Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
1311 Error "no logon servers available" on Edge ISA for OWA 2007
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
1311 Error "no logon servers available" on Ed... - 25.Feb.2008 5:43:47 PM
|
|
|
flakman
Posts: 15
Joined: 22.Dec.2007
From: California
Status: offline
|
Running Exchange 2007 SP1, Windows 2003 SP2, ISA 2006 w/Supportability Pack running a back-to-back scenario.
Logging in from inside is no problem. Logging in from the outside gives the error: "You could not be logged on to the ISA server. Make sure that your domain name, user name, and password are correct, and then try again."
If I change the Publishing Rule for the ISA boxes so that it allows All Users instead of Authenticated Users, I can log in. The problem is that I have configured the login for FBA UPN, but the login screen now only accepts just the username and password. No domain, no user@domain.com. Other than that, everything works correctly, not sure what may be wrong. I thank you in advance for any assistance.
Thanks.
John
|
|
|
|
|
RE: 1311 Error "no logon servers available" o... - 3.Mar.2008 2:29:57 PM
|
|
|
Snowfresh
Posts: 31
Joined: 18.Feb.2005
Status: offline
|
John,
I assume that your edge or front end firewall is not part of the domain?
So you have to use LDAP pre authentication. instead of Active Directory.
1. Create the access rule on the back-end ISA server to allow the traffic
from the front-end ISA server to the internal DC for authentication.
a. You can create a computer object for the front-end ISA server on the
back-end ISA server and input the IP address of the internal interface of
the front-end ISA server.
b. Create the access rule on the back-end ISA server as follows,
Rule name: Authentication OWA
Action: Allow
Protocol: All outbound traffic
Source: Newly defined computer object
Destination: Internal
Apply to: All users
c. Please move the rule to the top of the policy list and apply the change
immediately.
2. As the front-end ISA server is not the member of the domain, you need to
assign the LDAP server to perform the authentication. You can perform it
as follows,
1. Open the ISA Console, navigate to the Configuration node.
2. Click on the General node, click on Specify RADIUS and LDAP servers in
the middle pane of the console.
3. On the LDAP Server tab, input the detailed information of the LDAP
server. For example,
LDAP SERVER - FQND (this name should match the name of the Server Author
Cert on DC)
DESCRIPTION - ANYTHING
Type the Active Directory domain name ----domain.local
Make sure you only select "Connect LDAP server over Secure Connection")
Add Valid Credentials
Domain\administrator
password
Let me know if this works for you
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
