Software

Beware of firewall interference with OWA

If OWA users aren't able to view certain messages, your firewall may be the culprit. Take a look at this case study of a college that experienced just that.

Some organizations roll out Exchange just because Outlook Web Access (OWA) in Exchange 2003 provides very similar capability to what's offered by the full Outlook 2003 client. However, some firewalls and intrusion prevention systems are locked down so tight that OWA either doesn't work at all or works only sporadically.

For example, a recent OWA rollout at a college was going very well until some OWA users reported that they were receiving "The page cannot be found" HTTP errors upon opening some messages. These messages were showing up in OWA's preview pane, and even double-clicking the item to open it in a new window resulted in the same error.

The problem was easily recreated, and the IT staff discovered that certain messages resulted in this behavior—only when the OWA user had to traverse the firewall in order to use OWA. Internal OWA servers were not affected. After further investigation, they found that messages containing letter combinations, including "rm", "ls", and "ln," were not viewable in OWA.

Ultimately, the problem was traced back to a tight intrusion prevention policy on the college's firewall, a SonicWall 5060. The letter combinations "rm", "ls", and "ln" are all UNIX commands. Their firewall was interpreting the strings in these messages as potential attacks and was dropping the packets, which resulted in the HTTP error messages in OWA.

If you're experiencing problems with OWA, look at the whole infrastructure and try to identify patterns that point you in the right direction. In this particular case, the commonality of UNIX command strings helped the IT staff find the intrusion prevention rule on the firewall that was causing the problem.

Delivered each Monday, TechRepublic's free E-mail Administration NetNote provides tips that will help you manage your Exchange server and other e-mail systems. Automatically sign up today!

Editor's Picks