Some
organizations roll out Exchange just because Outlook Web Access (OWA) in
Exchange 2003 provides very similar capability to what’s offered by the full
Outlook 2003 client. However, some firewalls and intrusion prevention systems are
locked down so tight that OWA either doesn’t work at all or works only
sporadically.

For
example, a recent OWA rollout at a college was going very well until some OWA
users reported that they were receiving “The page cannot be found” HTTP errors upon
opening some messages. These messages were showing up in OWA’s
preview pane, and even double-clicking the item to open it in a new window
resulted in the same error.

The problem
was easily recreated, and the IT staff discovered that certain messages
resulted in this behavior–only when the OWA user had to traverse the firewall
in order to use OWA. Internal OWA servers were not affected. After further
investigation, they found that messages containing letter combinations,
including “rm”, “ls”,
and “ln,” were not viewable in OWA.

Ultimately,
the problem was traced back to a tight intrusion prevention policy on the
college’s firewall, a SonicWall 5060. The letter
combinations “rm”, “ls”, and “ln” are
all UNIX commands. Their firewall was interpreting the strings in these
messages as potential attacks and was dropping the packets, which resulted in
the HTTP error messages in OWA.

If you’re experiencing
problems with OWA, look at the whole infrastructure and try to identify
patterns that point you in the right direction. In this particular case, the commonality
of UNIX command strings helped the IT staff find the intrusion prevention rule
on the firewall that was causing the problem.

Delivered each Monday, TechRepublic’s free E-mail Administration NetNote provides tips that will help you manage your Exchange server and other e-mail systems. Automatically sign up today!