• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Cannot publish OMA, EAS and OWA with only one listener

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Cannot publish OMA, EAS and OWA with only one listener Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
Cannot publish OMA, EAS and OWA with only one listener - 8.Sep.2006 12:25:34 PM   
brandy

 

Posts: 4
Joined: 25.Aug.2005
Status: offline
Yesterday I installed ISA 2006 Standard Edt in out production environment.

We uses ISA as reverse proxy to publish OMA, EAS (Active Sync) and OWA.

With ISA 2004 I follow this article http://www.isaserver.org/tutorials/2004pubowamobile.html to publish these services.
It is a really hack to use the localhost, but it works.

I read this blog:
http://blogs.isaserver.org/shinder/2006/05/03/isa-2006-enables-fba-and-activesync-rpchttp-on-the-same-web-listener
 
Because of this I decided to upgrade to ISA 2006, and get rid of the localhost listener. ( I install 2006 on a brand new server)
 
I create a publishing rule to publish OMA, OWA and EAS. I use forms-based  on the rule and EAS and OWA works fine, but OMA dosn`t work with the new forms based authentication. If I use basic authentication OMA work, but I want to use Forms Based!
 
Many of my users use Nokia with Mail for Exchange installed, but thay cannot sync after upgrade to ISA 2006. Qtek work fine.
 
Because of this problem I decided to downgrade to ISA 2004 again!!!
 
Any comments to my problems?
 
brandy
 
 

Post #: 1
RE: Cannot publish OMA, EAS and OWA with only one listener - 8.Sep.2006 7:44:37 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Brandy,

That's very interesting. I wonder if they took that away in RTM?

I'll have to check that out!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to brandy)
Post #: 2
RE: Cannot publish OMA, EAS and OWA with only one listener - 12.Sep.2006 5:01:48 PM   
FrancWest

 

Posts: 70
Joined: 22.Jul.2004
Status: offline
Hi,

I've also installed ISA 2006 Standard and I can succesfully sync with Mail for Exchange on my Nokia E70, but I have a problem with OMA and Windows Mobile 2003, when I access it using internet explorer from my Desktop or from the browser on the Nokia E70, I'm presented with the Form Based Authentication screen so that works. However, when I access it using Pocket Internet Explorer on my PDA running windows mobile 2003, I immediately get '401 Unauthorized. The server requires authentication to fullfill the request. I get no password prompt or the FBA screen.

Franc.

(in reply to tshinder)
Post #: 3
RE: Cannot publish OMA, EAS and OWA with only one listener - 13.Sep.2006 2:48:26 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

Are you delegating basic authentication credentails?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FrancWest)
Post #: 4
RE: Cannot publish OMA, EAS and OWA with only one listener - 13.Sep.2006 10:56:42 PM   
FrancWest

 

Posts: 70
Joined: 22.Jul.2004
Status: offline
Hi Tom,

yes. On the delegation tab for the OWA publishing rule 'Basic Authentication' is selected. Weird thing is, that it works in every browser, except for Windows Mobile 2003. Even my Nokia E70 displays the FBA logon screen, but WM2003 does not.

Franc.

(in reply to tshinder)
Post #: 5
RE: Cannot publish OMA, EAS and OWA with only one listener - 14.Sep.2006 3:49:34 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

Wish I could test this out, as there is a potential fix. What I need to know is the entry in the Client Agent field in the ISA Firewall's log files. Then we can potentially use this information for the failback to basic feature.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FrancWest)
Post #: 6
RE: Cannot publish OMA, EAS and OWA with only one listener - 14.Sep.2006 4:11:13 PM   
FrancWest

 

Posts: 70
Joined: 22.Jul.2004
Status: offline
Hi Tom,

this is the user agent string as recorded in the logs:

Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)

Regards,
Franc.

(in reply to tshinder)
Post #: 7
RE: Cannot publish OMA, EAS and OWA with only one listener - 15.Sep.2006 1:48:21 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

GREAT!

Let me check in to that and I'll get right back.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FrancWest)
Post #: 8
RE: Cannot publish OMA, EAS and OWA with only one listener - 15.Sep.2006 1:55:18 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

OK, here's what I have:

User agent= *Windows CE* associated with xHTML
User agent= *Symbain OS* associated with xHTML
User agent= *SonyEricsson* associated with xHTML

Soooooo...I will "assume" that the user-agent: header contains Windows CE and it should get the xHTML page that the smart phones receive. So it should work like it does with your smart phones.

Let's see if I can pull someone smarter than me into this thread.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to tshinder)
Post #: 9
RE: Cannot publish OMA, EAS and OWA with only one listener - 17.Sep.2006 3:09:23 AM   
alans

 

Posts: 67
Joined: 8.Mar.2006
Status: offline
Hi,

just wondering if you tried to update the phones firmware?

Seeing that it works on all other phones.

Regard

alans

(in reply to tshinder)
Post #: 10
RE: Cannot publish OMA, EAS and OWA with only one listener - 18.Sep.2006 4:05:11 PM   
henning

 

Posts: 3
Joined: 19.Jan.2004
From: Bergen, Norway
Status: offline
I have more or less the same scenario as Brandy descibes in his first post, trying to publish all exchange services on the same listener. Using mostly symbian based Nokias and SonyEricssons with roadsync and Nokia's own Mail4Exchange push email client. I spent quite a lot of time on timeout issues with ISA 2004 to make sure I had an "honest push email scenario" without constant timeouts and reauthentications. FYI here is a link to my posts on a Nokia forum describing some related issues: http://discussions.nokia.co.uk/discussions/tracker?user.id=8565 . I have deployed ISA 2006 in a test scenario and also experience that the OMA presents the FBA in the Nokia phone as Brandy describes. If I understand your posts correctlly, this is by design and does not pose any handicap in my scenarioes.

What I am having trouble with, is the timeout issue. On ISA 2004 I had this working by selecting 1800 secs on the ISA listener and on the IIS web server hosting the exchange directories.(Still not sure if the latter was necessary). This was based on the fact that the Roadsync product had a 15 minutes default keepalive setting for push email and that Nokia would not even disclose the value they had chosen. I also looked at the following MS article: http://support.microsoft.com/?id=905013 On the ISA 2006 I have selected the same value but clients keep disconnecting/reconnecting more or less all the time. I was hoping for some guidance here. The listener has FBA, Basic auth delegated, force users to auth.

Regards
Henning

< Message edited by henning -- 18.Sep.2006 6:01:54 PM >

(in reply to alans)
Post #: 11
RE: Cannot publish OMA, EAS and OWA with only one listener - 20.Sep.2006 1:17:50 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Henning,

So you find that FBA works OK for the OMA client?

I was wondering if maybe the authentication delegation was not set up right, as the delegation should be basic and SSL to SSL must be used.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to henning)
Post #: 12
RE: Cannot publish OMA, EAS and OWA with only one listener - 23.Sep.2006 9:53:56 PM   
FrancWest

 

Posts: 70
Joined: 22.Jul.2004
Status: offline
Hi Tom,

thanks for the update. Basic delegation is set up fine and I'm using SSL to SSL. When going to the oma page from a windows mobile device I'm directly presented with the oma.aspx page (along with a very long string before it, I suspect this is the cookie string). However, the page displays that I'm not authorized. So I assume that ISA 2006 thinks that it should handle the request just a if it's an activesync request thus passing through instead of presenting the FBA page. However, since it's unauthenticated it fails.

Just my thoughts.

Franc.

(in reply to tshinder)
Post #: 13
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 4:46:24 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

Does the OMA.aspx have fields to enter credentails?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FrancWest)
Post #: 14
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 4:48:36 PM   
FrancWest

 

Posts: 70
Joined: 22.Jul.2004
Status: offline
Hi Tom,

no, when accessing it from the internal network, I'm presented with the normal basic authentication dialog from IIS.

Franc.

(in reply to tshinder)
Post #: 15
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 4:54:58 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

How about from the external network, when they're going through the ISA Firewall?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FrancWest)
Post #: 16
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 4:59:23 PM   
FrancWest

 

Posts: 70
Joined: 22.Jul.2004
Status: offline
Hi Tom,

that's really the problem we are currently facing. As soon as we use one listener for Activesync, OMA and have FBA enabled on the ISA 2006 server, the issue occurs that's mentioned in this thread (unauthorized message and no FBA screen on Windows CE, but a FBA screen on Nokia E70 and normal desktops). When disabling the FBA on the isa server and passing through authentication to the exchange server itself then everything works. But that's not what we want, since we need ISA to authenticate on behalf of the exchange server.

Franc.

(in reply to tshinder)
Post #: 17
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 5:21:01 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

Is the User Agent field in the ISA Firewall's firewall log files showing "Windows CE" or something else?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FrancWest)
Post #: 18
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 5:23:11 PM   
FrancWest

 

Posts: 70
Joined: 22.Jul.2004
Status: offline
Hi Tom,

see my post earlier in this thread, where you asked me to lookup the user agent string.

Yes, it shows Windows CE.

Franc.

(in reply to tshinder)
Post #: 19
RE: Cannot publish OMA, EAS and OWA with only one listener - 26.Sep.2006 1:33:51 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Franc,

Then I'm stuck -- time for PSS call.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FrancWest)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Cannot publish OMA, EAS and OWA with only one listener Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts