Complications With Setting Custom Port for OWA, Exchange 2007


Category: Tech
Posted by Jonathan Corbett on July 15th, 2009


With the number of IP addresses on the Internet currently fixed at about 4 billion, the goal of IP address conservation to make that number last has been around for almost 10 years now. As such, the common practice is to run multiple applications on 1 IP address, which can be done by using different ports. You can also run multiple HTTP Web sites on the same port, and indeed this solution works well.

...just don't do it with Outlook Web Access for Exchange 2007.

Here's just two of the reasons you'll likely encounter if you try:

  1. Port Address Translation, the art of taking incoming traffic on a public IP address and a certain port number and then forwarding it to a private IP address with a potentially different port number, isn't allowed for by OWA 2007. When configuring OWA 2007, you must tell it the hostname that you plan on using to access your webmail, and that hostname is used to build URLs inside of the Web application. That is, some links within OWA are coded to use an "absolute" URL based on the hostname provided, rather than a relative URL.

    The problem is that Exchange will allow you to give it a hostname followed by a port number ("mail.yourname.com:12345"), but in practice, Exchange secretly strips your port number and replaces it with the local port that your request came in on. So, if your external URL is https://mail.yourname.com:12345/owa/ and you set port 12345 of your external IP address to forward to 10.1.2.3:6789, your first request will get to 10.1.2.3:6789 successfully, but as you continue to use OWA, you'll secretly end up at https://mail.yourname.com:6789/owa/, departing from your intended external port of 12345.
     
  2. Windows Mobile phones and iPhones have a built-in e-mail client that supports Exchange, but for all versions we could try at the time of writing, finding OWA on any port other than 443 (or 80, if you're brave enough to go cleartext, which later versions will allow) is unsupported. Similar to above, you're allowed to type in a port number after the URL, but it is stripped and always replaced with 443. So, if you want your Touch Pro, iPhone 3G, and likely countless other devices to function with your server using the built-in client, keep OWA at 443.

Blog Posts by Month