• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about article on publishing OWA and RPC/HTTP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Discussion about article on publishing OWA and RPC/HTTP Page: [1] 2 3 4   next >   >>
Login
Message << Older Topic   Newer Topic >>
Discussion about article on publishing OWA and RPC/HTTP - 16.Nov.2006 9:17:34 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Post #: 1
RE: Discussion about article on publishing OWA and RPC/... - 17.Nov.2006 5:04:13 PM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
Hi Tom,

I read your article about RPC/HTTP publishing, but I still have one issue. Outlook Web Access is working fine, but in Outlook I keep getting the error message that my Exchange server isn't available. Meanwhile, I can see in my ISA log a HTTP status code 64. What does this mean?

(in reply to tshinder)
Post #: 2
RE: Discussion about article on publishing OWA and RPC/... - 19.Nov.2006 11:44:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Linke,

How does your configuration deviate from the recommendations in the article?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Linke Loe)
Post #: 3
RE: Discussion about article on publishing OWA and RPC/... - 19.Nov.2006 1:51:44 PM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
I followed the steps in your article exactly, so there's no relevant difference with the recommandations except for the hostname and my domainname.

It could also be an issue with testing the configuration. I've been testing on a Windows server 2003 terminal server with Citrix and Outlook 2003. Tomorrow I will be testing on my own computer. I'll let you know...

(in reply to tshinder)
Post #: 4
RE: Discussion about article on publishing OWA and RPC/... - 19.Nov.2006 2:41:58 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Linke,

OK, maybe that's it. Let us know what happens when you try from a dedicated external host.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Linke Loe)
Post #: 5
RE: Discussion about article on publishing OWA and RPC/... - 20.Nov.2006 3:48:07 AM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
Unfortunately, on a dedicated external host (Windows XP SP2, Office 2007) I get the same error, indicating that my Exchange server may not be online. In my ISA server logs, I can see the same HTTP status code 64.

(in reply to tshinder)
Post #: 6
RE: Discussion about article on publishing OWA and RPC/... - 22.Nov.2006 6:29:41 AM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
I've done some more testing and found out that when I open https://owa.mydomainname.com/rpc I get redirected to the login form of Outlook Web Access. Is this normal behaviour?

(in reply to Linke Loe)
Post #: 7
RE: Discussion about article on publishing OWA and RPC/... - 22.Nov.2006 11:41:22 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Linke,

Check out the article series that completed yesterday, the last article in the series is on the top of the front page. Make sure that you have the rule configured as described in the series, and that all the certificates are named correctly and that the client is configured correctly.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Linke Loe)
Post #: 8
RE: Discussion about article on publishing OWA and RPC/... - 26.Nov.2006 11:15:44 AM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
As I wrote above, I followed all the steps in the articles exactly. My OWA is working fine, even with the new ISA 2006 login form and the possibility to change passwords. The problem is with Outlook. When I try to connect, I get a login box. I type my username and password, but I don't get connected. In my ISA log, I can see HTTP status code 64. I found another posting in this forum about this, but there's no adequate solution for it...

(in reply to tshinder)
Post #: 9
RE: Discussion about article on publishing OWA and RPC/... - 4.Dec.2006 11:01:37 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Linke,

The logging information in the ISA Firewall console is of no value in troubleshooting RPC/HTTP connections.

Are you using one or two Web Publishing Rules?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Linke Loe)
Post #: 10
RE: Discussion about article on publishing OWA and RPC/... - 5.Dec.2006 12:35:27 AM   
wingchan12

 

Posts: 3
Joined: 5.Dec.2006
Status: offline
Hi,
I have been following your article on publishing OWA and RPC/HTTP. There is no mention on /Exchange and /RPC virtual directory on Exchange server. Is it still relevant to set Require secure channel (SSL) on /Exchange and /RPC virtual directory under Secure communications inside Directory Security tab on Exchange IIS.

(in reply to tshinder)
Post #: 11
RE: Discussion about article on publishing OWA and RPC/... - 5.Dec.2006 10:51:27 AM   
sallbritton

 

Posts: 2
Joined: 27.Jan.2003
Status: offline
I am working on publishing OWA and RPC/HTTP with ISA 06 and Exchange 03.  I followed the great tutorial, but I seem to be stuck.  In my scenario, the ISA is a member of the domain.  I get the form for the login to OWA, but it seems as if it cannot authenticate me.  I run monitoring with the filter to watch that specific rule.  When I copy it and paste it to notepad, the following shows up

12239 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.

Any clues?
Thanks in advance.

(in reply to tshinder)
Post #: 12
RE: Discussion about article on publishing OWA and RPC/... - 5.Dec.2006 11:04:57 AM   
docxp

 

Posts: 4
Joined: 5.Dec.2006
Status: offline
Hi,

I think that i have the same problem.
The RPCoverHTTPS is working from internal network, but i get the "Error Code 64: Host not available " from external network (after i provide the username and password).
This drives me crazy, I've read all the forums, and searched everything with google.
I made a split DNS, the same address from Inside and Outside, listener only for HTTPS, forward basic authentication.
In the logging I see the "Failed Connection Atempt - anonymous" - isn't that strange as i provided the username & password?

All help will be greatelly apreciated!

_____________________________

Regards,
Marius.

(in reply to sallbritton)
Post #: 13
RE: Discussion about article on publishing OWA and RPC/... - 6.Dec.2006 6:21:40 PM   
strongbad

 

Posts: 14
Joined: 11.Jan.2005
Status: offline
Doctor: Thanks for the book and articles. I have read the 5 part series and before I go about attempting to implement this, I have a few questions:

1) Is ISA setup to perform FBA by the selection of "HTML Form Authentication" in the Web Listener Definiation Wizard? In this case will ISA will authenticate the user prior to passing any traffic to Exchange?

2) As a result of your numerous articles, postings, and book, I do not have any hangups that would prevent me from making ISA a domain member. Therefore,  should I elect to use Windows Authentication  in the web listener rather than LDAP?

3) I do not plan on publishing RPC over HTTP, but rather OWA and Activesync Direct Push. Is it true that ISA 2006 no longer has any issues with publishing both of these while using FBA and a single IP address? And if so, do I still need to use Basic Authentication on the web listener? (I'm guessing so!)

4) For the ActiveSync Direct Push on my mobile clients, I would have to somehow  import the Web Site certifiacte into these mobile phones, right?

Thanks for any input!

(in reply to docxp)
Post #: 14
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 12:10:34 PM   
sallbritton

 

Posts: 2
Joined: 27.Jan.2003
Status: offline
Since the ISA Server is a member of the domain, I changed the SSL Listener to authenticate via AD and now it seems to work.  Now to test the RPC/HTTP.

(in reply to sallbritton)
Post #: 15
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:24:07 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: wingchan12

Hi,
I have been following your article on publishing OWA and RPC/HTTP. There is no mention on /Exchange and /RPC virtual directory on Exchange server. Is it still relevant to set Require secure channel (SSL) on /Exchange and /RPC virtual directory under Secure communications inside Directory Security tab on Exchange IIS.


1. I'm assuming that the Exchange Server has been setup correctly

2. The Wizard will create the proper paths in the Web Publishing Rule

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to wingchan12)
Post #: 16
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:25:24 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: sallbritton

I am working on publishing OWA and RPC/HTTP with ISA 06 and Exchange 03.  I followed the great tutorial, but I seem to be stuck.  In my scenario, the ISA is a member of the domain.  I get the form for the login to OWA, but it seems as if it cannot authenticate me.  I run monitoring with the filter to watch that specific rule.  When I copy it and paste it to notepad, the following shows up

12239 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.

Any clues?
Thanks in advance.


Check the Event Viewer and the ISA Firewall's Alerts viewer to see if there are problems with the ISA Firewall contacting the AD.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to sallbritton)
Post #: 17
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:26:37 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: docxp

Hi,

I think that i have the same problem.
The RPCoverHTTPS is working from internal network, but i get the "Error Code 64: Host not available " from external network (after i provide the username and password).
This drives me crazy, I've read all the forums, and searched everything with google.
I made a split DNS, the same address from Inside and Outside, listener only for HTTPS, forward basic authentication.
In the logging I see the "Failed Connection Atempt - anonymous" - isn't that strange as i provided the username & password?

All help will be greatelly apreciated!


Hi Marius,

Make sure the client is seutp correctly too. The CA certificate on the client is often forgotten.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to docxp)
Post #: 18
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:32:40 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
1) Is ISA setup to perform FBA by the selection of "HTML Form Authentication" in the Web Listener Definiation Wizard? In this case will ISA will authenticate the user prior to passing any traffic to Exchange?
TOM: Yes, HTML form auth will give you FBA. If you require users to authenticate in the Web Publishing Rule, then the ISA Firewall performs pre-authentication.

2) As a result of your numerous articles, postings, and book, I do not have any hangups that would prevent me from making ISA a domain member. Therefore,  should I elect to use Windows Authentication  in the web listener rather than LDAP?
TOM: Very good! In this case, you don't need to use LDAP authentication and you can use Windows integrated authentication.

3) I do not plan on publishing RPC over HTTP, but rather OWA and Activesync Direct Push. Is it true that ISA 2006 no longer has any issues with publishing both of these while using FBA and a single IP address? And if so, do I still need to use Basic Authentication on the web listener? (I'm guessing so!)
TOM: That is true. ISA 2006 Firewalls will fall back to back auth for non-Web browser clients, so ActiveSync will work on the listener that has FBA enabled.

4) For the ActiveSync Direct Push on my mobile clients, I would have to somehow  import the Web Site certifiacte into these mobile phones, right?
TOM: You will need to import the CA certificate that issued the Web site certificate used on the Web listener into the mobile client's machine certificate store.
HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to strongbad)
Post #: 19
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 1:15:34 AM   
wingchan12

 

Posts: 3
Joined: 5.Dec.2006
Status: offline
Do we require to enable "Require secure channel (SSL)", under Directory Security on the virtual directory /Exchange and /RPC in IIS.

(in reply to tshinder)
Post #: 20

Page:   [1] 2 3 4   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Discussion about article on publishing OWA and RPC/HTTP Page: [1] 2 3 4   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts