• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

Exchange OWA (FBA) / RPC/HTTP -- ISA Server 2004

Everyone:

I am at my wits end on this issue and I am hopeful someone has an easy answer for me...I'm really not sure where to post this questions, whether it should be here in Exchange or in another specializing in ISA issues.

I have had OWA (FBA) setup and operational for sometime and it seems to be working well for everyone.  I am trying to get http/rpc setup as well, because a situation has come up and I feel this would be a great solution.  

I have RPC/HTTP working successfully on my local network, but I am having problems getting it to work through my ISA server.  I am also trying to use my Exchange FE server to host OWA and RPC-Proxy.  So far I cannot get it to work, I've spent the last two days searching the internet for a solution and haven't found one yet...I do get to a point of prompting for Authentication but after I enter my username and password in it never successfully connects to my Exchange server.

I understand that I cannot have a ISA listener that can host Forms-authentication and Basic authentication through SSL encryption.  I have read articles about using an unsupported method of ISA policies to trick ISA into working, but I tried it and I just can't get it to work correctly.  I've tried binding a new external IP to my ISA server then configuring a listener and policies to point to my RPC server but since I don't have public dns names setup for this IP, I'm just trying to get it to work using the IP address only and not the full DNS name.  I've also recently learned that this config won't work because the name assigned as the RPC Proxy agent has to match the name assigned to the SSL certificate, which it obviously doesn't.  Then I thought, I can just get a new cert configured with a new DNS name then apply the Cert to the RPC Virtual directory then export to ISA server, but that won't work either because the Cert assigned to the FE server also applies to the RPC directory.  It looks like to me my only option is to setup a new FE server and dedicate it to RPC Proxy??  I know this is a lot of jargon, but doesn't anyone else have anything to add...
0
jtoates
Asked:
jtoates
1 Solution
 
Matt_HeuerCommented:
You really dont have do go through any of that.  It is very possible to use RPC/HTTP and OWA with ISA between you and your Exchange servers.  What I would do before you start troubleshooting the firewall portion would be to put another firewall or router in front of your Exchange servers and forward 80 and 443 to the RPC proxy just to make sure that RPC/HTTP is working.  Here is an article on how to configure ISA to publish RPC/HTTP and OWA on a single listener.

http://www.isaserver.org/tutorials/2004pubowamobile.html

As for the name on the certificate.  You just need it to match the external namespace (mail.domain.com).  You can assign it to both the default web site on the front end and to the ISA server to both use.  Certs don't apply to virtual directories either, it applies to the site, so I'm not exactly sure what you are referring to.  But I have done this several times and if there is a particular portion that isnt making any sense just let me know.

Cole
0
 
jtoatesAuthor Commented:
Thanks very much for the comment!!!

I have read this tutuorial many times and also looked over a coupe blogcasts talking about basically the same concept.  I have tried this approach on my ISA server and for some reason I can't get the OWA server to work after I apply this concept.  I will try again using this article and see where it gets me, but if I don't want to bind both to a single listener and want to use another external IP address.  How would that work...

If the cert applies to the entire site, wouldn't it also apply to the virt directories as well...One troubleshooting step that I found was to launch the following URL from a browser (https://mail.domain.com/rpc) and if you get the login prompt then things are working...Well when I attach to this it actually works, but I also get the Cert approval screen as well....It's also suppose to work if I browse to (https://mail.domain.com/rpc/rpcproxy.dll, but this doesn't work...

Anyway I will try what you suggest again and see what happens.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now