Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
IAS error 5052 when trying to run OWA thru ISA Server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
IAS error 5052 when trying to run OWA thru ISA Server - 26.Aug.2008 11:15:15 AM
|
|
|
Glynixx
Posts: 2
Joined: 26.Aug.2008
Status: offline
|
Hi all.
I have a test lab setup with a ISA server, a front end exchange server (for owa), a back end exchange server, and a domain controller running IAS and DNS.
I have owa published thru ISA. When I connect to the website I am able to launch OWA if I put in my credentials in UPN format: ie. glynixx@mydomain.us
However, if I try to login in as:
mydomain.us\glynixx
I am unable to log in. I get the following on the domain controller running IAS:
Event id: 3
Access request for user mydomain.US\glynixx was discarded.
Fully-Qualified-User-Name = mydomain.US\glynixx
NAS-IP-Address = 172.16.1.111
NAS-Identifier = <not present>
Called-Station-Identifier = <not present>
Calling-Station-Identifier = <not present>
Client-Friendly-Name = CTDCMVST51
Client-IP-Address = 172.16.1.111
NAS-Port-Type = <not present>
NAS-Port = 443
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server = <undetermined>
Reason-Code = 6
Reason = The server is unavailable.
I also get another error:
event id: 5052
There is no domain controller available for domain mydomain.us.
When I do nslookup as outlined in a MS article all looks good. I did have to put in a reverse dns zone and that got rid of the following error:
*** Can't find server name for address 172.16.1.36: Non-existent domain
Default Server: UnKnown
Address: 172.16.1.36
1.
On your DNS, click Start, and then click Run.
2.
In the Open box, type cmd.
3.
Type nslookup, and then press ENTER.
4.
Type set type=all, and then press ENTER.
5.
Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain, and then press ENTER.
Any help would be really appreciated.
Thank you!
|
|
|
|
|
RE: IAS error 5052 when trying to run OWA thru ISA Server - 26.Aug.2008 12:38:25 PM
|
|
|
Jason Jones
Posts: 2154
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
Why are you using IAS for authentication - is ISA Server not a domain member?
If not, you should really look at LDAP authentication, but making ISA a domain member is the recommended approach if you can...
Cheers
JJ
< Message edited by Jason Jones -- 26.Aug.2008 12:39:31 PM >
_____________________________
Jason Jones (MVP)
Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/
Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: IAS error 5052 when trying to run OWA thru ISA Server - 26.Aug.2008 1:11:13 PM
|
|
|
Glynixx
Posts: 2
Joined: 26.Aug.2008
Status: offline
|
Hi JJ. thanks for getting back to me so quickly.
Here's how we currently have it designed (and maybe it is the wrong approach, we are new to ISA so any help is apprecaited).
We have the FE and BE exchange servers in the domain with the dc. The ISA server was going to sit out in front in the dmz so it would not be part of the domain.
Here are the options we came up with for authentication:
1. We would use IAS to authenticate users if possible so we can only open up 1812 and maybe one other port for authentication, or
2. Use the Windows (Active Directory) authentication (I guess we could use ldap if you think that is the way to go).
We liked the IAS approach because, on the ISA server, we could use 1 NIC for the external and use one for the internal but keep it on a separate vlan and put in an access list to only allow it to talk to the IAS server (and the owa server).
With the Windows (AD) auth approach, we were worried about having to open up way too many ports or possibly putting the internal nic on the same vlan as the exchange front end server for authentication (since we think that is where the ISA server will send users to get authenticated (please tell me I'm right on this one =) ).
Thanks a ton!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
