OWA on New ISA 2004 Install

Here's my setup, all on different servers:

ISA 2004 SP2 (1 internal nic 1 external nic)
Exchange 2003 SP1 (OWA was working fine with ISA 2000)

I just recently updated out ISA server to 2004. I went step by step through a tutorial on microft and compared to the one I found on this site to to publish the exchange server. All parts of exchange are working correctly execpt OWA from external. I can access it just fine internally (http://server/exchange/username) but if i try to access it from outside (http://mail.server.com/exchange/username) I get prompted for user/pass and login as normal. But then it comes up with page cannot be displayed but has it spit where the folders would be on the left side showing 2 page cannot be displayed pages. Fowarding port 80 and 443, as far as i can tell it is setup right??

Also what is the best way to setup pop3 so users may use outlook from say there own home computer to access there email? I tried with my current configuration (i got pop3 server, pop3s server setup on ISA) and it connects but won't send the test email.
LVL 1
jasonskaggsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matt_HeuerCommented:
ISA 2004 uses SSL-SSL bridging which means that the ISA server generates the login form for OWA authentication, so there is a bunch of front work that needs to be done to take care of this.  It can be a bit tricky at first, but it is really secure and a standout feature of ISA.  Here is an article with the process involved.

http://www.isaserver.org/articles/2004pubowartm.html

Cole
0
Keith AlabasterEnterprise ArchitectCommented:
Are you publishing through http or https? http is far simpler especially if you do not have a certificate. Also if you are using http, you do not need port 443 forwarded.

The fact you are getting the split in the panes means you are getting the traffic through to the Exchange server and the fact you are getting the logon sounds good.

Have you added the additional directories into the PATHS section of the rule properties?

needs
/exchange/*
/exchweb/*
/public/*
0
jasonskaggsAuthor Commented:
Yes everything is added as far as i can tell. This what i have now. I started from scratch following this URL

http://www.isaserver.org/tutorials/Enabling-ISA-Firewall-Forms-based-Authentication-OWA-Connections-Internal-External-Clients-Part1.html

and part 2

I have it setup for the form based. Internally it is working by prompting for user/pass and not bringing up the form or certificate. Externally I recieve the the certifacte prompt, i can view and install it. Then after saying yes it takes me to the form login page. After I type in domain\login and pass, i recieve a page cannot be displayed with this as url. https://owa.domain.com/CookieAuth.dll?GetLogonWrapper?url=%2Fexchange&reason=0
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Keith AlabasterEnterprise ArchitectCommented:
I take it that it is all working OK from inside the network?
In the ISA gui,
select monitoring - logging. Click on start query.
What do you see in the log when you try it from outside on the internet?
0
jasonskaggsAuthor Commented:
Log details

date/time--Exchange server IP--443--https--failed connection atempt---publish external owas web site---anonymous(think this is where my problem is)---external--GET---http://owa.domain.org:443/exchange

This is all I'm seeing.

0
Keith AlabasterEnterprise ArchitectCommented:
Sounds like you have bridged ssl (as it is attempting to use port 443. How have you set up the publishing? http or https? i
0
jasonskaggsAuthor Commented:
Https using certifactes.
0
Keith AlabasterEnterprise ArchitectCommented:
So the call you are making is https://mail.server.com/exchange you should be using, not (http://mail.server.com/exchange/username) as you put in your first post.

Also, you don't put the username into the url; this can really blow its mind.
0
jasonskaggsAuthor Commented:
I'm sorry that is correct. Internally I enter https://mail.domain.com/exchange, it will prompt for user and pass and after entered works fine. Externally I enter the same thing and I get the prompt for the certificate, i install the certificate, either manually or by pressing yes and after about 30 sec the page comes up to The page cannot be displayed then the log comes across the monitoring.
0
jasonskaggsAuthor Commented:
Ok i know have it pulling across the username but it is still coming up Page cannot be displayed, there is no longer the split bar since I re done it either. Is my exchange server not being published even though everything appears to be in place? Under the logging it is showing the fowarding address for my exchange server but the connection fails. Is there something I need to change on the Exchange server side for authentication?
0
Keith AlabasterEnterprise ArchitectCommented:
If it was not being published, you would not get the logon prompts etc.
I wouldn't change the Exchange box at all.
Have you set authentication on the ISA server as well? Are you using forms-authentication? You cannot have this on the IIS box hosting the OWA and on ISA as well; its one or the other....
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jasonskaggsAuthor Commented:
It came down to not being able to use the SSL setup that is in every guide I found. I reset it up just publishing it as a web server with no SSL and it worked fine. Would be nice use the SSL and possibly the forms but I can deal with that a latter time, thanks for trying to help.
0
Keith AlabasterEnterprise ArchitectCommented:
Thanks :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.