Running Exchange 2007 SP1, Windows 2003 SP2, ISA 2006 w/Supportability Pack running a back-to-back scenario.
Logging in from inside is no problem. Logging in from the outside gives the error: "You could not be logged on to the ISA server. Make sure that your domain name, user name, and password are correct, and then try again." If I change the Publishing Rule for the ISA boxes so that it allows All Users instead of Authenticated Users, I can log in. The problem is that I have configured the login for FBA UPN, but the login screen now only accepts just the username and password. No domain, no firstname.lastname@example.org. Other than that, everything works correctly, not sure what may be wrong. I thank you in advance for any assistance.
I assume that your edge or front end firewall is not part of the domain? So you have to use LDAP pre authentication. instead of Active Directory.
1. Create the access rule on the back-end ISA server to allow the traffic from the front-end ISA server to the internal DC for authentication. a. You can create a computer object for the front-end ISA server on the back-end ISA server and input the IP address of the internal interface of the front-end ISA server. b. Create the access rule on the back-end ISA server as follows, Rule name: Authentication OWA Action: Allow Protocol: All outbound traffic Source: Newly defined computer object Destination: Internal Apply to: All users c. Please move the rule to the top of the policy list and apply the change immediately.
2. As the front-end ISA server is not the member of the domain, you need to assign the LDAP server to perform the authentication. You can perform it as follows, 1. Open the ISA Console, navigate to the Configuration node. 2. Click on the General node, click on Specify RADIUS and LDAP servers in the middle pane of the console. 3. On the LDAP Server tab, input the detailed information of the LDAP server. For example, LDAP SERVER - FQND (this name should match the name of the Server Author Cert on DC) DESCRIPTION - ANYTHING Type the Active Directory domain name ----domain.local Make sure you only select "Connect LDAP server over Secure Connection") Add Valid Credentials Domain\administrator password
I understand this thread is a bit dated. I am deploying web publishing on TMG server. And currently looking into Secured LDAP Connection. Would like to find out for the domain user, what kind of domain permission is required? Can I key in normal domain user ID with only user permission?