Solved

ISA 2006 internal OWA

Posted on 2007-04-11
3
664 Views
Last Modified: 2009-12-16
Hi,

I need a bit of help with ISA 2006 and OWA. I’ve setup access rules and listeners to facilitate OWA access to my Exchange server via ISA. The rules seem to work fine and any internal client – not using proxy can access the OWA forms, but internal clients – using proxy can’t. They get Error Code 502 proxy server denied the specified URL (12202) even though the listener is configured to listen on both networks. I’m not using split DNS as my ISP is handling external resolution. My internal DNS points owa.domain.co.uk to the ISA server itself.  The clients using proxy trip up on the default rule.

Any ideas as to why internal client using proxy fail but internal clients not using proxy don’t and how to sort it out?

Thanks.
0
Comment
Question by:MrPrince
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 18889336
You don't mention whether you are running OWA internally on http or https.

1. Generally speaking for this I add the internal site(s) to the Proxy Exceptions (internet tools - options - connections - lan settings - advanced) so that the browser doesn't even access the proxy service when an internal client calls an internal web site. You can also put in the ip range if you need more than the 255-ish characters allowed in the proxy exceptions box. ie 10.0.*; 172.30.254.*; 192.* etc to cover the internal ip addresses instead of using names.

2. Can you confirm that you have a rule within the firewall policy allowing traffic from internal & local host to internal & local host for the required traffic?

Either way you can then amend your publishing rule to just cover the external network only.

0
 

Author Comment

by:MrPrince
ID: 18890050
DOH! I had a rule for internal to internal but not local host to local host as well. I also whacked that rule in at the top and it works now. BTW what protocols would you suggest for nornal Internet Access? I've just specifed 'All Outbound Protocols' but is this a good idea?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18892002
lol, glad to have helped, its easily missed :)

Normal Internet is an interesting question....

Normally I allow http, https, & ftp from all users
dns from internal dns servers
smtp from smtp servers
However, all outbound is no issue whatsoever if this is what your IT Security policy allows.

Regards
Keith Alabaster
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question