Exchange OWA (FBA) / RPC/HTTP -- ISA Server 2004
Posted on 2006-04-05
I am at my wits end on this issue and I am hopeful someone has an easy answer for me...I'm really not sure where to post this questions, whether it should be here in Exchange or in another specializing in ISA issues.
I have had OWA (FBA) setup and operational for sometime and it seems to be working well for everyone. I am trying to get http/rpc setup as well, because a situation has come up and I feel this would be a great solution.
I have RPC/HTTP working successfully on my local network, but I am having problems getting it to work through my ISA server. I am also trying to use my Exchange FE server to host OWA and RPC-Proxy. So far I cannot get it to work, I've spent the last two days searching the internet for a solution and haven't found one yet...I do get to a point of prompting for Authentication but after I enter my username and password in it never successfully connects to my Exchange server.
I understand that I cannot have a ISA listener that can host Forms-authentication and Basic authentication through SSL encryption. I have read articles about using an unsupported method of ISA policies to trick ISA into working, but I tried it and I just can't get it to work correctly. I've tried binding a new external IP to my ISA server then configuring a listener and policies to point to my RPC server but since I don't have public dns names setup for this IP, I'm just trying to get it to work using the IP address only and not the full DNS name. I've also recently learned that this config won't work because the name assigned as the RPC Proxy agent has to match the name assigned to the SSL certificate, which it obviously doesn't. Then I thought, I can just get a new cert configured with a new DNS name then apply the Cert to the RPC Virtual directory then export to ISA server, but that won't work either because the Cert assigned to the FE server also applies to the RPC directory. It looks like to me my only option is to setup a new FE server and dedicate it to RPC Proxy?? I know this is a lot of jargon, but doesn't anyone else have anything to add...