drakba
asked on
Exchange RPC over HTTP (NOT SSL) not working w/ ISA 2004
I have a single Exchange 2003 server, patched, and a ISA 2004 Server sitting behind a pix 501.
I currently have OWA published with HTTP (NOT SSL), and I want to open RPC over HTTP (NOT SSL).
I know it's not recommended to do HTTP, but this was a specific customer request (they only have one public IP address, and they already have a SSL web site published through ISA, so we can't SSL publish this unless we buy a wildcard cert, and they don't want to spend the money.)
I have made the registry hacks using the utility from Petri, I have configured the Exchange Server as a HTTP RPC backend server.
I have setup a mail publishing rule, and configured Outlook RPC over HTTP in the rule.
I have setup a web publishing rule pointing to the RPC directory on the Exchange server (also the OWA server).
Now, when I try to connect from the outside, it cannot establish a connection. When I look in Monitoring (Logging) in ISA, I can see the traffic, but it is bypassing my rule, and going to the enterprise default deny all rule.
'ISA server denied the specific URL. anonymous'
It is hitting the server on port 80 as it should, (I have the client configured to not use SSL, but HTTP with NTLM authentication).
Any idea why my isa server is not catching the traffic with the correct rule?
I currently have OWA published with HTTP (NOT SSL), and I want to open RPC over HTTP (NOT SSL).
I know it's not recommended to do HTTP, but this was a specific customer request (they only have one public IP address, and they already have a SSL web site published through ISA, so we can't SSL publish this unless we buy a wildcard cert, and they don't want to spend the money.)
I have made the registry hacks using the utility from Petri, I have configured the Exchange Server as a HTTP RPC backend server.
I have setup a mail publishing rule, and configured Outlook RPC over HTTP in the rule.
I have setup a web publishing rule pointing to the RPC directory on the Exchange server (also the OWA server).
Now, when I try to connect from the outside, it cannot establish a connection. When I look in Monitoring (Logging) in ISA, I can see the traffic, but it is bypassing my rule, and going to the enterprise default deny all rule.
'ISA server denied the specific URL. anonymous'
It is hitting the server on port 80 as it should, (I have the client configured to not use SSL, but HTTP with NTLM authentication).
Any idea why my isa server is not catching the traffic with the correct rule?
ASKER
Any chance of getting a couple examples of the unsupported workarounds?
Not from me.
I refuse to it.
Simon.
I refuse to it.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thats it.
There are various unsupported work arounds, but they are unsupported and unreliable.
Simon.