?
Solved

Outlook anywhere / ISA 2006

Posted on 2009-02-19
19
Medium Priority
?
1,564 Views
Last Modified: 2012-05-06
12239 error in ISA log when trying to connect to Outlook anywhere.
OWA, Activesync working internally and externally.
HTTPS / RPC working internally.
0
Comment
Question by:Carol Chisholm
  • 12
  • 7
19 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23683248
So?
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23684112
Well I would like not to have an error and to be able to connect.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23684154
So if you would like to give details of the setup, what you have tried alreaady to fix the problem, the supportability pack level and service pack level of ISA, how ISA is installed - proxy or proxy/firewall etc maybe we can help. Just giving three lines with no reference info doesn't help us to try and help you....
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685165
OK It's ISA 2006 5.0.5723.493
I've validated the outlook anywhere settings internally (test-outlookwebservices) all is OK.
Outlook 2003 and 2007 clients can connect using RPC/HTTPS internally.
The test for outlook connectivity (right click on OL icon) si successful for HTTPS and RCP internally but fails externally.
I have one SAN certificate owa.smalldomain.ch with just about evey possible server URL in it.
The internal and external URLs are all the same.
OWA and Activesync are fin internally and externally.
The CA root certificate is installed on the client machine (I'm using a self generate cert).
I've tried various combinations of basic and integrate authentication on the IIS and ISA server.
I'm using the same listener for OWA and for Outlook Anywhere.
In my ISA log I see the publishing rule for Outlook anywhere refuse a connection twice on each attempt.
On the client I get multiple login promts from the Exchange 2007 computer.
Fiels attached with logs.



0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685191
test from LAN
ex-2007-lan.doc
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 1200 total points
ID: 23685278
Doesn't look like you have the ISA2006 supportability pack installed but might be wrong.

Are you authenticating against RSA? the AD? or just through the certificate? RSA does not carry overe the credentials so might be an issue.

12239 means that at least the request is getting through - good start :)

Have you followed this thread?
http://www.tech-archive.net/Archive/ISA/microsoft.public.isa.publishing/2008-02/msg00031.html
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685334
In fact in several hours of attempts I now have different errors.... 403 and then 64, but it still does not work.


test-external.doc
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685371
Authenticating against AD, it works for OWA Sharepoint and Activesync
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685442
Any what is the ISA2006 supportability pack?
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685455
Microsoft Internet Security and Acceleration (ISA) Server 2006 Supportability Update I suppose....
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23685468
yes - (eating my dinner)
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685580
Downloading and installing.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23685657
on my pudding....
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685675
I'll be going to bed soon, not back to this problem 'till Saturday. It's not that urgent.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23685702
OK - its 8.30PM here too Carol. The break will give me some time to follow up with some reading on this as well.
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23685799
21:30 here... Got to go to Geneva tomorrow early.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23685810
:)
0
 
LVL 16

Author Comment

by:Carol Chisholm
ID: 23713883
Back to this problem.
I have read through the isaserver.org paper http://www.isaserver.org/tutorials/Publishing-Exchange-2007-Outlook-Autodiscover-2006-ISA-Firewalls.html
It only refers to ISA 2006, not to SP1. The solution requires 2 IP addresses, 2 certificates and 2 listeners.
I have 2 IP addresses, but I also have sites with only one IP address, and it seems massivley complex to access a single CAS server with two of everything.

I'm now trying with my SAN cert and a single IP address, first I get a
"certificate name does not match the name of the site" associated with a 12239 server requires authentication in the ISA log.
Then I get a 12232 server denied he specific URL

So basically I want to know if it is possible to publish OWA, Activesync and Outlook anywhere for Exchange 2007 / Outlook 2007 with one IP and one SAN certificate, using ISA 2006 SP1
0
 
LVL 16

Accepted Solution

by:
Carol Chisholm earned 0 total points
ID: 23998629
Finally got it working by adding autodiscover and RPC paths to the existing OWA publishing rule. I only need one rule and one listener.
It wll works wondfully
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today as you open your Outlook, you witness an error message: “Outlook is using an old copy of your Outlook Data File…”. Probably, Outlook is accessing an old OST file.
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month9 days, 13 hours left to enroll

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question