Hopefully somebody here has come across this problem or can throw some light on it for me.
I've got an ISA 2006 server in a workgroup in the DMZ. I also have an Exchange 2007 server on the LAN. Using the wizard in ISA and some Microsoft guides I have OWA published through the ISA server. Because the ISA server is not a member of the domain I have the Web Listener authenticating against a RADIUS server (MS IAS) on the LAN. So the Web Listener is set to "HTML Form Authentication" and to validate client credentials against a RADIUS server. Authentication Delegation in the OWA publishing rule is set to "Basic Authentication".
From a PC outside this network I browse to
https://mail.mydomain.com/owa. I'm presented with the usual form for logging on, except down the bottom it says something like "Secured by Microsoft Internet Security Acceleration Server". At this point I enter my username and password, I can use USERNAME or DOMAIN\USERNAME and get the same result. After I enter the detail and hit OK I am presented with what looks like the same form, except this one doesn't say "Secured by Microsoft Internet Security Acceleration Server" down the bottom. I now enter my username and password again (again USERNAME or DOMAIN\USERNAME work fine), hit OK and can use OWA 2007 without an issue.
I'm VERY close to getting this whole setup working now, but it seems to me the Authentication Delegation isn't working quite right. I'm having to log in to ISA first, then authenticate again on the Exchange server itself. Unless I'm mistaken this is the task Authentication Delegation is supposed to do for me?
Any pointers appreciated.
Thanks!
Start Free Trial
