We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Exchange OWA (FBA) / RPC/HTTP -- ISA Server 2004

jtoates
jtoates asked
on
Medium Priority
568 Views
Last Modified: 2008-02-01
Everyone:

I am at my wits end on this issue and I am hopeful someone has an easy answer for me...I'm really not sure where to post this questions, whether it should be here in Exchange or in another specializing in ISA issues.

I have had OWA (FBA) setup and operational for sometime and it seems to be working well for everyone.  I am trying to get http/rpc setup as well, because a situation has come up and I feel this would be a great solution.  

I have RPC/HTTP working successfully on my local network, but I am having problems getting it to work through my ISA server.  I am also trying to use my Exchange FE server to host OWA and RPC-Proxy.  So far I cannot get it to work, I've spent the last two days searching the internet for a solution and haven't found one yet...I do get to a point of prompting for Authentication but after I enter my username and password in it never successfully connects to my Exchange server.

I understand that I cannot have a ISA listener that can host Forms-authentication and Basic authentication through SSL encryption.  I have read articles about using an unsupported method of ISA policies to trick ISA into working, but I tried it and I just can't get it to work correctly.  I've tried binding a new external IP to my ISA server then configuring a listener and policies to point to my RPC server but since I don't have public dns names setup for this IP, I'm just trying to get it to work using the IP address only and not the full DNS name.  I've also recently learned that this config won't work because the name assigned as the RPC Proxy agent has to match the name assigned to the SSL certificate, which it obviously doesn't.  Then I thought, I can just get a new cert configured with a new DNS name then apply the Cert to the RPC Virtual directory then export to ISA server, but that won't work either because the Cert assigned to the FE server also applies to the RPC directory.  It looks like to me my only option is to setup a new FE server and dedicate it to RPC Proxy??  I know this is a lot of jargon, but doesn't anyone else have anything to add...
Comment
Watch Question

CERTIFIED EXPERT
Commented:
You really dont have do go through any of that.  It is very possible to use RPC/HTTP and OWA with ISA between you and your Exchange servers.  What I would do before you start troubleshooting the firewall portion would be to put another firewall or router in front of your Exchange servers and forward 80 and 443 to the RPC proxy just to make sure that RPC/HTTP is working.  Here is an article on how to configure ISA to publish RPC/HTTP and OWA on a single listener.

http://www.isaserver.org/tutorials/2004pubowamobile.html

As for the name on the certificate.  You just need it to match the external namespace (mail.domain.com).  You can assign it to both the default web site on the front end and to the ISA server to both use.  Certs don't apply to virtual directories either, it applies to the site, so I'm not exactly sure what you are referring to.  But I have done this several times and if there is a particular portion that isnt making any sense just let me know.

Cole

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Thanks very much for the comment!!!

I have read this tutuorial many times and also looked over a coupe blogcasts talking about basically the same concept.  I have tried this approach on my ISA server and for some reason I can't get the OWA server to work after I apply this concept.  I will try again using this article and see where it gets me, but if I don't want to bind both to a single listener and want to use another external IP address.  How would that work...

If the cert applies to the entire site, wouldn't it also apply to the virt directories as well...One troubleshooting step that I found was to launch the following URL from a browser (https://mail.domain.com/rpc) and if you get the login prompt then things are working...Well when I attach to this it actually works, but I also get the Cert approval screen as well....It's also suppose to work if I browse to (https://mail.domain.com/rpc/rpcproxy.dll, but this doesn't work...

Anyway I will try what you suggest again and see what happens.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.