This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 2013 not allowing users through

Hello all,

   I am having a problem getting to the Exchange servers from outside my network.  I followed the Exchange WAF how to 9.2, but I am still running into issues.  I get the form up on the external computer enter in a Domain\Username and then password, and it recycles back.

Here are what the logs are showing:

2015:12:20-15:35:55 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="3719" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:12 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1488" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:12 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="730" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:29 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="791" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:47 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="770" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:37:13 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:13.668414 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2015:12:20-15:37:13 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="185" user="-" host="71.120.216.167" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="550551" url="/owa" server="mailbox.mrm2inc.com" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.019555 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="210" user="-" host="71.120.216.167" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="49772" url="/owa/auth/logon.aspx" server="mailbox.mrm2inc.com" referer="-" cookie="-" set-cookie="uvxuobdlnanxxkvq_cookie=;Max-Age=0;path=/owa/;httponly;secure"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.088508 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="553" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="87549" url="/owa_uvxuobdlnanxxkvq_form" server="mailbox.mrm2inc.com" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.214258 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.236191 2015] [authz_blacklist:warn] [pid 45066:tid 4039048048] [client 71.120.216.167:1024] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="552" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="118253" url="/REF_RevAutFormsWithPasst/default_stylesheet.css" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="1051" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="83140" url="/REF_RevAutFormsWithPasst/company_logo.png" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:47 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:47.545789 2015] [authz_blacklist:warn] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.493059 2015] [authnz_aua:error] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] [MRM2INC\\Michael.Mastro2] AUA responded with 'DENIED', referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="210" user="MRM2INC\\Michael.Mastro2" host="71.120.216.167" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="1022038" url="/owa_uvxuobdlnanxxkvq_login" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="uvxuobdlnanxxkvq_cookie=;Max-Age=0;path=/owa/;httponly;secure"
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.563366 2015] [authz_blacklist:warn] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="553" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="90231" url="/owa_uvxuobdlnanxxkvq_form" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.664713 2015] [authz_blacklist:warn] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.688844 2015] [authz_blacklist:warn] [pid 45066:tid 3997084528] [client 71.120.216.167:1024] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="552" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="88407" url="/REF_RevAutFormsWithPasst/default_stylesheet.css" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="1051" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="71239" url="/REF_RevAutFormsWithPasst/company_logo.png" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.228912 2015] [authz_blacklist:warn] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.371752 2015] [authnz_aua:error] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] [MRM2INC\\Michael.Mastro2] AUA responded with 'DENIED', referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="210" user="MRM2INC\\Michael.Mastro2" host="71.120.216.167" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="570470" url="/owa_uvxuobdlnanxxkvq_login" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="uvxuobdlnanxxkvq_cookie=;Max-Age=0;path=/owa/;httponly;secure"
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.442770 2015] [authz_blacklist:warn] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="553" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="86277" url="/owa_uvxuobdlnanxxkvq_form" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.542803 2015] [authz_blacklist:warn] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="552" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="84088" url="/REF_RevAutFormsWithPasst/default_stylesheet.css" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:38:27 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:27.593287 2015] [authz_blacklist:warn] [pid 45066:tid 3946728304] [client 71.120.216.167:1024] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:27 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="1051" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="84325" url="/REF_RevAutFormsWithPasst/company_logo.png" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
Virtual Web Servers shows:
Exchange Web Services
Type: Encrypted (HTTPS), Redirection enabled
Domains: mailbox.mrm2inc.com
Real Webservers:
Site Path /ECP/
Exchange
Site Path /OWA/
Exchange
Site Path /ecp/
Exchange
Site Path /owa/
Exchange
Site Path /
Exchange
Firewall Profile: Exchange Other
Advanced: Pass host header
Real Web Servers shows:
Exchange
Type: Encrypted (HTTPS)
Host: MRM2EX1
Port: 443
Firewall Profile:
Mode: Reject
Antivirus: Dual Scan (Uploads and Downloads)
Common Threats: Rigid Filtering
Hardening & Signing: Static URL hardening
Bad clients: Block clients with bad reputation
Not sure where to go from here with it, could use some help.  Thanks.



This thread was automatically locked due to age.