Exchange OWA (FBA) / RPC/HTTP -- ISA Server 2004

Posted on 2006-04-05
Last Modified: 2008-02-01

I am at my wits end on this issue and I am hopeful someone has an easy answer for me...I'm really not sure where to post this questions, whether it should be here in Exchange or in another specializing in ISA issues.

I have had OWA (FBA) setup and operational for sometime and it seems to be working well for everyone.  I am trying to get http/rpc setup as well, because a situation has come up and I feel this would be a great solution.  

I have RPC/HTTP working successfully on my local network, but I am having problems getting it to work through my ISA server.  I am also trying to use my Exchange FE server to host OWA and RPC-Proxy.  So far I cannot get it to work, I've spent the last two days searching the internet for a solution and haven't found one yet...I do get to a point of prompting for Authentication but after I enter my username and password in it never successfully connects to my Exchange server.

I understand that I cannot have a ISA listener that can host Forms-authentication and Basic authentication through SSL encryption.  I have read articles about using an unsupported method of ISA policies to trick ISA into working, but I tried it and I just can't get it to work correctly.  I've tried binding a new external IP to my ISA server then configuring a listener and policies to point to my RPC server but since I don't have public dns names setup for this IP, I'm just trying to get it to work using the IP address only and not the full DNS name.  I've also recently learned that this config won't work because the name assigned as the RPC Proxy agent has to match the name assigned to the SSL certificate, which it obviously doesn't.  Then I thought, I can just get a new cert configured with a new DNS name then apply the Cert to the RPC Virtual directory then export to ISA server, but that won't work either because the Cert assigned to the FE server also applies to the RPC directory.  It looks like to me my only option is to setup a new FE server and dedicate it to RPC Proxy??  I know this is a lot of jargon, but doesn't anyone else have anything to add...
Question by:jtoates
    LVL 6

    Accepted Solution

    You really dont have do go through any of that.  It is very possible to use RPC/HTTP and OWA with ISA between you and your Exchange servers.  What I would do before you start troubleshooting the firewall portion would be to put another firewall or router in front of your Exchange servers and forward 80 and 443 to the RPC proxy just to make sure that RPC/HTTP is working.  Here is an article on how to configure ISA to publish RPC/HTTP and OWA on a single listener.

    As for the name on the certificate.  You just need it to match the external namespace (  You can assign it to both the default web site on the front end and to the ISA server to both use.  Certs don't apply to virtual directories either, it applies to the site, so I'm not exactly sure what you are referring to.  But I have done this several times and if there is a particular portion that isnt making any sense just let me know.


    Author Comment

    Thanks very much for the comment!!!

    I have read this tutuorial many times and also looked over a coupe blogcasts talking about basically the same concept.  I have tried this approach on my ISA server and for some reason I can't get the OWA server to work after I apply this concept.  I will try again using this article and see where it gets me, but if I don't want to bind both to a single listener and want to use another external IP address.  How would that work...

    If the cert applies to the entire site, wouldn't it also apply to the virt directories as well...One troubleshooting step that I found was to launch the following URL from a browser ( and if you get the login prompt then things are working...Well when I attach to this it actually works, but I also get the Cert approval screen as well....It's also suppose to work if I browse to (, but this doesn't work...

    Anyway I will try what you suggest again and see what happens.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now