Hi,
How can I find out where my firewall is?
I need to know if it between OWA and exchange server...........

Perhaps you can start here, although I am none too sure what your problem is.
http://www.microsoft.com/exchange/owa/

Hi,
How can I find out where my firewall is?
I need to know if it between OWA and exchange server...........

Well OWA is on the Exchange server so I doubt your firewall is between them.... what is your exact issue?

Usually the firewall will be a piece of hardware like a router, made by Cisco, Vigor, LinkSys, D-Link, etc. One port will be plugged in via a cable into a phone/wall socket and another port into your LAN or directly into a second NIC on your server.

Your server's gateway (depending on how many servers etc you have and how they are configured) will usually be the LAN IP address of the router. Most routers you can log onto using a web browser.

Well OWA is on the Exchange server so I doubt your firewall is between them.... what is your exact issue?

Usually the firewall will be a piece of hardware like a router, made by Cisco, Vigor, LinkSys, D-Link, etc. One port will be plugged in via a cable into a phone/wall socket and another port into your LAN or directly into a second NIC on your server.

Your server's gateway (depending on how many servers etc you have and how they are configured) will usually be the LAN IP address of the router. Most routers you can log onto using a web browser.

The issue is that since converting over to T1, exchange has many symptoms that I don't understand.

1. Users are being told by customers that when they receive an email from us, they cannot "reply" to it.
2. OWA is inaccessible from the outside. I can connect to it via the server at http://localhost/exchange......
3. when I went in to user's profile and viewed email addresses, they had been changed from (Example jdoe@.... to john@.....). so I manually changed them back to initial addresses (even though everyone is configured for about 4 alias, including the john@...-but jdoe@ is the primary SMTP address), within a minute they were back to john@.....???

I have never done anything with the firewall. I have no idea how it is configured, or where it resides in the network.It is the "canned" microsoft firewall, that shipped with the OS. The consulting firm who setup server, had no information about it, nor does my boss.

The router, went from being a separate "3Com office connect ISDN LAN Modem", to one housed in the Adtran total Access 616, T1 network interface, V.35, 10/100 Base T and IP Router. 16 FXS ports.

We have only one server, with Small Business Server 2k.

I've read both of your posts and I have to ask (forgive me if I am being presumpious or cras) are you there in the capacity of a IT/IS professional or are you one of the personnel that this site? If the later I suggest contacting the IS or IT group in your company.

If not:

What sort of T1 did you switch to? Are you now on the companies WAN via T1 or did the site get a T1 to the internet?

The issue is that since converting over to T1, exchange has many symptoms that I don't understand.

1. Users are being told by customers that when they receive an email from us, they cannot "reply" to it.
2. OWA is inaccessible from the outside. I can connect to it via the server at http://localhost/exchange......
3. when I went in to user's profile and viewed email addresses, they had been changed from (Example jdoe@.... to john@.....). so I manually changed them back to initial addresses (even though everyone is configured for about 4 alias, including the john@...-but jdoe@ is the primary SMTP address), within a minute they were back to john@.....???

I have never done anything with the firewall. I have no idea how it is configured, or where it resides in the network.It is the "canned" microsoft firewall, that shipped with the OS. The consulting firm who setup server, had no information about it, nor does my boss.

The router, went from being a separate "3Com office connect ISDN LAN Modem", to one housed in the Adtran total Access 616, T1 network interface, V.35, 10/100 Base T and IP Router. 16 FXS ports.

We have only one server, with Small Business Server 2k.

Right, while we unravel the rest of the details, the problem with the primary address is simple. You'll have a default policy running on the Exchange server, one of its functions is to apply anything set in this policy. It's responsible for your domain name and how the e-mail addresses are setup, so if you have a user with a login name of john and a domain of @overhere.com, it will automatically assign the primary SMTP address as john@overhere.com, if you change it to johndoe@overhere.com, next time the system updates.... it changes it. On the page where you set the SMTP aliases/primary address etc, take out the tick on the box that says something like "update addresses based on recipients policy".

That should cure that.

Now if you've changed from ISDN to ADSL I'm guessing your external IP address has changed, so your DNS/MX Record previously for mail.overhere.com (or whatever address you were using for OWA) would have been for example 1.1.1.1, its now probably (example) 2.2.2.2, so you'll have to update your MX Records, your ISP should be able to sort this for you. To test if that is an issue, ping the name you're using for OWA and see if it matches the external IP of your router. This might also explain why external companies are unable to reply to your e-mails.

And on the fact that you've changed routers, have you setup port forwarding etc exactly as the previous router was setup? This could also have some bearing on inbound traffic.....

And some heads up for you, if the consulting firm you have don't know where your firewall is, I'd change consulting firms.... my guess is that unless it was Microsoft who installed your server, no IT professional would rely on MS to protect their server.... your firewall is probably your router. In fact everything I've told you above, your consulting firm should know.... :thumbs:

Right, while we unravel the rest of the details, the problem with the primary address is simple. You'll have a default policy running on the Exchange server, one of its functions is to apply anything set in this policy. It's responsible for your domain name and how the e-mail addresses are setup, so if you have a user with a login name of john and a domain of @overhere.com, it will automatically assign the primary SMTP address as john@overhere.com, if you change it to johndoe@overhere.com, next time the system updates.... it changes it. On the page where you set the SMTP aliases/primary address etc, take out the tick on the box that says something like "update addresses based on recipients policy".

That should cure that.

Now if you've changed from ISDN to ADSL I'm guessing your external IP address has changed, so your DNS/MX Record previously for mail.overhere.com (or whatever address you were using for OWA) would have been for example 1.1.1.1, its now probably (example) 2.2.2.2, so you'll have to update your MX Records, your ISP should be able to sort this for you. To test if that is an issue, ping the name you're using for OWA and see if it matches the external IP of your router. This might also explain why external companies are unable to reply to your e-mails.

And on the fact that you've changed routers, have you setup port forwarding etc exactly as the previous router was setup? This could also have some bearing on inbound traffic.....

And some heads up for you, if the consulting firm you have don't know where your firewall is, I'd change consulting firms.... my guess is that unless it was Microsoft who installed your server, no IT professional would rely on MS to protect their server.... your firewall is probably your router. In fact everything I've told you above, your consulting firm should know.... :thumbs:


Okay, i did uncheck that box. When I was in there yesterday, i noticed that that box was unchecked on my account, and mine was changing-so one down.

I did ping the server (from the server, cause when I tried to do it from my machine, I got this really weird message, again, that I have never seen before. "C:\windows\system32\command.com
C:\windows\system32\autoexec.NT. the system file is not suitable for running MS-DOS and Micorsoft windows applications. Choose 'close' to terminate the application).

So, when I ping the server name it comes up with our public 192. . . address.
When I ping localhost (the way I access OWA from server), it comes up with the 127.0.0.1 for the address.
Also new (which I forgot about). My machine makes me sign into the proxy every morning now, since T1, when I start it up, I have type in name and password.
p.s.-thanks for your help and patience. Can you tell I'm new to the field?

Can you tell I'm new to the field?
Definitely.. otherwise you would have known that on NT-based systems the command prompt is CMD.EXE; command.com is 'out there' for compatibility reasons only.

Definitely.. otherwise you would have known that on NT-based systems the command prompt is CMD.EXE; command.com is 'out there' for compatibility reasons only.
Yeah, thanks, but that wasn't for you.......

Okay, i did uncheck that box. When I was in there yesterday, i noticed that that box was unchecked on my account, and mine was changing-so one down.

I did ping the server (from the server, cause when I tried to do it from my machine, I got this really weird message, again, that I have never seen before. "C:\windows\system32\command.com
C:\windows\system32\autoexec.NT. the system file is not suitable for running MS-DOS and Micorsoft windows applications. Choose 'close' to terminate the application).

So, when I ping the server name it comes up with our public 192. . . address.
When I ping localhost (the way I access OWA from server), it comes up with the 127.0.0.1 for the address.
Also new (which I forgot about). My machine makes me sign into the proxy every morning now, since T1, when I start it up, I have type in name and password.
p.s.-thanks for your help and patience. Can you tell I'm new to the field?

Eeek I'm confused.... As CeeBee says you need to use cmd not command under NT/2000/XP/2003.

So if I understand this correctly.... you ping your server name and you get it resolved to your public IP address? This would indicate your DNS is screwed or your server is plugged directly into the outside world.... how many network cards are in the server?

localhost address on any machine is 127.0.0.1. On the server click Start, Run, type CMD and press return. Now type ipconfig /all and note down what it's telling you in there, in particular IP address, gateway and DNS server. Lets at least establish that your server is setup correctly. The gateway should be the address of the router.

The only reason I can think that you'd be getting asked for proxy login is if you're not a member of the Internet Users group or on a different domain to the server and it needs to check your credentials, there may be some other issues here but we'll deal with that one later....

What we need to establish first of all is whether or not your server is setup correctly, then we need to check out your connection to the outside world. Out of interest, what errors do the users get who cannot reply to your e-mails? To check if you are using the MS firewall on your server, click Start, Run, services.msc, scroll down the list and you should see Microsoft Firewall. Is it started/disabled/stopped?

When you were changed over to T1 (which I think is American for ADSL?!?!?) did the person changing you over re-run the Internet Connection Wizard on the 2000 SBS to tell it that the Internet connection had changed?

Has the consulting company got any information about what they did? Have you tried asking them, or did they just move you across and not test that all was ok?

If all that was done is an upgrade from ISDN to T1 nothing with the user email address should have changed. And, nothing on your internal network should have changed as a result either.

When my company changed from a Fractional T1 to a Full T1 we also changed service providers. That meant that all of our external addresses changed, but our internal (192.168.X.X) addresses did not change. We did have to have our external DNS records changed to reflect the external address changes. We had to change the NAT table in our firewall to reflect the new external to old internal address mapping. No other changes were needed.

From reading this thread I would surmise that:

1. Your DNS records were not changed to reflect your new external IP Address changes.

2. Something else was changed that either you are unaware of or you didn't mention.

I would definitely get the support folks in to look at this and either help you fix it or get it fixed.

[QUOTE=corturbra]Eeek I'm confused.... As CeeBee says you need to use cmd not command under NT/2000/XP/2003.

So if I understand this correctly.... you ping your server name and you get it resolved to your public IP address? This would indicate your DNS is screwed or your server is plugged directly into the outside world.... how many network cards are in the server?

localhost address on any machine is 127.0.0.1. On the server click Start, Run, type CMD and press return. Now type ipconfig /all and note down what it's telling you in there, in particular IP address, gateway and DNS server. Lets at least establish that your server is setup correctly. The gateway should be the address of the router.

The only reason I can think that you'd be getting asked for proxy login is if you're not a member of the Internet Users group or on a different domain to the server and it needs to check your credentials, there may be some other issues here but we'll deal with that one later....


Obviously CeeBee isn't as bright as he/she is crass. you can use command or cmd in a 2000 environment. I do it all the time.

Please see private message for IP config.

We have 2 network cards. During the T1 conversion, we had an issue with our WAN card. I surmised that the card slot on motherboard is bad, because it works fine with USB card, that bypasses the slot. Although we had no problems with this card, prior to switchover. I even tried a brand new card, but still no good.
-anyhoo-
I have not been able to get a specific error message from email recipients.
the firewall is started. I had stopped it, just to see if that was the issue, but no, it was not.
Our consultant did run the ICW (wizard)
the consultant has no answers for me. He says everything is configured correctly, and he has no idea why we can't connect.......
P.S.-your heads up on him is dead on, I am beginning to find out.
Many thanks....

Right picked up your ipconfig and a modded version is here for others to help out..... I'd say CeeBee is on the money, I can't get command to work on my 2000/XP machine, all I get is an error... also not nice to dig at those trying to help :thumbs:

Here are the results of ipconfig/all:
Node type: Hybrid
IP Routing Enabled:yes
WINS Proxy Enabled: no

Ethernet adapter LAN-Intel:
IP: 10.0.0.1
Subnet Mask: 255.255.255.0
DNS Servers: 10.0.0.1
Primary WINS server: 10.0.0.1

Ethernet WAN-USB
DHCP enabled: no
IP Address: 1.1.1.1
Subnet Mask: 255.255.255.248
Default Gateway: 1.1.1.2
DNS servers: 10.0.0.1

Ok I've changed the IP addresses on the ipconfig for obvious reasons.... so I'm guessing that when the ICW was run it has setup the MS firewall, which is where I'm now at a loss, as I've never used it. I've also never setup a server in this way, always using separate hardware to achieve the DMZ instead of the server itself. Technically there is no reason why this should cause a problem, it all appears fine.

However, as on one of my original posts if the WAN IP address has changed from what your ISDN router previously had, then that will affect mail delivery/OWA. If this consultant chap has just changed you over, but not commmunicated these changes to your ISP, then I think this is where the problem lies.

1. Check with your ISP to see where they think your mail is being delivered to
2. Send an e-mail to an internet account (I've some GMail accounts going if you want one) and reply, and see what the message is that comes back, this message will tell us heaps about the issue
3. From outside of your work organisation, ping the name of what you are using for OWA (for example mail.overhere.com (no need to use the /exchange on the ping)) and see if the address matches either of the two addresses listed on the WAN-USB config.
4. Ask your consultant to do more than say 'it should work' thats about as helpful as a chocolate fire guard. If it was configured correctly then it WOULD work, obviously something is not working and its to do with the transfer from ISDN to T1. If you haven't paid him yet for the work, tell him you're not until he fixes it....

Keep us informed!

Find out what your external IP is, there are many online services that can show it to you.
Then start a command prompt (cmd) and type:

nslookup
server <your ISP's DNS> (override your hosted dns if any)
set type=mx
<yourdomain.com>

This will return the real MX record(s) of your server. Sometimes ISP's forget to update it at your first request or might not do it unless they have a signed fax with your company header, etc, etc...
If the MX record is different from the IP address and you aren't using any mail reflector or other mail forwarding service, this is your problem (unless you have a more complex configuration, with several Internet IP addresses on the firewall so that your outgoing IP might be different, but most likely still in the same subnet)
There might be another "hidden" issue: some ISP's are blocking incoming traffic to client's ports 25 and 80. Using a different ISP that you know is not blocking those ports, try in a command prompt "telnet <router's external ip> 25". If you get "connect failed" then something is blocking you (either your ISP or the router). Just make sure the router is properly configured.
You can also find the route of your connection. In a command prompt type "tracert www.yahoo.com" and see the hops. Check that it matches what you know it should be.
Going back to command.com - it just emulates the MS-DOS environment for 16 bit applications; it also doesn't support long filenames.
Now stab me. :knife:

Find out what your external IP is, there are many online services that can show it to you.
Then start a command prompt (cmd) and type:

nslookup
server <your ISP's DNS> (override your hosted dns if any)
set type=mx
<yourdomain.com>

This will return the real MX record(s) of your server. Sometimes ISP's forget to update it at your first request or might not do it unless they have a signed fax with your company header, etc, etc...
If the MX record is different from the IP address and you aren't using any mail reflector or other mail forwarding service, this is your problem (unless you have a more complex configuration, with several Internet IP addresses on the firewall so that your outgoing IP might be different, but most likely still in the same subnet)
There might be another "hidden" issue: some ISP's are blocking incoming traffic to client's ports 25 and 80. Using a different ISP that you know is not blocking those ports, try in a command prompt "telnet <router's external ip> 25". If you get "connect failed" then something is blocking you (either your ISP or the router). Just make sure the router is properly configured.
You can also find the route of your connection. In a command prompt type "tracert www.yahoo.com" and see the hops. Check that it matches what you know it should be.
Going back to command.com - it just emulates the MS-DOS environment for 16 bit applications; it also doesn't support long filenames.
Now stab me. :knife:


Okay, where do I start:

I have called the ISP to update Mx records, which they must have doen, because we are getting email-right?
I did run the tracert, but I didn't recognized any of IP's it "jumped" to or from.....all started with 216. . .

Find out what your external IP is, there are many online services that can show it to you.
Then start a command prompt (cmd) and type:

nslookup
server <your ISP's DNS> (override your hosted dns if any)
set type=mx
<yourdomain.com>

This will return the real MX record(s) of your server. Sometimes ISP's forget to update it at your first request or might not do it unless they have a signed fax with your company header, etc, etc...
If the MX record is different from the IP address and you aren't using any mail reflector or other mail forwarding service, this is your problem (unless you have a more complex configuration, with several Internet IP addresses on the firewall so that your outgoing IP might be different, but most likely still in the same subnet)
There might be another "hidden" issue: some ISP's are blocking incoming traffic to client's ports 25 and 80. Using a different ISP that you know is not blocking those ports, try in a command prompt "telnet <router's external ip> 25". If you get "connect failed" then something is blocking you (either your ISP or the router). Just make sure the router is properly configured.
You can also find the route of your connection. In a command prompt type "tracert www.yahoo.com" and see the hops. Check that it matches what you know it should be.
Going back to command.com - it just emulates the MS-DOS environment for 16 bit applications; it also doesn't support long filenames.
Now stab me. :knife:

I did get connect failed when I tried the telnet ........25

Okay, where do I start:

I have called the ISP to update Mx records, which they must have doen, because we are getting email-right?
I did run the tracert, but I didn't recognized any of IP's it "jumped" to or from.....all started with 216. . .

Correct if they have updated your MX records so long as they are pointing directly to your server then e-mail should now be flowing.

As for the tracert command.... it will basically list all ip addresses (hops) it finds on its way to the destination for example tracert to www.yahoo.co.uk, assuming that your IP address is 10.0.0.1, gateway of 10.0.0.5

On a tracert the first hop should be to your gateway - 10.0.0.5 in this example, the next should be a router at your ISP.....

I did get connect failed when I tried the telnet ........25

Where were you telneting in from? If your server has been configured correctly it should only be accepting port 25 connections from the server itself and the mail server at your ISP that delivers mail to you, so this is not an unusual occurrence.

Right picked up your ipconfig and a modded version is here for others to help out..... I'd say CeeBee is on the money, I can't get command to work on my 2000/XP machine, all I get is an error... also not nice to dig at those trying to help :thumbs:

Here are the results of ipconfig/all:
Node type: Hybrid
IP Routing Enabled:yes
WINS Proxy Enabled: no

Ethernet adapter LAN-Intel:
IP: 10.0.0.1
Subnet Mask: 255.255.255.0
DNS Servers: 10.0.0.1
Primary WINS server: 10.0.0.1

Ethernet WAN-USB
DHCP enabled: no
IP Address: 1.1.1.1
Subnet Mask: 255.255.255.248
Default Gateway: 1.1.1.2
DNS servers: 10.0.0.1

Ok I've changed the IP addresses on the ipconfig for obvious reasons.... so I'm guessing that when the ICW was run it has setup the MS firewall, which is where I'm now at a loss, as I've never used it. I've also never setup a server in this way, always using separate hardware to achieve the DMZ instead of the server itself. Technically there is no reason why this should cause a problem, it all appears fine.

However, as on one of my original posts if the WAN IP address has changed from what your ISDN router previously had, then that will affect mail delivery/OWA. If this consultant chap has just changed you over, but not commmunicated these changes to your ISP, then I think this is where the problem lies.

1. Check with your ISP to see where they think your mail is being delivered to
2. Send an e-mail to an internet account (I've some GMail accounts going if you want one) and reply, and see what the message is that comes back, this message will tell us heaps about the issue
3. From outside of your work organisation, ping the name of what you are using for OWA (for example mail.overhere.com (no need to use the /exchange on the ping)) and see if the address matches either of the two addresses listed on the WAN-USB config.
4. Ask your consultant to do more than say 'it should work' thats about as helpful as a chocolate fire guard. If it was configured correctly then it WOULD work, obviously something is not working and its to do with the transfer from ISDN to T1. If you haven't paid him yet for the work, tell him you're not until he fixes it....

Keep us informed!

I am not too familar with gmail, although I hear it's cool. Please tell me how to get one.
As far as the WAN IP address changing, router is now in T1 connector. Not sure what configuration changes needed to be made, hence the visit from the "Ken", the consultant. I assumed he made, all necessary changes, and he says he did.......

Now here's a weird one. I was able to connect to OWA from my machine this a.m., but it still is inaccessible from outside. ...

Where were you telneting in from? If your server has been configured correctly it should only be accepting port 25 connections from the server itself and the mail server at your ISP that delivers mail to you, so this is not an unusual occurrence.

I did it from the server.......

Ok, to check the right syntax open up a command prompt (cmd) and type (without quotes) "telnet <ip address of server> 25" remember the space after the ip address, that should let you telnet.

OWA will work internal to your network as it will contact the server locally, rather than going out through the internet and back in again.

Ok, to check the right syntax open up a command prompt (cmd) and type (without quotes) "telnet <ip address of server> 25" remember the space after the ip address, that should let you telnet.

OWA will work internal to your network as it will contact the server locally, rather than going out through the internet and back in again.

Here's what I got back telnet:
220 servername.domainname.com Microsoft ESMTP MAIL Service. Version: 5.0.2
ready at thu, 7 Oct 2004 10:31:33 -0400
Here the cursor is "stuck" like more inof is coming, but doesn't.
I tried hitting enter and I get:
500 5.3.3 Unrecognized command

It's still "sitting" like that. no way to exit (unless I x out screen)

OWA wouldn't let me in yesterday via my machine. It kept giving me a sign in box, asking for username and password, like 4 times, then I got Error Access denied.

I did run sopme diagnostic stuff that Ken faxed over, titled
"general information on Directory Service/Metabase synchronization in exchange 2000 Server

I also changed to "enable packet filtering", as that was not on before.....

Here's what I got back telnet:
220 servername.domainname.com Microsoft ESMTP MAIL Service. Version: 5.0.2
ready at thu, 7 Oct 2004 10:31:33 -0400
Here the cursor is "stuck" like more inof is coming, but doesn't.
I tried hitting enter and I get:
500 5.3.3 Unrecognized command

It's still "sitting" like that. no way to exit (unless I x out screen)

OWA wouldn't let me in yesterday via my machine. It kept giving me a sign in box, asking for username and password, like 4 times, then I got Error Access denied.

I did run sopme diagnostic stuff that Ken faxed over, titled
"general information on Directory Service/Metabase synchronization in exchange 2000 Server

I also changed to "enable packet filtering", as that was not on before.....


Right, the telnet behaviour is normal, the commands don't show up under telnet, if you type exit or bye I think it will get you back to a prompt. So Ken as he shall be known from now on, has sent you over some stuff on DS Sync when you have a problem with OWA/e-mails from an external source? Mmmmmm

I still think the issue is with the external IP address change on the routers/cards. Nothing to do with DS synching or packet filtering or anything else. We need to confirm that your ISP is aware of the change and have made the necessary DNS/routing changes. Once they have done that, give it 24 hours and all should be working. From an external source to your work in the meantime, open an internet browser and type in your WAN-USB ip address with /exchange at the end. I reckon this will get you into OWA..... also if you PM me your first/last name and a valid e-mail address I'll send you a GMail invite.

If it doesn't accept your username, enter the name in domain\username format.

Was the telnet done from outside or from inside? Make sure you were disconnected from the local network (ex unplug cable and connect through a dial-up)
Once you are connected you can start typing commands (you might not see what you type!), such as:
--------------
HELO_somedomain.com
MAIL_FROM:_ someuser@somedomain.com
RCPT_TO:_youremail@yourdomain.com (use YOUR email)
DATA
From:_SomeUser_<someuser@somedomain.com> (type the < >)
To:_The_Administrator_<youremail@yourdomain.com>
Subject:_Test email

This is a test.
.
QUIT
------------------
Replace all the underscores above with blank spaces!

If you make a typo mistake you can't use the backspace key to delete, it would just add an extra character (ASCII code 8)
See if the message gets accepted for delivery.

Can you send e-mail to each other internally without issue? That would suggest that your Exchange server is working..... OWA works internally.....

Can you send e-mail to each other internally without issue? That would suggest that your Exchange server is working..... OWA works internally.....
internal email if fine.......

Can you send e-mail to each other internally without issue? That would suggest that your Exchange server is working..... OWA works internally.....

so, I called the ISP provider, to verify that they have the correct IP, and ask them if I needed any info from them, and did I need to make any config. changes on their behalf.
They said no to both.......

so, I called the ISP provider, to verify that they have the correct IP, and ask them if I needed any info from them, and did I need to make any config. changes on their behalf.
They said no to both.......

Did you check that they have the correct DNS entry for your OWA? so wherever they send the mail down to, the OWA name (mail.yourdomain.com) should point to the same address.

Are people able to reply to you now?

Did you check that they have the correct DNS entry for your OWA? so wherever they send the mail down to, the OWA name (mail.yourdomain.com) should point to the same address.

Are people able to reply to you now?

They said they needed to make no further adjustments. In the meantime, I have got it working!!!
I found an article online that addressed the Error access denied message. The only glich now is that users need to supply administrator username and password to get into their mailboxes.

FYI-this was the fix. the only question remaining is how to allow users to use their own credentials to log in...

If you are using Secure Sockets Layer (SSL), you can allow cross-domain access for the mailbox site in Internet Explorer by doing the following:
In Internet Explorer, click Internet Options on the Tools menu.


On the Security tab, click Trusted sites, and then click Sites .


Add your site to the zone.


Click Custom Level .


Under Miscellaneous/Access data sources across domains , click Enable .


Once again, many, many thanks.