?
Solved

Problem With OWA Via ISA on SBS

Posted on 2009-03-30
13
Medium Priority
?
549 Views
Last Modified: 2012-05-06
Greetings
Setting up OWA on a SBS 2003 server with ISA 2004, I've had some issues, but managed to resolve most of them (certificate issues ect). Currently the issue that I am having involves logging into OWA from outside.

Internally, if I connect to the SBS server's internal IP the OWA works fine, but if I connect to the external address, it gives me the OWA log in screen, but I cant actually log in. I'm guessing the problem is between ISA and OWA, but I'm not sure.

When attempting to log in, the user just gets the log in screen again (note, users go back to a fresh log in screen, so even if you input incorrect details, you dont get an error, unless you are connecting internally)

Any sugestions ?
0
Comment
Question by:Xorb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24019049
Is your OWA Server configured for Basic authentication over SSL?
0
 
LVL 15

Expert Comment

by:tntmax
ID: 24020483
Any errors in the logs? When you connect internally, are you using http or https? When you connect externally, you're using https, correct?
0
 
LVL 1

Expert Comment

by:robsdesk
ID: 24023113
That sounds like the OWA publishing rule is not configured correctly, you'll get the ISA FBA login however the rule may not be configured correctly to point to the actual server.  Have a look through the tabs on the publishing rule & make sure the internal name resolves correctly, can you hit the OWA page internally?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 2

Author Comment

by:Xorb
ID: 24026804
Hi Guys
Thanks for the input, I'll try answer your questions a best i can, but seeing as how this is my first OWA installation, I'm still noob on the topic. (I worked off a article on the net)  Thanks for your patience

Raj-GT:
Where would I check that ?
In IIS I did set the exchange directory on my default website to use SSL. If that is not what you are asking, please instruct me on where I can find that setting.


tntmax:
 When you connect internally, are you using http or https? When you connect externally, you're using https, correct?
As far as I can tell, no errors in logs, but there might be logs i'm not checking. Please advise wich logs you think I should check.
I set my OWA to only work on SSL, so if I try connect on http internally, it just forwards to https emediately.
Yeah, I'm using ssl (https) externally. Not going to open OWA on HTTP to the outside world. Too paranoid.

Thanks


PS: If anyone wants to SEE the log in page, I can mail the URL for the OWA page on request.



robsdesk:That sounds like the OWA publishing rule is not configured correctly, you'll get the ISA FBA login however the rule may not be configured correctly to point to the actual server.  Have a look through the tabs on the publishing rule & make sure the internal name resolves correctly, can you hit the OWA page internally?
0
 
LVL 2

Author Comment

by:Xorb
ID: 24026878
Robsdesk:
"That sounds like the OWA publishing rule is not configured correctly" - OK,
"You'll get the ISA FBA login" - I quickly Google'd  "ISA FBA" and I must say it sounds like you are 100 % correct in what you are saying.

I did some fancy foot work with DNS so that internally the name I'm using EXTERNALLY resolves to the IP of the SBS internally. So when I'm accessing the page internally I DONT think that goes VIA ISA. Naturally that works fine.
If I try internally to input the server's external IP like so : https://192.168.10.100/exchange I get ISA FBA, and I cant get any further than that

"Have a look through the tabs on the publishing rule & make sure the internal name resolves correctly"
Not sure I follow you. "make sure the internal name resolves correctly" - more instructions please
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24027048
Most of your issues can be easily resolved by re-running SBS' "Internet and e-mail connectivity wizard" and entering the correct details. SBS is a complex product; while you can configure things by hand and get them to work, it is a whole lot easier to use the wizards that will configuring everything for you. (this will include folder IIS Exchange folder permissions and ISA rules)

Try it, and you wont be disappointed.

Thanks,
Raj
0
 
LVL 2

Author Comment

by:Xorb
ID: 24050343
Raj-GT
Acctually I tried it before I posted this question, but since you think it might be the answer, I'll try it again

Thanks
0
 
LVL 2

Author Comment

by:Xorb
ID: 24077207
I can still only get my OWA page internally.
I'm SURE the problem is between ISA and IIS. Everytime I edit the rule I get a difrent error.
 I have tried everthing, even deleted and re-created the certifficate and the rule in ISA, and still cant get this thing to work.
Why is OWA so much harder to get working with ISA ?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24078994
Would it be possible to upload screen shots for ALL tabs of your OWA publishing rule? I am sure we're missing something basic here.

Thanks,
Raj
0
 
LVL 2

Author Comment

by:Xorb
ID: 24079985
Hi Guys
I just downloaded the step by step white papers from microsoft. I re-did EVERYTHING, step by step, from the documentation. I took my time and attention, followed every last instruction, and still had the same problem as origanally reported.
I can get OWA internally but externally the log in page is the only page you get, no matter what you enter (correct or incorrect login details, you still get the same log on page)

I have even tried to use basic instead of forms based auth, and still, same result. (with FBA DISABLED!)
I Can hit my OWA page internally without a problem, and the name in the Rule does resolve as the servers internal IP.

Raj-GT
I have a better idea than screen dumps. Could you please send me a blank mail to
plankster_(at)_Atotal.co.za so I can email you something that might help you help me ( PLEASE HELP ME!)
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 500 total points
ID: 24146722
FBA was enabled in Exchange HTTP virtual server (SBS wizards should have disabled this!). Disabling it got rid of the problem.

Raj
0
 
LVL 2

Author Closing Comment

by:Xorb
ID: 31564321
Thank you Raj-GT for your effort, and for going out of your way to assist me with finding this mistake.
I wish I could thank you with more than words, but for what it's worth, thanks again !
0
 
LVL 2

Author Comment

by:Xorb
ID: 24148827
How Perculiar ! Thanks for pointing that out.
Though, I am a bit confused about the FBA setting in Exchange VS the FBA setting in ISA.
If you have FBA on in ISA should it be off in exchange ?
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question