Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Almost There But I Am Missing Something...
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Almost There But I Am Missing Something... - 15.Mar.2004 2:09:00 AM
|
|
|
brandtda
Posts: 3
Joined: 15.Mar.2004
Status: offline
|
Greetings,
Nice article. I folloed it to a "T" but am getting a denied connection in the log when trying to get access to OWA from the ISA server. If I disable the firewall everything works fine including the cert.
The error in the log is:
Denied Connection, Default Rule, Client IP (Internal NIC on ISA Server 192.168.1.1), Source Network = Local Host, Destination = Internal (NIC on OWA Server 192.168.1.2)
It appears that the connection is denied when the ISA server is trying to communicate to the OWA Server on the internal net. Is there a network rule I forgot to set for the Internal network or something like that?
If I try from an external client the connection is established and then dropped. The client IP is recognized properly and is promted to accept the cert.
I am new to ISA and appreciate the assistance.
David
|
|
|
|
|
RE: Almost There But I Am Missing Something... - 15.Mar.2004 10:48:00 AM
|
|
|
ljp1967
Posts: 192
Joined: 23.Sep.2003
From: Australia
Status: offline
|
hi david,
are you using ssl - ssl bridging...?
ie: terminating ssl request at isa then setting up a new ssl tunnel over the internal network...
are you using basic authentication on the OWA website..?
on the OWA website have you configured it to only accept secure connections....?
in the browser on the isa server are you using https://owaservername/exchange ...and also is the browser configured to use isa server as proxy...?
what entries do you have in your LAT table...?
thanks,
ljp
|
|
|
|
|
RE: Almost There But I Am Missing Something... - 15.Mar.2004 12:07:00 PM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi David,
As Ljp points out, the common names are critical in the certs and in the Web Publishing rule. Everything needs to match. Review the article again and pay close attention to the comments I make regarding the names used.
Thanks!
Tom
|
|
|
|
|
RE: Almost There But I Am Missing Something... - 15.Mar.2004 1:33:00 PM
|
|
|
brandtda
Posts: 3
Joined: 15.Mar.2004
Status: offline
|
Thanks for the replies!
I am using SSL Bridging, basic authentication in OWA (Letting ISA do the forms auth), The OWA web site is configured for secure connections only. I am using https://server.coname.com/exchange with and without the proxy set in the browser.
The only entires in the LAT are 192.168.1.1 - 192.168.1.255.
I will go back and revisit the cert common names as Tom suggested.
I added a new network rule to allow SSL Internal to Internal and Local Host to Local host. When I use the browser on the ISA server then everything works fine, I get promted to accept the cert and then prompted for auth and then OWA works fine. It does not work from the external client. Somehow I feel that I should not have to do all of that though.
Thanks again for the help.
David
|
|
|
|
|
RE: Almost There But I Am Missing Something... - 15.Mar.2004 4:03:00 PM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi David,
What error do you see when trying to connect from an external client.
HTH,
Tom
|
|
|
|
|
RE: Almost There But I Am Missing Something... - 17.Mar.2004 9:18:00 PM
|
|
|
brandtda
Posts: 3
Joined: 15.Mar.2004
Status: offline
|
Hi Tom,
I have done a complete rebuild. I am able to publish regualr web sites now (with ease I might add!), I still can not get the OWA to publish correctly. it looks like I am much closer.
The error from the External Web browser is:
The page cannot be displayed
Error Code: 500 Internal Server Error. The target principal name is incorrect (-2146893022)
The log entry on the ISA server is:
Destination IP: 192.168.1.2 (OWA NIC) Protocol: https, Action: Failed Connection Attempt, Rule: OWA Web Site, Client IP: 10.10.10.1 (External client), Client Username: anaoymopus, Source Network: External, Destination Network: (Blank... is the issue?), HTTP: GET, URL: https://e2k3base.contoso.com/exchange
Thoughts?
Thanks! David
|
|
|
|
|
RE: Almost There But I Am Missing Something... - 18.Mar.2004 3:05:00 PM
|
|
|
tshinder
Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi David,
Check out the OWA publishing article. That error indicates either the redirect is miconfigured, or the names on the certificates on the firewall and the OWA site do not match.
HTH,
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Almost There But I Am Missing Something... - ![[Big Grin]](/image/smiles/biggrin.gif)
