Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

OWA on New ISA 2004 Install

Posted on 2006-04-18
13
Medium Priority
?
511 Views
Last Modified: 2013-11-16
Here's my setup, all on different servers:

ISA 2004 SP2 (1 internal nic 1 external nic)
Exchange 2003 SP1 (OWA was working fine with ISA 2000)

I just recently updated out ISA server to 2004. I went step by step through a tutorial on microft and compared to the one I found on this site to to publish the exchange server. All parts of exchange are working correctly execpt OWA from external. I can access it just fine internally (http://server/exchange/username) but if i try to access it from outside (http://mail.server.com/exchange/username) I get prompted for user/pass and login as normal. But then it comes up with page cannot be displayed but has it spit where the folders would be on the left side showing 2 page cannot be displayed pages. Fowarding port 80 and 443, as far as i can tell it is setup right??

Also what is the best way to setup pop3 so users may use outlook from say there own home computer to access there email? I tried with my current configuration (i got pop3 server, pop3s server setup on ISA) and it connects but won't send the test email.
0
Comment
Question by:jasonskaggs
  • 6
  • 6
13 Comments
 
LVL 6

Expert Comment

by:Matt_Heuer
ID: 16479417
ISA 2004 uses SSL-SSL bridging which means that the ISA server generates the login form for OWA authentication, so there is a bunch of front work that needs to be done to take care of this.  It can be a bit tricky at first, but it is really secure and a standout feature of ISA.  Here is an article with the process involved.

http://www.isaserver.org/articles/2004pubowartm.html

Cole
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16480509
Are you publishing through http or https? http is far simpler especially if you do not have a certificate. Also if you are using http, you do not need port 443 forwarded.

The fact you are getting the split in the panes means you are getting the traffic through to the Exchange server and the fact you are getting the logon sounds good.

Have you added the additional directories into the PATHS section of the rule properties?

needs
/exchange/*
/exchweb/*
/public/*
0
 
LVL 1

Author Comment

by:jasonskaggs
ID: 16480673
Yes everything is added as far as i can tell. This what i have now. I started from scratch following this URL

http://www.isaserver.org/tutorials/Enabling-ISA-Firewall-Forms-based-Authentication-OWA-Connections-Internal-External-Clients-Part1.html

and part 2

I have it setup for the form based. Internally it is working by prompting for user/pass and not bringing up the form or certificate. Externally I recieve the the certifacte prompt, i can view and install it. Then after saying yes it takes me to the form login page. After I type in domain\login and pass, i recieve a page cannot be displayed with this as url. https://owa.domain.com/CookieAuth.dll?GetLogonWrapper?url=%2Fexchange&reason=0
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16480969
I take it that it is all working OK from inside the network?
In the ISA gui,
select monitoring - logging. Click on start query.
What do you see in the log when you try it from outside on the internet?
0
 
LVL 1

Author Comment

by:jasonskaggs
ID: 16481018
Log details

date/time--Exchange server IP--443--https--failed connection atempt---publish external owas web site---anonymous(think this is where my problem is)---external--GET---http://owa.domain.org:443/exchange

This is all I'm seeing.

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16481039
Sounds like you have bridged ssl (as it is attempting to use port 443. How have you set up the publishing? http or https? i
0
 
LVL 1

Author Comment

by:jasonskaggs
ID: 16481148
Https using certifactes.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16481307
So the call you are making is https://mail.server.com/exchange you should be using, not (http://mail.server.com/exchange/username) as you put in your first post.

Also, you don't put the username into the url; this can really blow its mind.
0
 
LVL 1

Author Comment

by:jasonskaggs
ID: 16481366
I'm sorry that is correct. Internally I enter https://mail.domain.com/exchange, it will prompt for user and pass and after entered works fine. Externally I enter the same thing and I get the prompt for the certificate, i install the certificate, either manually or by pressing yes and after about 30 sec the page comes up to The page cannot be displayed then the log comes across the monitoring.
0
 
LVL 1

Author Comment

by:jasonskaggs
ID: 16481490
Ok i know have it pulling across the username but it is still coming up Page cannot be displayed, there is no longer the split bar since I re done it either. Is my exchange server not being published even though everything appears to be in place? Under the logging it is showing the fowarding address for my exchange server but the connection fails. Is there something I need to change on the Exchange server side for authentication?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1500 total points
ID: 16482016
If it was not being published, you would not get the logon prompts etc.
I wouldn't change the Exchange box at all.
Have you set authentication on the ISA server as well? Are you using forms-authentication? You cannot have this on the IIS box hosting the OWA and on ISA as well; its one or the other....
0
 
LVL 1

Author Comment

by:jasonskaggs
ID: 16486734
It came down to not being able to use the SSL setup that is in every guide I found. I reset it up just publishing it as a web server with no SSL and it worked fine. Would be nice use the SSL and possibly the forms but I can deal with that a latter time, thanks for trying to help.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16488031
Thanks :)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Screencast - Getting to Know the Pipeline
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month21 days, 5 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question