ISA 2006, OWA (fba) & Motorola Q smart phone: page cannot be displayed

Greetings, experts.  I'm an IT Director who is testing out the use of a Motorola Q smart phone.  I'm running in to a pesky problem with ISA 2006 that I sure could use some help with.

History first:  Exchange 2000.  OWA works fine (internally & externally to my network).  On ISA 2006 a rule is set up to use HTML forms based authentication (FBA).

Problem:  When I attempt to hit my OWA server, the ISA FBA username & password fields appear.  I type in my users (with & without the domain) and password.  A "the page cannot be displayed" screen appears with "Error Code: 403 forbidden.  The server denied the specified Uniform Resource Locator (URL).  Contact the server administrator (12202)"

When I look at the ISA logs, I see a "denied connection" entry.  Protocol = HTTPS, Rule = Default Rule, Client IP = external IP, Client Username = my username, Source Network = External, Destination Network = blank, HTTP Method = GET, URL = http://myisaserversip.com.  (Notice that the URL is not HTTPS.)

I have checked and confirmed that the OWA rule exists, but the request from my Motorola Q smart phone doesn't seem to hit this Rule.

I'm rather despirate as I've got a short amount of time to try the phone.  Can anyone help me dig myself out of this hole?  While I'm no ISA guru, this doesn't make sense.

Cheers & thank you for taking the time to read this question.  

Todd
todjklkiAsked:
Who is Participating?
 
Keith AlabasterEnterprise ArchitectCommented:
I was about to jump straight in there with it sounds like the Phone is accessing as a direct http call rather than a secure connection. The fact it is hitting the default rule means that although there are rules in place, the traffic being received does not match any of them else it would have been blocked by one of the previous rules. The patch due to be released for ISA2006 has not been released to the public yet so you need to get the latest version of Wireshark and install it on the ISA Server. Set it to listen to the external interface. This will allow you to see exactly what traffic is arriving from the phone and you can make a rule to match.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thanks :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.