Solved

Problem With OWA Via ISA on SBS

Posted on 2009-03-30
13
543 Views
Last Modified: 2012-05-06
Greetings
Setting up OWA on a SBS 2003 server with ISA 2004, I've had some issues, but managed to resolve most of them (certificate issues ect). Currently the issue that I am having involves logging into OWA from outside.

Internally, if I connect to the SBS server's internal IP the OWA works fine, but if I connect to the external address, it gives me the OWA log in screen, but I cant actually log in. I'm guessing the problem is between ISA and OWA, but I'm not sure.

When attempting to log in, the user just gets the log in screen again (note, users go back to a fresh log in screen, so even if you input incorrect details, you dont get an error, unless you are connecting internally)

Any sugestions ?
0
Comment
Question by:Xorb
13 Comments
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24019049
Is your OWA Server configured for Basic authentication over SSL?
0
 
LVL 15

Expert Comment

by:tntmax
ID: 24020483
Any errors in the logs? When you connect internally, are you using http or https? When you connect externally, you're using https, correct?
0
 
LVL 1

Expert Comment

by:robsdesk
ID: 24023113
That sounds like the OWA publishing rule is not configured correctly, you'll get the ISA FBA login however the rule may not be configured correctly to point to the actual server.  Have a look through the tabs on the publishing rule & make sure the internal name resolves correctly, can you hit the OWA page internally?
0
 
LVL 2

Author Comment

by:Xorb
ID: 24026804
Hi Guys
Thanks for the input, I'll try answer your questions a best i can, but seeing as how this is my first OWA installation, I'm still noob on the topic. (I worked off a article on the net)  Thanks for your patience

Raj-GT:
Where would I check that ?
In IIS I did set the exchange directory on my default website to use SSL. If that is not what you are asking, please instruct me on where I can find that setting.


tntmax:
 When you connect internally, are you using http or https? When you connect externally, you're using https, correct?
As far as I can tell, no errors in logs, but there might be logs i'm not checking. Please advise wich logs you think I should check.
I set my OWA to only work on SSL, so if I try connect on http internally, it just forwards to https emediately.
Yeah, I'm using ssl (https) externally. Not going to open OWA on HTTP to the outside world. Too paranoid.

Thanks


PS: If anyone wants to SEE the log in page, I can mail the URL for the OWA page on request.



robsdesk:That sounds like the OWA publishing rule is not configured correctly, you'll get the ISA FBA login however the rule may not be configured correctly to point to the actual server.  Have a look through the tabs on the publishing rule & make sure the internal name resolves correctly, can you hit the OWA page internally?
0
 
LVL 2

Author Comment

by:Xorb
ID: 24026878
Robsdesk:
"That sounds like the OWA publishing rule is not configured correctly" - OK,
"You'll get the ISA FBA login" - I quickly Google'd  "ISA FBA" and I must say it sounds like you are 100 % correct in what you are saying.

I did some fancy foot work with DNS so that internally the name I'm using EXTERNALLY resolves to the IP of the SBS internally. So when I'm accessing the page internally I DONT think that goes VIA ISA. Naturally that works fine.
If I try internally to input the server's external IP like so : https://192.168.10.100/exchange I get ISA FBA, and I cant get any further than that

"Have a look through the tabs on the publishing rule & make sure the internal name resolves correctly"
Not sure I follow you. "make sure the internal name resolves correctly" - more instructions please
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24027048
Most of your issues can be easily resolved by re-running SBS' "Internet and e-mail connectivity wizard" and entering the correct details. SBS is a complex product; while you can configure things by hand and get them to work, it is a whole lot easier to use the wizards that will configuring everything for you. (this will include folder IIS Exchange folder permissions and ISA rules)

Try it, and you wont be disappointed.

Thanks,
Raj
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Author Comment

by:Xorb
ID: 24050343
Raj-GT
Acctually I tried it before I posted this question, but since you think it might be the answer, I'll try it again

Thanks
0
 
LVL 2

Author Comment

by:Xorb
ID: 24077207
I can still only get my OWA page internally.
I'm SURE the problem is between ISA and IIS. Everytime I edit the rule I get a difrent error.
 I have tried everthing, even deleted and re-created the certifficate and the rule in ISA, and still cant get this thing to work.
Why is OWA so much harder to get working with ISA ?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 24078994
Would it be possible to upload screen shots for ALL tabs of your OWA publishing rule? I am sure we're missing something basic here.

Thanks,
Raj
0
 
LVL 2

Author Comment

by:Xorb
ID: 24079985
Hi Guys
I just downloaded the step by step white papers from microsoft. I re-did EVERYTHING, step by step, from the documentation. I took my time and attention, followed every last instruction, and still had the same problem as origanally reported.
I can get OWA internally but externally the log in page is the only page you get, no matter what you enter (correct or incorrect login details, you still get the same log on page)

I have even tried to use basic instead of forms based auth, and still, same result. (with FBA DISABLED!)
I Can hit my OWA page internally without a problem, and the name in the Rule does resolve as the servers internal IP.

Raj-GT
I have a better idea than screen dumps. Could you please send me a blank mail to
plankster_(at)_Atotal.co.za so I can email you something that might help you help me ( PLEASE HELP ME!)
0
 
LVL 14

Accepted Solution

by:
Raj-GT earned 125 total points
ID: 24146722
FBA was enabled in Exchange HTTP virtual server (SBS wizards should have disabled this!). Disabling it got rid of the problem.

Raj
0
 
LVL 2

Author Closing Comment

by:Xorb
ID: 31564321
Thank you Raj-GT for your effort, and for going out of your way to assist me with finding this mistake.
I wish I could thank you with more than words, but for what it's worth, thanks again !
0
 
LVL 2

Author Comment

by:Xorb
ID: 24148827
How Perculiar ! Thanks for pointing that out.
Though, I am a bit confused about the FBA setting in Exchange VS the FBA setting in ISA.
If you have FBA on in ISA should it be off in exchange ?
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now