyceshen

Posted 2019-06-12T10:46:40.010

Reputation: 1

0

It was a certificate issue, I had not added the ADFS Signing Certificate in the Exchange Server as Trusted Root Certificate.

Aasim Shakil Pathan

Posted 2019-06-12T10:46:40.010

Reputation: 11

Asked: 2019-06-12T10:46:40.010

Viewed: 307 times

Active: 2019-06-17T08:03:59.483