Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Discussion about article on publishing OWA and RPC/HTTP
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about article on publishing OWA and RPC/... - 17.Nov.2006 5:04:13 PM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
Hi Tom,
I read your article about RPC/HTTP publishing, but I still have one issue. Outlook Web Access is working fine, but in Outlook I keep getting the error message that my Exchange server isn't available. Meanwhile, I can see in my ISA log a HTTP status code 64. What does this mean?
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 19.Nov.2006 1:51:44 PM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
I followed the steps in your article exactly, so there's no relevant difference with the recommandations except for the hostname and my domainname.
It could also be an issue with testing the configuration. I've been testing on a Windows server 2003 terminal server with Citrix and Outlook 2003. Tomorrow I will be testing on my own computer. I'll let you know...
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 20.Nov.2006 3:48:07 AM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
Unfortunately, on a dedicated external host (Windows XP SP2, Office 2007) I get the same error, indicating that my Exchange server may not be online. In my ISA server logs, I can see the same HTTP status code 64.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 22.Nov.2006 6:29:41 AM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
I've done some more testing and found out that when I open https://owa.mydomainname.com/rpc I get redirected to the login form of Outlook Web Access. Is this normal behaviour?
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 22.Nov.2006 11:41:22 AM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Linke,
Check out the article series that completed yesterday, the last article in the series is on the top of the front page. Make sure that you have the rule configured as described in the series, and that all the certificates are named correctly and that the client is configured correctly.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 26.Nov.2006 11:15:44 AM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
As I wrote above, I followed all the steps in the articles exactly. My OWA is working fine, even with the new ISA 2006 login form and the possibility to change passwords. The problem is with Outlook. When I try to connect, I get a login box. I type my username and password, but I don't get connected. In my ISA log, I can see HTTP status code 64. I found another posting in this forum about this, but there's no adequate solution for it...
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 4.Dec.2006 11:01:37 AM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Linke,
The logging information in the ISA Firewall console is of no value in troubleshooting RPC/HTTP connections.
Are you using one or two Web Publishing Rules?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 5.Dec.2006 12:35:27 AM
|
|
|
wingchan12
Posts: 3
Joined: 5.Dec.2006
Status: offline
|
Hi,
I have been following your article on publishing OWA and RPC/HTTP. There is no mention on /Exchange and /RPC virtual directory on Exchange server. Is it still relevant to set Require secure channel (SSL) on /Exchange and /RPC virtual directory under Secure communications inside Directory Security tab on Exchange IIS.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 5.Dec.2006 10:51:27 AM
|
|
|
sallbritton
Posts: 2
Joined: 27.Jan.2003
Status: offline
|
I am working on publishing OWA and RPC/HTTP with ISA 06 and Exchange 03. I followed the great tutorial, but I seem to be stuck. In my scenario, the ISA is a member of the domain. I get the form for the login to OWA, but it seems as if it cannot authenticate me. I run monitoring with the filter to watch that specific rule. When I copy it and paste it to notepad, the following shows up
12239 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.
Any clues?
Thanks in advance.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 5.Dec.2006 11:04:57 AM
|
|
|
docxp
Posts: 4
Joined: 5.Dec.2006
Status: offline
|
Hi,
I think that i have the same problem.
The RPCoverHTTPS is working from internal network, but i get the "Error Code 64: Host not available " from external network (after i provide the username and password).
This drives me crazy, I've read all the forums, and searched everything with google.
I made a split DNS, the same address from Inside and Outside, listener only for HTTPS, forward basic authentication.
In the logging I see the "Failed Connection Atempt - anonymous" - isn't that strange as i provided the username & password?
All help will be greatelly apreciated!
_____________________________
Regards,
Marius.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 6.Dec.2006 6:21:40 PM
|
|
|
strongbad
Posts: 13
Joined: 11.Jan.2005
Status: offline
|
Doctor: Thanks for the book and articles. I have read the 5 part series and before I go about attempting to implement this, I have a few questions:
1) Is ISA setup to perform FBA by the selection of "HTML Form Authentication" in the Web Listener Definiation Wizard? In this case will ISA will authenticate the user prior to passing any traffic to Exchange?
2) As a result of your numerous articles, postings, and book, I do not have any hangups that would prevent me from making ISA a domain member. Therefore, should I elect to use Windows Authentication in the web listener rather than LDAP?
3) I do not plan on publishing RPC over HTTP, but rather OWA and Activesync Direct Push. Is it true that ISA 2006 no longer has any issues with publishing both of these while using FBA and a single IP address? And if so, do I still need to use Basic Authentication on the web listener? (I'm guessing so!)
4) For the ActiveSync Direct Push on my mobile clients, I would have to somehow import the Web Site certifiacte into these mobile phones, right?
Thanks for any input!
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 12:10:34 PM
|
|
|
sallbritton
Posts: 2
Joined: 27.Jan.2003
Status: offline
|
Since the ISA Server is a member of the domain, I changed the SSL Listener to authenticate via AD and now it seems to work. Now to test the RPC/HTTP.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:24:07 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: wingchan12
Hi,
I have been following your article on publishing OWA and RPC/HTTP. There is no mention on /Exchange and /RPC virtual directory on Exchange server. Is it still relevant to set Require secure channel (SSL) on /Exchange and /RPC virtual directory under Secure communications inside Directory Security tab on Exchange IIS.
1. I'm assuming that the Exchange Server has been setup correctly
2. The Wizard will create the proper paths in the Web Publishing Rule
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:25:24 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: sallbritton
I am working on publishing OWA and RPC/HTTP with ISA 06 and Exchange 03. I followed the great tutorial, but I seem to be stuck. In my scenario, the ISA is a member of the domain. I get the form for the login to OWA, but it seems as if it cannot authenticate me. I run monitoring with the filter to watch that specific rule. When I copy it and paste it to notepad, the following shows up
12239 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.
Any clues?
Thanks in advance.
Check the Event Viewer and the ISA Firewall's Alerts viewer to see if there are problems with the ISA Firewall contacting the AD.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:26:37 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: docxp
Hi,
I think that i have the same problem.
The RPCoverHTTPS is working from internal network, but i get the "Error Code 64: Host not available " from external network (after i provide the username and password).
This drives me crazy, I've read all the forums, and searched everything with google.
I made a split DNS, the same address from Inside and Outside, listener only for HTTPS, forward basic authentication.
In the logging I see the "Failed Connection Atempt - anonymous" - isn't that strange as i provided the username & password?
All help will be greatelly apreciated!
Hi Marius,
Make sure the client is seutp correctly too. The CA certificate on the client is often forgotten.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 7.Dec.2006 1:32:40 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
1) Is ISA setup to perform FBA by the selection of "HTML Form Authentication" in the Web Listener Definiation Wizard? In this case will ISA will authenticate the user prior to passing any traffic to Exchange?
TOM: Yes, HTML form auth will give you FBA. If you require users to authenticate in the Web Publishing Rule, then the ISA Firewall performs pre-authentication.
2) As a result of your numerous articles, postings, and book, I do not have any hangups that would prevent me from making ISA a domain member. Therefore, should I elect to use Windows Authentication in the web listener rather than LDAP?
TOM: Very good! In this case, you don't need to use LDAP authentication and you can use Windows integrated authentication.
3) I do not plan on publishing RPC over HTTP, but rather OWA and Activesync Direct Push. Is it true that ISA 2006 no longer has any issues with publishing both of these while using FBA and a single IP address? And if so, do I still need to use Basic Authentication on the web listener? (I'm guessing so!)
TOM: That is true. ISA 2006 Firewalls will fall back to back auth for non-Web browser clients, so ActiveSync will work on the listener that has FBA enabled.
4) For the ActiveSync Direct Push on my mobile clients, I would have to somehow import the Web Site certifiacte into these mobile phones, right?
TOM: You will need to import the CA certificate that issued the Web site certificate used on the Web listener into the mobile client's machine certificate store.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 1:15:34 AM
|
|
|
wingchan12
Posts: 3
Joined: 5.Dec.2006
Status: offline
|
Do we require to enable "Require secure channel (SSL)", under Directory Security on the virtual directory /Exchange and /RPC in IIS.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
