Welcome to ISAserver.org

401 Unauthorized Error

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> 401 Unauthorized Error

Page: [1]

Message

<< Older Topic Newer Topic >>

401 Unauthorized Error - 4.Mar.2008 5:04:12 PM

ViPeRaY

Posts: 4
Joined: 4.Mar.2008
Status: offline

I am trying to publish exchange 2003 outlook web access with isa 2006. Everything seems ok, isa login page comes up, i enter my credientials after i click log on i am getting the error below. When i try to access exchange owa internally there is no problem, i can successfully log on. Any ideas?

Error Code: 401 Unauthorized. The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. (12209)

Post #: 1

Featured Links*

RE: 401 Unauthorized Error - 4.Mar.2008 7:32:44 PM

Rotorblade

Posts: 973
Joined: 27.Feb.2007
Status: offline

Are you using FBA on the ISA? If so, have you disabled FBA on the Exchange server?

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to ViPeRaY)

Post #: 2

RE: 401 Unauthorized Error - 4.Mar.2008 8:19:57 PM

ViPeRaY

Posts: 4
Joined: 4.Mar.2008
Status: offline

i am using FBA and i disabled the FBA on the exchange server.

(in reply to Rotorblade)

Post #: 3

RE: 401 Unauthorized Error - 5.Mar.2008 12:56:41 PM

ViPeRaY

Posts: 4
Joined: 4.Mar.2008
Status: offline

Here is my settings. Btw i have only one exchange server, there is no front end server.
    mail.abc.com is the public domain which points the ip address of isa's external network.
    on the isa i have a static dns entry that points mail.abc.com to internal exchange server.
    i created a certificate for mail.abc.com for defaut web site which has exchange site in it, i am using same certificate on the isa as well as on the default web site.

Exchange System Manager

ISS Settings

ISA Settings

(in reply to ViPeRaY)

Post #: 4

RE: 401 Unauthorized Error - 5.Mar.2008 2:36:27 PM

ViPeRaY

Posts: 4
Joined: 4.Mar.2008
Status: offline

Ok i solved the problem. i changed the paths on the isa server
from /* /exchange
to /* /exchange/*

However now i see my inbox but no graphics.

I think this is happening because of certificate issue. i have an error log like below.

Events that triggered the alert:
3/5/2008 1:28:01 PM - ISA Server could not establish an SSL connection with the published server 192.168.1.2 on port 443 because the name on the SSL server certificate used by the published server does not match the internal name of the Web server mail.abc.com, as specified in the publishing rule.
Verify that the internal name specified in the publishing rule is correct. If the problem persists contact the Web server administrator

how should i solve this problem? i have an internal CA. the name of the web server zeus.abc.local how should i create the certificate?

< Message edited by ViPeRaY -- 5.Mar.2008 3:03:54 PM >

(in reply to ViPeRaY)

Post #: 5

RE: 401 Unauthorized Error - 6.Mar.2008 12:34:52 PM

Rotorblade

Posts: 973
Joined: 27.Feb.2007
Status: offline

Hi again,

Well, first let's focus on the publishing rule paths before tackling the certificate problem. Basically, you�re missing a few required OWA paths. The articles below will guide you through what you�re missing. Adding the /exchange/* is correct but you also need to add the other paths too.

http://www.msexchange.org/articles/Redirecting-OWA-Users-Correct-Directories-Protocols-Part1.html

http://www.isaserver.org/articles/2004pubowartm.html

The publishing rule is applied to the �All Authenticated Users� set. This should be set to �All Users�

quote:

I think this is happening because of certificate issue. i have an error log like below.

Yes, that would be the issue and it also puts you in a bit of a catch-22. There are a couple of options that you can consider. Option 1; don�t bridge SSL back and use HTTP instead. Option 2; configure a �Split DNS� infrastructure. This may also require adding an Exchange FE server. The articles below may be of some help.

http://www.isaserver.org/articles/2004pubowartm.html
http://www.microsoft.com/technet/isa/2004/plan/digitalcertificates.mspx
http://www.microsoft.com/technet/isa/2004/plan/tscerts.mspx

http://www.isaserver.org/tutorials/You_Need_to_Create_a_Split_DNS.html

http://www.isaserver.org/tutorials/2004illegaltldsplitdns.html

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to ViPeRaY)

Post #: 6

RE: 401 Unauthorized Error - 6.Mar.2008 8:09:57 PM

Rotorblade

Posts: 973
Joined: 27.Feb.2007
Status: offline

quote:

The publishing rule is applied to the �All Authenticated Users� set. This should be set to �All Users

After thinking about it, please disregard the above; �All Authenticated Users� is the default. If you have authentication issues, set it to All users to see if you can access.

Also, check out the below articles:

http://blogs.isaserver.org/shinder/2006/09/21/redirecting-http-requests-to-ssl-requests-using-the-2006-isa-firewall/

http://blogs.isaserver.org/pouseele/2006/11/01/redirecting-owa-users-to-the-correct-directories-and-protocols-with-isa-server-2006/

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to Rotorblade)

Post #: 7