Symptoms
Consider the following scenario. You try to access a Microsoft Exchange 2013 Outlook Web Access (OWA) website that is published through a Microsoft Forefront Unified Access Gateway 2010 server. The server is running Service Pack 3. In this scenario, you may receive the following error message:
You have attempted to access a restricted URL, the URL contains an invalid path.
Additionally, multiple warning messages that resemble the following are logged in the Web monitor event log:
Note These messages are followed by a description that the URL contains an invalid path.
The following are URL examples that may not match the predefined URL ruleset:
Embedded OpenType font styles (Rule will allow this path but applies only to gif|css|wav|wrng|png|ico)
/owa/15.0.620.29/owa2/resources/styles/segoeui-regular.eot? /owa/15.0.620.29/owa2/resources/styles/segoeui-semibold.eot? /owa/15.0.620.29/owa2/resources/styles/segoeui-semilight.eot? MP3 sound files ( (Rule will allow this path but applies only to gif|css|wav|wrng|png|ico) /owa/15/0/620.29/owa2/resources/sounds/calendar_notify.mp3?UA=0 /owa/15/0/620.29/owa2/resources/sounds/email_notify.mp3?UA=0 Additional fonts (Rule allows themes but not from /owa/AUTH/ path) /owa/auth/15.0.620/themes/resources/segoeui-regular.eot? /owa/auth/15.0.620/themes/resources/segoeui-regular.ttf /owa/auth/15.0.620/themes/resources/segoeui-semibold.ttf /owa/auth/15.0.620/themes/resources/segoeui-semilight.eot? /owa/auth/15.0.620/themes/resources/segoeui-semilight.ttf ASHX ( (Rule allows this extension but not for /owa/MANIFESTS/ folder path) /owa/manifests/appCacheManifestHandler.ashx?manifest=0&layout=mouse&UA=0 /owa/manifests/appCacheManifestHandler.ashx?manifest=0&layout=tnarrow&UA=0 /owa/manifests/appCacheManifestHandler.ashx?manifest=0&layout=twide&UA=0 /owa/manifests/appCacheManifestHandler.ashx?manifest=1&layout=mouseCause
This problem occurs because some URLs that may be used during client Exchange 2013 OWA access are not matched by the Regex expressions in the *.RuleSet_ForExchangePub2013.ini files. These rulesets are included in the new Exchange 2013 publishing templates in Service Pack 3 for Forefront Unified Access Gateway 2010.
Resolution
To resolve this problem, install Service Pack 4 for Microsoft Forefront Unified Access Gateway 2010.
Workaround
To work around this problem, manually add the missing Exchange 2013 URLs to the existing Forefront Unified Access Gateway rulesets.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
See the terminology Microsoft uses to describe software updates.