Start a discussion

41 views
3 replies

Anywhere Access Wizard fails due to inbound connectivity on port 443

Remote access broke after KB4571694 was installed.  I don't know if the patch had anything to do with it, but remote stopped working after a reboot and that update was installed with the reboot.

What's happening now is when you go to https://domain.com/remote, you get a 404 error.  If you go to https://remote.domain.com/owa, it works just fine.

When I ran the access anywhere wizard, I get "Please check inbound connectivity on port 443."  The router has forwarding on 443 to the DC and the Exchange server. 

Any suggestions would be appreciated.

System is Windows 2016 STD with three Server 2016 STD VMs, DC, Exchange and  file server. Router is a Cyliptex AE800

Ron Camerata Ron Camerata
Published 08/15/2020 17:16
  • Essentials Experience Role
  • SSL Certificate
  • Remote Web Access
Add Comment
Mariette Knap

Ron,

It depends a bit how you configured things. You wrote that you have an Exchange Server is your network. According to what you wrote you go to https://remote.domain.com/owa for Outlook Web Access. This can be configured in several ways:

  1. You forwarded traffic for port 443 to the Internal IP address of your Exchange Server. In that case https://remote.domain.com/owa will open Exchange OWA and nothing else.
  2. If you want to use the Essentials Experience role and also use the Access Anywhere portal you must have setup two Hosts for that. One for Exchange and normally that will be mail.domain.com and remote.domain.com for the Access Anywhere Portal. If you only have one public routable static IP address you will forward traffic for port 443 only to the internal IP address of the server that runs the Essentials Experience role and use ARR (Application Request Routing) to route traffic for mail.domain.com to the Exchange Server on your network.
If you have multiple public IP addresses you can create two Host A records. One for mail.domain.com to 123.456.999 and one for remote.domain.com to 123.456.888 as an example.
 
The fact that https://domain.com/remote gives a 404 is not surprising because domain.com is probably hosting a website for the company and does not play a role in your setup.
 
Distinguish between remote.domain.com and mail.domain.com will solve your issue. You need to reconfigure virtual directories on your Exchange server and you need a certificate with all host names on it.
replied 08/15/2020 17:45
Ron Camerata

This installation was a migration from SBS 2011 to Server 2016 with Essentials.  It was setup according to your migration guide, with one external IP so it should routed as you stated.  And it is.  Mail comes in on mail.domain.com and goes to Exchange.  Remote.domain.com goes to the DC.

So I go into the router and uncheck the rule for 443 to the Exchange server.  Guess what happened.

Remote.domain.com/remote goes to Remote Web Access

Mail.domain.com/owa goes to OWA

Remote.domain.com/owa goes to 404

I've plastered this issue all over the internet and you are the first (and only) person to come up with the answer.

I am (once again) deeply appreciative of your help.  Thank you!

 

replied 08/15/2020 21:02
Mariette Knap

Thanks Ron!

replied 08/16/2020 09:45
Last Activity 08/19/2020 14:48