This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange 2013 not allowing users through

Hello all,

   I am having a problem getting to the Exchange servers from outside my network.  I followed the Exchange WAF how to 9.2, but I am still running into issues.  I get the form up on the external computer enter in a Domain\Username and then password, and it recycles back.

Here are what the logs are showing:

2015:12:20-15:35:55 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="3719" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:12 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="1488" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:12 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="730" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:29 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="791" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:36:47 MRM2Sophos reverseproxy: id="0299" srcip="127.0.0.1" localip="127.0.0.1" size="270" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="770" url="/lb-status" server="localhost" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:37:13 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:13.668414 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2015:12:20-15:37:13 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="185" user="-" host="71.120.216.167" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="550551" url="/owa" server="mailbox.mrm2inc.com" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.019555 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="210" user="-" host="71.120.216.167" method="GET" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening" time="49772" url="/owa/auth/logon.aspx" server="mailbox.mrm2inc.com" referer="-" cookie="-" set-cookie="uvxuobdlnanxxkvq_cookie=;Max-Age=0;path=/owa/;httponly;secure"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.088508 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="553" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="87549" url="/owa_uvxuobdlnanxxkvq_form" server="mailbox.mrm2inc.com" referer="-" cookie="-" set-cookie="-"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.214258 2015] [authz_blacklist:warn] [pid 45066:tid 4047440752] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:14 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:14.236191 2015] [authz_blacklist:warn] [pid 45066:tid 4039048048] [client 71.120.216.167:1024] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="552" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="118253" url="/REF_RevAutFormsWithPasst/default_stylesheet.css" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:14 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="1051" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="83140" url="/REF_RevAutFormsWithPasst/company_logo.png" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:47 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:47.545789 2015] [authz_blacklist:warn] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.493059 2015] [authnz_aua:error] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] [MRM2INC\\Michael.Mastro2] AUA responded with 'DENIED', referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="210" user="MRM2INC\\Michael.Mastro2" host="71.120.216.167" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="1022038" url="/owa_uvxuobdlnanxxkvq_login" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="uvxuobdlnanxxkvq_cookie=;Max-Age=0;path=/owa/;httponly;secure"
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.563366 2015] [authz_blacklist:warn] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="553" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="90231" url="/owa_uvxuobdlnanxxkvq_form" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.664713 2015] [authz_blacklist:warn] [pid 45066:tid 4005477232] [client 71.120.216.167:1025] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: [Sun Dec 20 15:37:48.688844 2015] [authz_blacklist:warn] [pid 45066:tid 3997084528] [client 71.120.216.167:1024] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="552" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="88407" url="/REF_RevAutFormsWithPasst/default_stylesheet.css" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:37:48 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="1051" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="71239" url="/REF_RevAutFormsWithPasst/company_logo.png" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.228912 2015] [authz_blacklist:warn] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.371752 2015] [authnz_aua:error] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] [MRM2INC\\Michael.Mastro2] AUA responded with 'DENIED', referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="210" user="MRM2INC\\Michael.Mastro2" host="71.120.216.167" method="POST" statuscode="302" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="570470" url="/owa_uvxuobdlnanxxkvq_login" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="uvxuobdlnanxxkvq_cookie=;Max-Age=0;path=/owa/;httponly;secure"
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.442770 2015] [authz_blacklist:warn] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="553" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="86277" url="/owa_uvxuobdlnanxxkvq_form" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:38:26 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:26.542803 2015] [authz_blacklist:warn] [pid 45066:tid 3955121008] [client 71.120.216.167:1026] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:26 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="552" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="84088" url="/REF_RevAutFormsWithPasst/default_stylesheet.css" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
2015:12:20-15:38:27 MRM2Sophos reverseproxy: [Sun Dec 20 15:38:27.593287 2015] [authz_blacklist:warn] [pid 45066:tid 3946728304] [client 71.120.216.167:1024] DNS lookup for 167.216.120.71.black.rbl.ctipd.astaro.local. failed: Temporary failure in name resolution, referer: mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form
2015:12:20-15:38:27 MRM2Sophos reverseproxy: id="0299" srcip="71.120.216.167" localip="10.0.0.2" size="1051" user="-" host="71.120.216.167" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipURLHardening, SkipFormHardening, SkipFormHardeningMissingToken" time="84325" url="/REF_RevAutFormsWithPasst/company_logo.png" server="mailbox.mrm2inc.com" referer="mailbox.mrm2inc.com/owa_uvxuobdlnanxxkvq_form" cookie="-" set-cookie="-"
Virtual Web Servers shows:
Exchange Web Services
Type: Encrypted (HTTPS), Redirection enabled
Domains: mailbox.mrm2inc.com
Real Webservers:
Site Path /ECP/
Exchange
Site Path /OWA/
Exchange
Site Path /ecp/
Exchange
Site Path /owa/
Exchange
Site Path /
Exchange
Firewall Profile: Exchange Other
Advanced: Pass host header
Real Web Servers shows:
Exchange
Type: Encrypted (HTTPS)
Host: MRM2EX1
Port: 443
Firewall Profile:
Mode: Reject
Antivirus: Dual Scan (Uploads and Downloads)
Common Threats: Rigid Filtering
Hardening & Signing: Static URL hardening
Bad clients: Block clients with bad reputation
Not sure where to go from here with it, could use some help.  Thanks.



This thread was automatically locked due to age.
Parents Reply Children
No Data