Link to home
Start Free TrialLog in
Avatar of clarinetjun
clarinetjunFlag for United States of America

asked on

Publish OWA and Outlook over RPC/HTTPS on Small Business Server 2003 with an Edge ISA Server 2006

Our organization uses a Samll Business Server 2003. Although it came with ISA server (premium version), it did not have ISA server installed on the box for various reasons. To minimize security risks, I setup an edge ISA server on a different box filtering the traffic. It has been working like a charm. However, I have come across a stumbling block when I try to publish Outlook Web Access and Outlook RPC/HTTPs. Basically, ISA does not want to work with SBS 2003 if end to end HTTPS is used. I have to compromise on the SBS 2003 to not to use HTTPS (uncheck require encryption on the exchange virtual directories within IIS). Although the client connection to the ISA 2006 server's external interface is still encrypted, once the traffic passes ISA, it becomes HTTP only. And this is the only way that I can make it work. By the same token, I thought it should work on Outlook over RPC/HTTPS, but it doesn't.

Dose anyone have similar experiences with this setup? I really want to get to the bottom of it. I've been searching everywhere on the Internet with no luck. Thanks all in advance.
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
First of all, you are breaking your license agreement. The SBS premium License is for ISA on the SBS box - if you use it on another machine then you need another ISA license and another license for the second operating system.

on ISA you could tunnel the https traffic directly to the SBS box rather than bridging it. This way SBS does what it is supposed to although you would need to rerun the remote and the ceicw wizards again to get it back to how it should be.

Avatar of clarinetjun
clarinetjun
Flag of United States of America image

ASKER

Thanks for the comments. I do have second licenses purchased for both ISA 2006 Standard and Windows Server 2003 Standard.  That's why I was able to installed a different box.

For the tunneling, where would I find that option when setting up the publishing rule on ISA? I will try your suggestion and get back to you.
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
When you run the secure web site publishing rule you are asked if you want to bridge or tunnel the connection.
Avatar of clarinetjun
clarinetjun
Flag of United States of America image

ASKER

I deletd the exisitng rule and run the publishing wizard again. There wasn't an option for tunneling. The only two options when it comes to connecting the web server or server farm was HTTPS-HTTPS and HTTPS-HTTP bridging. Any thoughts? I vaguely remeber in ISA 2004, you had the option for SSL tunneling.
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
lol - yes there is - which wizard are you running? The option is pretty much on the first page
Avatar of clarinetjun
clarinetjun
Flag of United States of America image

ASKER

I used "Publish Exchange Web Client Access" wizard. I've attached some screenshots. The third one was the HTTPS to HTTP bridging. I was trying to make the first option work (HTTPS to HTTPS) but no success.
2-21-2009-8-16-08-PM.png
2-21-2009-8-16-42-PM.png
2-21-2009-8-17-04-PM.png
ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial