none
Can't access OWA, OA and ActiveSync RRS feed

  • Question

  • Hi All, 

    Business Objective 
    Outside users (users travelling) should be able to access their email through NGINX and it should redirect the connection to my Internal Exchange server for authentication and access: 
    1. OWA 
    2. Outlook Anyway 
    3. ActiveSync 


    My environment info: 
    Client email access through External Proxy server is mail.example.com, IP 223.153.119.18. 
    External DNS A record for mail.example.com point to IP 223.153.119.18 

    Internal Exchange server is EX-01.example.com with internal IP 10.10.10.11 
    Internal DNS A record for mail.example.com point to 10.10.10.11 

    So, if you noticed, all the outside user's email client will look for mail.example.com with external IP 223.153.119.18. 


    Problem: 
    From outside my office, i used my laptop to test. 

    1. Open browser, https://mail.example.com/owa 
    Authentication is pop up and i entered my credentials but it keep failing. 

    2. Outlook Anywhere got the pop up for authentication but it still keep failing too. 

    Remark: Remember mail.example.com i entered in my browse will point to my external ip 223.153.119.18 





    Hope ny looking at my below nginx config file, the NGINX or the Exchange expert can spot my mistake. 




    Below is my NGINX config: 
    worker_processes 1; 

    events { 
    worker_connections 1024; 


    http { 
    log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 
    '$status $body_bytes_sent "$http_referer" ' 
    '"$http_user_agent" "$http_x_forwarded_for"'; 

    #access_log logs/access.log main; 

    sendfile on; 
    #tcp_nopush on; 

    #keepalive_timeout 0; 
    keepalive_timeout 65; 

    #gzip on; 

    server { 
    listen 80; 
    server_name www.example.com; 

    location / { 
    root html; 
    index index.html index.htm; 


    #error_page 404 /404.html; 

    # redirect server error pages to the static page /50x.html 

    error_page 500 502 503 504 /50x.html; 
    location = /50x.html { 
    root html; 


    access_log logs/www.access.log main; 
    error_log logs/www.error.log; 



    # HTTPS server 

    #server { 
    # listen 443 ssl; 
    # server_name localhost; 

    # ssl_certificate cert.pem; 
    # ssl_certificate_key cert.key; 

    # ssl_session_cache shared:SSL:1m; 
    # ssl_session_timeout 5m; 

    # ssl_ciphers HIGH:!aNULL:!MD5; 
    # ssl_prefer_server_ciphers on; 

    # location / { 
    # root html; 
    # index index.html index.htm; 
    # } 
    #} 

    server { 
    listen 443 ssl; 
    server_name mail.example.com autodiscover.example.com; 

    ssl_certificate /etc/ssl/certs/mail.example.com.crt; 
    ssl_certificate_key /etc/ssl/private/mail.example.com.rsa; 
    ssl_session_timeout 5m; 

    client_max_body_size 3G; 
    tcp_nodelay on; 

    proxy_request_buffering off; 
    proxy_http_version 1.1; 
    proxy_read_timeout 360; 
    proxy_pass_header Date; 
    proxy_pass_header Server; 
    proxy_pass_header Authorization; 
    proxy_set_header Host $host; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_pass_request_headers on; 
    proxy_set_header Accept-Encoding ""; 
    proxy_buffering off; 
    proxy_set_header Connection "Keep-Alive"; 

    location / { 
    #return 301 https://$host$request_uri; 
    #return 301 https://ex-01.esuria.local/owa; 
    #return 301 https://10.10.11.11/owa; 
    return 301 https://mail.example.com/owa; 


    location ~* ^/owa { 
    proxy_pass https://EX-01.example.com; 


    location ~* ^/Microsoft-Server-ActiveSync { 
    proxy_pass https://EX-01.example.com; 


    location ~* ^/rpc { 
    proxy_pass https://EX-01.example.com; 


    location ~* ^/ews { 
    proxy_pass https://EX-01.example.com; 


    location ~* ^/autodiscover { 
    proxy_pass https://EX-01.example.com; 


    access_log /usr/local/nginx/logs/mail.access.log main; 
    error_log /usr/local/nginx/logs/mail.error.log; 

    }
    • Moved by Edward van BiljonMVP Wednesday, October 10, 2018 4:16 AM Moved to correct Forum
    • Moved by Manu Meng Wednesday, October 10, 2018 5:43 AM Because it is
    Tuesday, October 9, 2018 7:15 AM

All replies

  • Hi alisampras,

    Welcome to the Exchange Server forum. This forum is for questions and feedback related to Exchange server. Since your question is more related to the configure of NGINX, I would suggest you confirm with the supporter of NGINX, because, we don’t support for this tool and we cannot test it. Hope your problem could be solved from them.

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards, 

    Kyle Xu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to shareexplore and talk to experts about Microsoft Teams.

    Wednesday, October 10, 2018 5:37 AM