Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Cannot publish OMA, EAS and OWA with only one listener
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Cannot publish OMA, EAS and OWA with only one listener - 8.Sep.2006 12:25:34 PM
|
|
|
brandy
Posts: 4
Joined: 25.Aug.2005
Status: offline
|
Yesterday I installed ISA 2006 Standard Edt in out production environment.
We uses ISA as reverse proxy to publish OMA, EAS (Active Sync) and OWA.
With ISA 2004 I follow this article http://www.isaserver.org/tutorials/2004pubowamobile.html to publish these services.
It is a really hack to use the localhost, but it works.
I read this blog:
http://blogs.isaserver.org/shinder/2006/05/03/isa-2006-enables-fba-and-activesync-rpchttp-on-the-same-web-listener
Because of this I decided to upgrade to ISA 2006, and get rid of the localhost listener. ( I install 2006 on a brand new server)
I create a publishing rule to publish OMA, OWA and EAS. I use forms-based on the rule and EAS and OWA works fine, but OMA dosn`t work with the new forms based authentication. If I use basic authentication OMA work, but I want to use Forms Based!
Many of my users use Nokia with Mail for Exchange installed, but thay cannot sync after upgrade to ISA 2006. Qtek work fine.
Because of this problem I decided to downgrade to ISA 2004 again!!!
Any comments to my problems?
brandy
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 12.Sep.2006 5:01:48 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hi,
I've also installed ISA 2006 Standard and I can succesfully sync with Mail for Exchange on my Nokia E70, but I have a problem with OMA and Windows Mobile 2003, when I access it using internet explorer from my Desktop or from the browser on the Nokia E70, I'm presented with the Form Based Authentication screen so that works. However, when I access it using Pocket Internet Explorer on my PDA running windows mobile 2003, I immediately get '401 Unauthorized. The server requires authentication to fullfill the request. I get no password prompt or the FBA screen.
Franc.
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 13.Sep.2006 10:56:42 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hi Tom,
yes. On the delegation tab for the OWA publishing rule 'Basic Authentication' is selected. Weird thing is, that it works in every browser, except for Windows Mobile 2003. Even my Nokia E70 displays the FBA logon screen, but WM2003 does not.
Franc.
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 14.Sep.2006 3:49:34 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Franc,
Wish I could test this out, as there is a potential fix. What I need to know is the entry in the Client Agent field in the ISA Firewall's log files. Then we can potentially use this information for the failback to basic feature.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 14.Sep.2006 4:11:13 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hi Tom,
this is the user agent string as recorded in the logs:
Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)
Regards,
Franc.
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 15.Sep.2006 1:55:18 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Franc,
OK, here's what I have:
User agent= *Windows CE* associated with xHTML
User agent= *Symbain OS* associated with xHTML
User agent= *SonyEricsson* associated with xHTML
Soooooo...I will "assume" that the user-agent: header contains Windows CE and it should get the xHTML page that the smart phones receive. So it should work like it does with your smart phones.
Let's see if I can pull someone smarter than me into this thread.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 17.Sep.2006 3:09:23 AM
|
|
|
alans
Posts: 67
Joined: 8.Mar.2006
Status: offline
|
Hi,
just wondering if you tried to update the phones firmware?
Seeing that it works on all other phones.
Regard
alans
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 18.Sep.2006 4:05:11 PM
|
|
|
henning
Posts: 3
Joined: 19.Jan.2004
From: Bergen, Norway
Status: offline
|
I have more or less the same scenario as Brandy descibes in his first post, trying to publish all exchange services on the same listener. Using mostly symbian based Nokias and SonyEricssons with roadsync and Nokia's own Mail4Exchange push email client. I spent quite a lot of time on timeout issues with ISA 2004 to make sure I had an "honest push email scenario" without constant timeouts and reauthentications. FYI here is a link to my posts on a Nokia forum describing some related issues: http://discussions.nokia.co.uk/discussions/tracker?user.id=8565 . I have deployed ISA 2006 in a test scenario and also experience that the OMA presents the FBA in the Nokia phone as Brandy describes. If I understand your posts correctlly, this is by design and does not pose any handicap in my scenarioes.
What I am having trouble with, is the timeout issue. On ISA 2004 I had this working by selecting 1800 secs on the ISA listener and on the IIS web server hosting the exchange directories.(Still not sure if the latter was necessary). This was based on the fact that the Roadsync product had a 15 minutes default keepalive setting for push email and that Nokia would not even disclose the value they had chosen. I also looked at the following MS article: http://support.microsoft.com/?id=905013 On the ISA 2006 I have selected the same value but clients keep disconnecting/reconnecting more or less all the time. I was hoping for some guidance here. The listener has FBA, Basic auth delegated, force users to auth.
Regards
Henning
< Message edited by henning -- 18.Sep.2006 6:01:54 PM >
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 20.Sep.2006 1:17:50 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Henning,
So you find that FBA works OK for the OMA client?
I was wondering if maybe the authentication delegation was not set up right, as the delegation should be basic and SSL to SSL must be used.
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 23.Sep.2006 9:53:56 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hi Tom,
thanks for the update. Basic delegation is set up fine and I'm using SSL to SSL. When going to the oma page from a windows mobile device I'm directly presented with the oma.aspx page (along with a very long string before it, I suspect this is the cookie string). However, the page displays that I'm not authorized. So I assume that ISA 2006 thinks that it should handle the request just a if it's an activesync request thus passing through instead of presenting the FBA page. However, since it's unauthenticated it fails.
Just my thoughts.
Franc.
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 4:48:36 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hi Tom,
no, when accessing it from the internal network, I'm presented with the normal basic authentication dialog from IIS.
Franc.
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 4:59:23 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hi Tom,
that's really the problem we are currently facing. As soon as we use one listener for Activesync, OMA and have FBA enabled on the ISA 2006 server, the issue occurs that's mentioned in this thread (unauthorized message and no FBA screen on Windows CE, but a FBA screen on Nokia E70 and normal desktops). When disabling the FBA on the isa server and passing through authentication to the exchange server itself then everything works. But that's not what we want, since we need ISA to authenticate on behalf of the exchange server.
Franc.
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 5:21:01 PM
|
|
|
tshinder
Posts: 47420
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Franc,
Is the User Agent field in the ISA Firewall's firewall log files showing "Windows CE" or something else?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Cannot publish OMA, EAS and OWA with only one listener - 24.Sep.2006 5:23:11 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hi Tom,
see my post earlier in this thread, where you asked me to lookup the user agent string.
Yes, it shows Windows CE.
Franc.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
