Exchange OWA (FBA) / RPC/HTTP -- ISA Server 2004


I am at my wits end on this issue and I am hopeful someone has an easy answer for me...I'm really not sure where to post this questions, whether it should be here in Exchange or in another specializing in ISA issues.

I have had OWA (FBA) setup and operational for sometime and it seems to be working well for everyone.  I am trying to get http/rpc setup as well, because a situation has come up and I feel this would be a great solution.  

I have RPC/HTTP working successfully on my local network, but I am having problems getting it to work through my ISA server.  I am also trying to use my Exchange FE server to host OWA and RPC-Proxy.  So far I cannot get it to work, I've spent the last two days searching the internet for a solution and haven't found one yet...I do get to a point of prompting for Authentication but after I enter my username and password in it never successfully connects to my Exchange server.

I understand that I cannot have a ISA listener that can host Forms-authentication and Basic authentication through SSL encryption.  I have read articles about using an unsupported method of ISA policies to trick ISA into working, but I tried it and I just can't get it to work correctly.  I've tried binding a new external IP to my ISA server then configuring a listener and policies to point to my RPC server but since I don't have public dns names setup for this IP, I'm just trying to get it to work using the IP address only and not the full DNS name.  I've also recently learned that this config won't work because the name assigned as the RPC Proxy agent has to match the name assigned to the SSL certificate, which it obviously doesn't.  Then I thought, I can just get a new cert configured with a new DNS name then apply the Cert to the RPC Virtual directory then export to ISA server, but that won't work either because the Cert assigned to the FE server also applies to the RPC directory.  It looks like to me my only option is to setup a new FE server and dedicate it to RPC Proxy??  I know this is a lot of jargon, but doesn't anyone else have anything to add...
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You really dont have do go through any of that.  It is very possible to use RPC/HTTP and OWA with ISA between you and your Exchange servers.  What I would do before you start troubleshooting the firewall portion would be to put another firewall or router in front of your Exchange servers and forward 80 and 443 to the RPC proxy just to make sure that RPC/HTTP is working.  Here is an article on how to configure ISA to publish RPC/HTTP and OWA on a single listener.

As for the name on the certificate.  You just need it to match the external namespace (  You can assign it to both the default web site on the front end and to the ISA server to both use.  Certs don't apply to virtual directories either, it applies to the site, so I'm not exactly sure what you are referring to.  But I have done this several times and if there is a particular portion that isnt making any sense just let me know.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jtoatesAuthor Commented:
Thanks very much for the comment!!!

I have read this tutuorial many times and also looked over a coupe blogcasts talking about basically the same concept.  I have tried this approach on my ISA server and for some reason I can't get the OWA server to work after I apply this concept.  I will try again using this article and see where it gets me, but if I don't want to bind both to a single listener and want to use another external IP address.  How would that work...

If the cert applies to the entire site, wouldn't it also apply to the virt directories as well...One troubleshooting step that I found was to launch the following URL from a browser ( and if you get the login prompt then things are working...Well when I attach to this it actually works, but I also get the Cert approval screen as well....It's also suppose to work if I browse to (, but this doesn't work...

Anyway I will try what you suggest again and see what happens.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.