Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Front-end Exchange in DMZ publishing EAS/OMA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Front-end Exchange in DMZ publishing EAS/OMA Page: [1]
Login
Message << Older Topic   Newer Topic >>
Front-end Exchange in DMZ publishing EAS/OMA - 4.Nov.2006 5:00:58 AM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Hello Everyone,

We have the following situation:

2 x ISA Server 2006 EE 3 leg situation. 1 external NIC, 1 dmz (private ip adresses) NIC, 1 internal NIC and all with NLB.

1 x Windows 2003 Server with Virtual Server 2005R2 on this machine:
  •  Windows 2003 Srv std with Exchange 2003 SP2 configured as Front-End server with NIC connected to the DMZ network.
  • Windows 2003 Srv std for Public DNS with NIC connected to the DMZ network.
  • Windows 2003 Srv std for Public Certsrv with NIC connected to the DMZ network


1 x Exchange 2003 SP2 Back-End server in the internal corporate network.

I have made a Listener for RPC/AES/OMA and aan Exchange Publishing rule to the Front-End exchange server. But it's not working on my PDA i get the error HTTP 500 and in the event log of the Front-End Exchange Server i get a Event id error 3005 and something about HTTP Error status 400.


Event Type: Error
Event Source: Server ActiveSync
Event Category: None
Event ID: 3005
Date:  11/3/2006
Time:  3:28:05 PM
User:  Domain\UserName1
Computer: Frond-end Server
Description:
Unexpected Exchange mailbox Server error: Server: [back-end.server.com] User: [username1@server.com] HTTP status code: [400]. Verify that the Exchange mailbox Server is working correctly.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


I also made a rule for the Front-End to Domain Controllers communication. And a rule for Front-End to Back-End Communication en Back-End to Front-End (Push of SP2).

When i change the Exchange Publishing rule to point to the Back-End Exchange Server i can Sync with my PDA. But when the Rule is pointing to the Front-End it's not working and getting the above errors.

Hope can help some one.

_____________________________

Greeting from
André van den Berg.
Post #: 1
RE: Front-end Exchange in DMZ publishing EAS/OMA - 4.Nov.2006 11:54:23 AM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		The 500 error suggests that there might be a cert problem.

If OWA is working, then focus your attention on the Exchange Servers, as its unlikely to be the ISA Firewall's fault.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to aavdberg)
Post #: 2
RE: Front-end Exchange in DMZ publishing EAS/OMA - 4.Nov.2006 12:54:53 PM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Hi Tom,

I double checked the cert's on the Front-End en the Back-End and the two ISA Servers and they are al the same.

When i login on the Front-End server in de DMZ and do OWA to the Back-End server with HTTPS it's working. When i the the same with http i get the following error:

Error Code: 400 Bad Request. The data is invalid. (13)

_____________________________

Greeting from
André van den Berg.

(in reply to aavdberg)
Post #: 3
RE: Front-end Exchange in DMZ publishing EAS/OMA - 4.Nov.2006 1:08:17 PM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Hi tom,

I turned off the Show Frienly error in IE and now i get the following error:

Bad Request (Invalid Verb)

_____________________________

Greeting from
André van den Berg.

(in reply to aavdberg)
Post #: 4
RE: Front-end Exchange in DMZ publishing EAS/OMA - 9.Nov.2006 10:51:46 AM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Is FBA enabled on the FE Exchange Server? If so, turn that off and see if it works.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to aavdberg)
Post #: 5
RE: Front-end Exchange in DMZ publishing EAS/OMA - 10.Nov.2006 4:16:23 PM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Hello Tom,

FBA is not enabled on the Front-End Exchange Server.

_____________________________

Greeting from
André van den Berg.

(in reply to tshinder)
Post #: 6
RE: Front-end Exchange in DMZ publishing EAS/OMA - 11.Nov.2006 11:55:28 AM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andre,

OH! SSL to HTTP bridging not working? I guess I would consider that good, since it's unsecure.

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to aavdberg)
Post #: 7
RE: Front-end Exchange in DMZ publishing EAS/OMA - 11.Nov.2006 12:16:18 PM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Hello Tom,

On the ISA Servers made a Listener with the following setting.

Networks: External

Connections: Enable SSL (HTTPS) connections on port: 443

Certificates: Assign a certificate for this web listener:
IP Address: correct ip
Network External
Server Virtual IP
Certificate: correct certificate

Authentication: Cleint Authentication Method
HTML Form Authentication
Authentication Validation Method: Windows (Active Directory)

Form: Everything standard

SSO: Enabled

SSO Domains: correct domain



_____________________________

Greeting from
André van den Berg.

(in reply to tshinder)
Post #: 8
RE: Front-end Exchange in DMZ publishing EAS/OMA - 13.Nov.2006 3:48:41 PM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andre,

Are you using SSL to SSL bridging? That is to say, SSL from the ISA Firewall to the published Web site?

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to aavdberg)
Post #: 9
RE: Front-end Exchange in DMZ publishing EAS/OMA - 14.Nov.2006 2:50:25 PM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Do you mean tab Bridging?

There is selected: Redirect Request to Port : 443


_____________________________

Greeting from
André van den Berg.

(in reply to tshinder)
Post #: 10
RE: Front-end Exchange in DMZ publishing EAS/OMA - 1.Dec.2006 9:34:46 AM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andre,

What are the details of your Web Publishing Rule?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to aavdberg)
Post #: 11
RE: Front-end Exchange in DMZ publishing EAS/OMA - 1.Dec.2006 2:40:39 PM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Hello Tom,

Here are the screens of the Exchange Web Client Access Publishing Rule.

http://www.familie-berg.org/ExterneNieuws/isaserver.aspx

< Message edited by aavdberg -- 1.Dec.2006 2:42:16 PM >

_____________________________

Greeting from
André van den Berg.

(in reply to tshinder)
Post #: 12
RE: Front-end Exchange in DMZ publishing EAS/OMA - 3.Dec.2006 10:44:41 AM   
tshinder

 

Posts: 47408
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Andre,

The name on the TO tab isn't an IP address or FQDN. You need an actual IP address or FQDN there.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to aavdberg)
Post #: 13
RE: Front-end Exchange in DMZ publishing EAS/OMA - 3.Dec.2006 10:48:15 AM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Tom i know i put something there when i made a screen dump but in real there is the FQDN of the Front-End Exchange server in the dmz.

_____________________________

Greeting from
André van den Berg.

(in reply to tshinder)
Post #: 14
RE: Front-end Exchange in DMZ publishing EAS/OMA - 27.Dec.2006 8:50:10 AM   
aavdberg

 

Posts: 32
Joined: 30.Jul.2004
From: The Netherlands
Status: offline 		Hello Tom,

Solved the problem, i think that it had to do with virus scanner.

_____________________________

Greeting from
André van den Berg.

(in reply to aavdberg)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Front-end Exchange in DMZ publishing EAS/OMA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts