clarinetjun
asked on
Publish OWA and Outlook over RPC/HTTPS on Small Business Server 2003 with an Edge ISA Server 2006
Our organization uses a Samll Business Server 2003. Although it came with ISA server (premium version), it did not have ISA server installed on the box for various reasons. To minimize security risks, I setup an edge ISA server on a different box filtering the traffic. It has been working like a charm. However, I have come across a stumbling block when I try to publish Outlook Web Access and Outlook RPC/HTTPs. Basically, ISA does not want to work with SBS 2003 if end to end HTTPS is used. I have to compromise on the SBS 2003 to not to use HTTPS (uncheck require encryption on the exchange virtual directories within IIS). Although the client connection to the ISA 2006 server's external interface is still encrypted, once the traffic passes ISA, it becomes HTTP only. And this is the only way that I can make it work. By the same token, I thought it should work on Outlook over RPC/HTTPS, but it doesn't.
Dose anyone have similar experiences with this setup? I really want to get to the bottom of it. I've been searching everywhere on the Internet with no luck. Thanks all in advance.
Dose anyone have similar experiences with this setup? I really want to get to the bottom of it. I've been searching everywhere on the Internet with no luck. Thanks all in advance.
ASKER
Thanks for the comments. I do have second licenses purchased for both ISA 2006 Standard and Windows Server 2003 Standard. That's why I was able to installed a different box.
For the tunneling, where would I find that option when setting up the publishing rule on ISA? I will try your suggestion and get back to you.
For the tunneling, where would I find that option when setting up the publishing rule on ISA? I will try your suggestion and get back to you.
When you run the secure web site publishing rule you are asked if you want to bridge or tunnel the connection.
ASKER
I deletd the exisitng rule and run the publishing wizard again. There wasn't an option for tunneling. The only two options when it comes to connecting the web server or server farm was HTTPS-HTTPS and HTTPS-HTTP bridging. Any thoughts? I vaguely remeber in ISA 2004, you had the option for SSL tunneling.
lol - yes there is - which wizard are you running? The option is pretty much on the first page
ASKER
I used "Publish Exchange Web Client Access" wizard. I've attached some screenshots. The third one was the HTTPS to HTTP bridging. I was trying to make the first option work (HTTPS to HTTPS) but no success.
2-21-2009-8-16-08-PM.png
2-21-2009-8-16-42-PM.png
2-21-2009-8-17-04-PM.png
2-21-2009-8-16-08-PM.png
2-21-2009-8-16-42-PM.png
2-21-2009-8-17-04-PM.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
on ISA you could tunnel the https traffic directly to the SBS box rather than bridging it. This way SBS does what it is supposed to although you would need to rerun the remote and the ceicw wizards again to get it back to how it should be.