Solved

ISA 2006 internal OWA

Posted on 2007-04-11
3
653 Views
Last Modified: 2009-12-16
Hi,

I need a bit of help with ISA 2006 and OWA. I’ve setup access rules and listeners to facilitate OWA access to my Exchange server via ISA. The rules seem to work fine and any internal client – not using proxy can access the OWA forms, but internal clients – using proxy can’t. They get Error Code 502 proxy server denied the specified URL (12202) even though the listener is configured to listen on both networks. I’m not using split DNS as my ISP is handling external resolution. My internal DNS points owa.domain.co.uk to the ISA server itself.  The clients using proxy trip up on the default rule.

Any ideas as to why internal client using proxy fail but internal clients not using proxy don’t and how to sort it out?

Thanks.
0
Comment
Question by:MrPrince
  • 2
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 18889336
You don't mention whether you are running OWA internally on http or https.

1. Generally speaking for this I add the internal site(s) to the Proxy Exceptions (internet tools - options - connections - lan settings - advanced) so that the browser doesn't even access the proxy service when an internal client calls an internal web site. You can also put in the ip range if you need more than the 255-ish characters allowed in the proxy exceptions box. ie 10.0.*; 172.30.254.*; 192.* etc to cover the internal ip addresses instead of using names.

2. Can you confirm that you have a rule within the firewall policy allowing traffic from internal & local host to internal & local host for the required traffic?

Either way you can then amend your publishing rule to just cover the external network only.

0
 

Author Comment

by:MrPrince
ID: 18890050
DOH! I had a rule for internal to internal but not local host to local host as well. I also whacked that rule in at the top and it works now. BTW what protocols would you suggest for nornal Internet Access? I've just specifed 'All Outbound Protocols' but is this a good idea?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18892002
lol, glad to have helped, its easily missed :)

Normal Internet is an interesting question....

Normally I allow http, https, & ftp from all users
dns from internal dns servers
smtp from smtp servers
However, all outbound is no issue whatsoever if this is what your IT Security policy allows.

Regards
Keith Alabaster
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now