Can't Publish Owa 2003 on ISA 2006

Posted on 2009-02-11
Last Modified: 2012-05-06
Hi all,
i have a weird problem, i want to publish OWA on ISA 2006.
i have 1 exchange server 2003 and 1 ISA server as edge firewall.
i did all the steps listed on all forums regarding OWA publishing, i'll list them again step by step maybe i forgot something:
1- Backup the certificate from exchange and install it in the personal folder on ISA.
2- Create a HOSTS file entry for split-DNS style resolution.
3- Create Https Listener on both internal and external network.
4-Create the Exchange Web Client Access Publishing Rule.
5- i tried also this:
    * Change Requests appears to come from the original Client in the To Tab
    * Enable Require 128 Bit encryption for HTTPS Traffic in the Traffic Tab
    * Navigate to the Listener Properties and select the Forms tab.
       Under Password Management enable Allow users to change their Passwords.

Still no luck, keep in mind that i could easily publish exchange server, mail is working ok.
OWA is working fine also if u access the exchange directly from the LAN via IP or hostname.

i've been all the the day working on it, i tried all the settings.
I just need to know if i miss something? maybe i should create an access rule to open port 443 from the external network to Localhost?
any clue will help on this coz im running out of ideas.
thanks a lot

here is the articles that i used:
Question by:usere3
    LVL 31

    Expert Comment

    by:Toni Uranjek

    Two simple questions:
    1. What is the error you get when accessing owa web site from internet?
    2. When you test the rule in ISA 2006, do you get any errors? I mean when you click "Test Rule" button in properties of rule, does ti report that isa can access exchange?

    LVL 19

    Expert Comment

    Do you have ISA SP1 installed?
    LVL 51

    Expert Comment

    by:Keith Alabaster
    If you are using someone else's guidance, such as, then I can't really help you. if you get to the point where you want to use the Microsoft approach then let me know - as it sure isn't what you describe in your initial post.


    Author Comment

    keith, i have a problem and any help will be appreciated.
    i dont have sp1, ill install it tomorrow, and than ill give u the right error in IE, i think its web site not found or something like that.
    anyway i just want to know is there anything i should do, did i miss anything or i should troubleshoot my configuration?  
    LVL 51

    Accepted Solution

    I assume everything else on ISA is running OK - or do you want to check the basics as well?
    Download and run the best practice analyser - get it here

    You use the term backup the certificate. You actually need to export the cert along with the private key - is this what you did? if not, it will not work.
    If you want to troubleshoot the certs on ISA, this is a good method. it actually mentions 2004 but as you are not talking here about Sharepoint, the process is the same.

    Do NOT use an access rule - it will send everything bonkers - especially as you will be using a NAT relationship between the internal and external interfaces. For inbound traffic on a NAT relationship you need to use the publishing rules.

    Publishing OWA from Ex2007 is totally different to publishing OWA from ex2003 - even the services are different so ignore that link you mentioned in your first post.
    This is the Microsoft method:

    Author Comment

    thanks keith, i exportedthe certificate right with the key, ill try the Microsoft way and ill tell what will happen.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    OK - running the BPA is also a good tool - you can be surprised what is sometimes turned up.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    "Migrate" an SMTP relay receive connector to a new server using info from an old server.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now