Dave,
Get fiddler HTTP debugger on your endpoint laptop and look at the web-traffic to port 443 and what is the http error code. Or hit me offline with the IP and I can check stuff for ya. Now back to the Skywiper/Flame research,, just got pinged myself on it. Z Edward Ziots CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Steven M. Caesare [mailto:[email protected]] Sent: Thursday, May 31, 2012 10:58 AM To: NT System Admin Issues Subject: RE: http://<fqdn>/owa works interally but not externally Good deal. The external FW/proxy is something you can control directly? -sc From: David Lum [mailto:[email protected]] Sent: Thursday, May 31, 2012 10:23 AM To: NT System Admin Issues Subject: RE: http://<fqdn>/owa <http://%3cfqdn%3e/owa> works interally but not externally We have a winner! :80 works, :443 does not. Not requiring SSL gets me to the website, so I need to make sure 443 is being allowed. Makes me wonder how it was configured before, but thanks! Dave From: Steven M. Caesare [mailto:[email protected]] Sent: Thursday, May 31, 2012 7:02 AM To: NT System Admin Issues Subject: RE: http://<fqdn>/owa <http://%3cfqdn%3e/owa> works interally but not externally Tried telnetting to that FQDN:port and see if you get any response? -sc From: David Lum [mailto:[email protected]] Sent: Thursday, May 31, 2012 9:54 AM To: NT System Admin Issues Subject: RE: http://<fqdn>/owa <http://%3cfqdn%3e/owa> works interally but not externally There is a proxy of some kinds, because http://<fqdn <http://%3cfqdn> > from the Internet is a different IP than what the real box is. It acts very much like /owa simply drops the connection if it's an external connection attempt. It's just bizarre to me that via the Internet I can get to http://<fqdn <http://%3cfqdn> > and http://<fqdn>/exchange <http://%3cfqdn%3e/exchange> (it at least throws an error on this page) but not /owa...nuthin. From: Brian Desmond [mailto:[email protected]] Sent: Wednesday, May 30, 2012 3:21 PM To: NT System Admin Issues Subject: RE: http://<fqdn>/owa <http://%3cfqdn%3e/owa> works interally but not externally Does the request show up in the IIS log? What's the status code? What's between the CAS server and the user - firewalls, load balancers, reverse proxies, etc? Thanks, Brian Desmond [email protected] w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:[email protected]] Sent: Wednesday, May 30, 2012 5:38 PM To: NT System Admin Issues Subject: http://<fqdn>/owa <http://%3cfqdn%3e/owa> works interally but not externally 1. Inside the network, http://webmail.mydomain.com/owa works 2. From the Internet that URL does not However, http://webmail.mydomain.com gets me to the IIS7 landing page on the server, so I know the server is available in some fashion via Internet, but adding /owa doesn't even get me a 404 error, simple a "Internet Explorer cannot display this page". Putting /Exchange instead of /owa I get a runtime error page. Anyone have ideas on what to look for? I have tried HTTP redirect and the IIS7 redirect but those give me the same non-result. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
