OWA 2010 vs ISA 2006 vs RSA AM 6.1 vs SSL
Posted on 2011-05-10
I'm hoping that someone has done this, and can help out ?!
Our scenario is :-
1. Exchange 2010 OWA on Windows 2008 R2 64bit with RSA Auth Manager 6.1 as replica
2. ISA 2006 Std on Windows 2003
3. NAT between OWA and ISA
The other Exchange 2010 servers are on the same subnet as the OWA, and the RSA master.
The RSA master is fine and works with RADIUS from firewall.
OWA works, with certificate errors, but allows us in, on forms-based auth.
We have a new SSL certificate, created for our owa / exchange use, with an intermediate, all in a pfx file which imports into the ISA server mmc as well as the OWA server mmc.
If we try import the pfx into EMC we get "certificate is invalid for exchange server usage"
ISA 2006 listener also does not like the certificate, saying "private key not installed"
If I install RSA AM onto the OWA box, as a replica, it finds the replica package but then errors later. The installation then finishes but I can see it is not 100%. We have copied the sdconf.rec file as required, and if we recreate the replica package and apply it, we get "SHFileOperation copy failed"
Setting up an ISA publish rule, with correct settings, gives us the RSA "106 - server too busy" error.
We had a successful RSA SecureID with ISA 2004 and OWA 2003.
If we browse to the internal ISA NIC, we get through the NAT and can connect to OWA, with SSL errors.
If we browse to the external ISA NIC, we get nothing !
ISA is working, and we were able to publish a basic http page on the OWA box. The minute SSL is selected, it no worky !
Does anyone have a list of steps to follow, to get the SSL to behave, as well as the ISA to publish the RSA correctly ? Do you have to follow the "Exchange certificate request" wizard ?
Or am I pushing my luck trying to get this all working together ?
Thanks in advance