ISA 2006, OWA (fba) & Motorola Q smart phone:  page cannot be displayed

Posted on 2007-09-28
Medium Priority
Last Modified: 2008-11-17
Greetings, experts.  I'm an IT Director who is testing out the use of a Motorola Q smart phone.  I'm running in to a pesky problem with ISA 2006 that I sure could use some help with.

History first:  Exchange 2000.  OWA works fine (internally & externally to my network).  On ISA 2006 a rule is set up to use HTML forms based authentication (FBA).

Problem:  When I attempt to hit my OWA server, the ISA FBA username & password fields appear.  I type in my users (with & without the domain) and password.  A "the page cannot be displayed" screen appears with "Error Code: 403 forbidden.  The server denied the specified Uniform Resource Locator (URL).  Contact the server administrator (12202)"

When I look at the ISA logs, I see a "denied connection" entry.  Protocol = HTTPS, Rule = Default Rule, Client IP = external IP, Client Username = my username, Source Network = External, Destination Network = blank, HTTP Method = GET, URL = http://myisaserversip.com.  (Notice that the URL is not HTTPS.)

I have checked and confirmed that the OWA rule exists, but the request from my Motorola Q smart phone doesn't seem to hit this Rule.

I'm rather despirate as I've got a short amount of time to try the phone.  Can anyone help me dig myself out of this hole?  While I'm no ISA guru, this doesn't make sense.

Cheers & thank you for taking the time to read this question.  

Question by:todjklki
  • 2
LVL 51

Accepted Solution

Keith Alabaster earned 2000 total points
ID: 19982407
I was about to jump straight in there with it sounds like the Phone is accessing as a direct http call rather than a secure connection. The fact it is hitting the default rule means that although there are rules in place, the traffic being received does not match any of them else it would have been blocked by one of the previous rules. The patch due to be released for ISA2006 has not been released to the public yet so you need to get the latest version of Wireshark and install it on the ISA Server. Set it to listen to the external interface. This will allow you to see exactly what traffic is arriving from the phone and you can make a rule to match.
LVL 51

Expert Comment

by:Keith Alabaster
ID: 19987277
Thanks :)

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question