Link to home
Start Free TrialLog in
Avatar of hlh_admin
hlh_admin

asked on

OWA for Exchange 2003

I have been trying to get owa setup so that I can access from external. I can access owa internally from:
http://internalip:8080/exchange/      and
https://internalip:4433/exchange/

I have my certificates in place (have my own ca and created my own certificates). I can ping owa.domain.com from ISA server and it resolves to the internal IP, but I cant access owa.domain.com from web browser on ISA server. I also cant access from external (but im sure until i can access from web browser on ISA then I wont be able to externally). I need help here. I cannot figure out what im missing. This is my 6th attempt at this in 3 years. Surely someone can help me finally get this squared away.

for reference the guide im following is: http://www.isaserver.org/tutorials/2004owafba.html

ISA 2004
Exchange 2003
Server 2003
ASKER CERTIFIED SOLUTION
Avatar of Mandeep Khalsa
Mandeep Khalsa

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of hlh_admin
hlh_admin

ASKER

I will check on the ports. When you say add the port numbers to the url, does that mean i have to add them to the certificate as well?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Try telnet to the the exchange server on ports 8080 and 4433
I can telnet to port 4433 and 8080..
From inside, outside or both?
inside...
Can you telnet from ISA server itself? Do you have rule in place on ISA to allow traffic to flow from the server to internal network on those ports?
I can telnet from ISA.

I telnet to
Internalip 4433
Avatar of Shreedhar Ette
why you are using non standard ports?
I am using 443. Like I said, I can access owa from inside to both 8080 and 4433. Also, I am a self taught it guy and still have a lot to learn. I appreciate ur patience.
In the ISA OWA publishing rule - Bridging tab - need to set the HTTP port to 8080
CHeck In the ISA OWA publishing rule - Link Translation tab
it wont let me use 8080 on this rule cause another rule is using it.
If you have to use a non standard port try something else besides 8080 like 8081 maybe or just 81.
I can open a browser and navigate to https://owa.domain.com:4433/exchange internally from the ISA server and it works just not externaly.
Can you send the screenshot of the error
Can you post details of the rule you created in ISA for forwarding the incoming port to the exchange server?
This is what i get when i try to access from external.
owa.png
Here is a pdf of combined images showing th rule in place.
owa.pdf
Looks like purely issue with ISA server rule configuration which not allowing the external requests
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
"I think your issue is with the "Traffic" tab on the server publishing rule. You are choosing HTTPS which should go to port 443. Update the definition of that HTTPS to also include the 4433"
Can you elaborate on this a lil. I dont know how to do this.

"Also you might want to do some network capture to see where exactly is the traffic coming in being stopped."
what do you mean by this?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ok i looked in my alerts on isa and here are 2:

-upstream chaining credentials
Description: ISA Server failed to establish an SSL connection with (exchange internal ip). No connection could be made because the target machine actively refused it.
 The failure is due to error: No connection could be made because the target machine actively refused it.

-SSL connection failure with published server (name mismatch)
Description: ISA Server could not establish an SSL connection with the published server 10.0.0.4 because the name on the SSL server certificate used by the published server does not match the name of the server owa.heritagelog.com, specified in the publishing rule.
Verify that the internal name specified in the publishing rule is correct. If the problem persists contact the Web server administrator.

still checking on the protocol definitions
ok i found a protocol for https and it is set to 443 but wont let me edit that.. would i create another protocol for https for 4433 and leave the other one in place?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok.. So, I followed this tutorial: http://www.isaserver.org/tutorials/2004owafba.html

I applied these changes:
KhalsaComputer said:
- "I think your issue is with the "Traffic" tab on the server publishing rule. You are choosing HTTPS which should go to port 443. Update the definition of that HTTPS to also include the 4433 and see if that helps getting the traffic through."
-I haven't worked with ISA in a while but I think on the right side there is a menu. In there one of the options is "protocol definitions" or something similar. In here you will see details about HTTPS. Edit the settings on that to include the port 4433.

I also recreated the ceritficates and now I can access owa from external. I still cant just put in https://owa.domain.com, instead I have to put in https://owa.domain.com:4433/exchange.

But it works.. I will continue to work on the settings to fine tune it to how I like it but its working and I appreciate all the feedback I have received.

This is a great tutorial for anyone wanting to set up owa.