[isalist] OWA Problem
- From: Rob Moore <RMoore@xxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 6 Jun 2012 15:31:28 +0000
We are in the midst of a transition from Exchange 2007 to Exchange 2010. So we
have two sets of rules to enable external access through our TMG 2010 server,
rules for the people whose mailboxes are still on Exchange 2007 and rules for
those now on Exchange 2010. After a lot of messing about, we got everything
working acceptably. Everything has been stable for a few weeks.
Then, a couple of days ago, we started having this odd problem. If a user's
mailbox is still on Exchange 2007, everything works normally. But if a user's
mailbox is on Exchange 2010, s/he can connect to OWA normally, but when s/he
tries to open anything in the "Options" menu (e.g., Set Automatic Replies or
Change Your Password), s/he gets a TMG error page that says "Network Access
Message: The page cannot be displayed" and further down it says "Error Code:
403 Forbidden. The server denied the specified Uniform Resource Locator (URL).
Contact the server administrator. (12202)"
I monitored it on the TMG console and got several errors. I've pasted some in
at the end of this email.
We are not aware of any changes to our TMG rules or our Exchange 2010 servers.
(Well, with one exception: I was working with MS PSS on an unrelated TMG issue.
The MS tech created two new rules right at the top of the stack, and then later
that day was when the problem started. However, if I disable those two rules,
the OWA problem still exists. So I don't THINK those rules have anything to do
with this problem.)
Why is TMG suddenly interfering here? Or would you say that the problem is
originating on the Exchange server?
Thanks for any input,
Rob
Here's one error:
Client Agent Authenticated Client Service Referring Server
Destination Host Name Transport HTTP Method Filter
Information MIME Type Object Source Cache Information
Error Information Source Port Session Type
Bidirectional Network Interface Raw IP Header Raw Payload
Processing Time Bytes Sent Bytes Received Original Client IP
GMT Log Time Authentication Server UAG Array Id UAG
Version UAG Module Id UAG Id UAG Severity UAG Type
UAG Event Name UAG Session Id UAG Trunk Name
UAG Service Name UAG Error Code Internal Service Info
Log Field Client Application SHA1 Hash Client Application
Trust State Client Application Internal Name Client
Application Product Name Client Application Product Version
Client Application File Version Client Application Original File Name
Client FQDN URL Categorization Reason Forefront TMG Client
Version URL Destination Host Name Log Time Client IP
Destination IP Destination Port Protocol
Action Overridden Rule NIS Scan Result NIS Signature NIS
Application Protocol Rule Result Code HTTP Status
Code Client Username Source Network
Destination Network URL Server Name URL Category Log Record
Type Malware Inspection Action Malware Inspection Result
Threat Name Threat Level Content Delivery Method
Malware Inspection Duration (msec) NAT Address Client Application Path
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MS-RTC EA 2;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Yes
Reverse Proxy webmail.afsc.org TCP GET
Req ID: 0dad9a43; Compression: client=Yes, server=No, compress rate=0%
decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged
off=no, client type=private, user activity=yes
0x0 0x0 11667 Web Proxy
- - - 1 3391 873
- 6/6/2012 2:46:59 PM
0 0
0 0
- - - -
- - - -
webmail.afsc.org 6/6/2012 10:46:59 AM 209.120.230.110
209.120.230.118 443 https Denied
Connection Inspected
Default rule 12202 Forefront TMG denied
the specified Uniform Resource Locator (URL). anonymous External
Local Host
http://webmail.afsc.org/ecp/?rfr=owa&p=Organize/AutomaticReplies.slab
PHL-TMG2 - Web Proxy Filter
0
- -
Here's another:
Client Agent Authenticated Client Service Referring Server
Destination Host Name Transport HTTP Method Filter
Information MIME Type Object Source Cache Information
Error Information Source Port Session Type
Bidirectional Network Interface Raw IP Header Raw Payload
Processing Time Bytes Sent Bytes Received Original Client IP
GMT Log Time Authentication Server UAG Array Id UAG
Version UAG Module Id UAG Id UAG Severity UAG Type
UAG Event Name UAG Session Id UAG Trunk Name
UAG Service Name UAG Error Code Internal Service Info
Log Field Client Application SHA1 Hash Client Application
Trust State Client Application Internal Name Client
Application Product Name Client Application Product Version
Client Application File Version Client Application Original File Name
Client FQDN URL Categorization Reason Forefront TMG Client
Version URL Destination Host Name Log Time Client IP
Destination IP Destination Port Protocol
Action Overridden Rule NIS Scan Result NIS Signature NIS
Application Protocol Rule Result Code HTTP Status
Code Client Username Source Network
Destination Network URL Server Name URL Category Log Record
Type Malware Inspection Action Malware Inspection Result
Threat Name Threat Level Content Delivery Method
Malware Inspection Duration (msec) NAT Address Client Application Path
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MS-RTC EA 2;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Yes
Reverse Proxy https://webmail.afsc.org/owa/ webmail.afsc.org
TCP GET Req ID: 0dad99e4; Compression: client=Yes, server=No,
compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes,
updated=no, logged off=no, client type=private, user activity=no
text/html; charset=UTF-8 Internet 0x610c0000
0x582 15653 - -
- 9984 712 860 - 6/6/2012
2:46:59 PM 0
0
0 0 -
- - - - -
- - webmail.afsc.org
6/6/2012 10:46:59 AM 209.120.230.110
172.17.200.117 443 https Failed Connection Attempt
Inspected Outlook Web Access
10054 An existing connection was forcibly closed by the
remote host. afsc\rmoore External Local
Host
http://webmail.afsc.org/owa/ev.owa?UA=0&oeh=1&ns=PendingRequest&ev=PendingNotificationRequest&canary=hBU7-81RBU2DB0XkmaeH0WUbeH2KF88Ie_NQtORBsJALoLmDClmusrEUeQBTxSvw3yevmb-0Q7Q.
PHL-TMG2 - Web Proxy Filter
0
- -
I got several of these that are almost identical, except for a file name:
Client Agent Authenticated Client Service Referring Server
Destination Host Name Transport HTTP Method Filter
Information MIME Type Object Source Cache Information
Error Information Source Port Session Type
Bidirectional Network Interface Raw IP Header Raw Payload
Processing Time Bytes Sent Bytes Received Original Client IP
GMT Log Time Authentication Server UAG Array Id UAG
Version UAG Module Id UAG Id UAG Severity UAG Type
UAG Event Name UAG Session Id UAG Trunk Name
UAG Service Name UAG Error Code Internal Service Info
Log Field Client Application SHA1 Hash Client Application
Trust State Client Application Internal Name Client
Application Product Name Client Application Product Version
Client Application File Version Client Application Original File Name
Client FQDN URL Categorization Reason Forefront TMG Client
Version URL Destination Host Name Log Time Client IP
Destination IP Destination Port Protocol
Action Overridden Rule NIS Scan Result NIS Signature NIS
Application Protocol Rule Result Code HTTP Status
Code Client Username Source Network
Destination Network URL Server Name URL Category Log Record
Type Malware Inspection Action Malware Inspection Result
Threat Name Threat Level Content Delivery Method
Malware Inspection Duration (msec) NAT Address Client Application Path
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MS-RTC EA 2;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) No
Reverse Proxy
https://webmail.afsc.org/ecp/?rfr=owa&p=Organize/AutomaticReplies.slab
webmail.afsc.org TCP GET Req ID: 0dad9a45;
Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA
cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=private,
user activity=no 0x0 0x80
18515 - - -
1 28774 1032 - 6/6/2012 2:46:59 PM
0 0
0 0 -
- - - - - -
- 6/6/2012 10:46:59 AM
209.120.230.110 209.120.230.118 443
https Failed Connection Attempt
12210 An
Internet Server API (ISAPI) filter has finished handling the request. Contact
your system administrator. anonymous
http://webmail.afsc.org/Wbo-CB10098D-AA05-4CA8-A009-E17E9C19A0A3/logo.png
PHL-TMG2 Unknown Web Proxy Filter
0
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Helpdesk: 800-500-AFSC
Other related posts:
