Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
ISA2006 with WSS 3.0 and FBA.....
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
ISA2006 with WSS 3.0 and FBA..... - 11.Jan.2007 10:59:20 AM
|
|
|
dEjAvU23
Posts: 3
Joined: 8.May2006
Status: offline
|
Hi all,
First of all: This site is a must for ISA engineers! Thanks!
I've got a problem with the publishing our internal sharepoint webportal to the outside, to the external network (internet).
Environment:
-ISA2006, Windows2003SP1
-WSS3.0, Windows2003SP1
(We allready have a good working FBA for OWA, which is configured on the same way...) Both products are installed on a seperate server.
The steps:
1. Make wss3.0 https and import it on the ISA server
To setup the https part I followed the article about the OWAFBA (http://www.isaserver.org/tutorials/2004owafba.html).
2. Create publishing rule (specific sharepoint rule) en listener
The only thing that I did different was the last part, I selected the 'Publish SharePoint Sites' option in ISA. In WSS3.0 I configured alternate access mapping to allow the external name to be valid to connect with.
3. Test it from the outside
Internally I can access my webportal (direct with the external FQDN of the website, and with bypassing the proxy), but from the outside I get till the form, but when I try to login I get the following message:
Error Code: 500 Internal Server Error. An internal error occurred. (1359)
I hope you guys can help me out, I've been testing for a week now and still no results..... Thanks!
Regards,
Marcel
< Message edited by dEjAvU23 -- 11.Jan.2007 11:01:00 AM >
|
|
|
|
|
RE: ISA2006 with WSS 3.0 and FBA..... - 12.Jan.2007 8:53:49 AM
|
|
|
dEjAvU23
Posts: 3
Joined: 8.May2006
Status: offline
|
Hi all,
Can nobody help me???? Am I the only one who's facing this problem?
Thanks!
Regards,
Marcel
|
|
|
|
|
RE: ISA2006 with WSS 3.0 and FBA..... - 17.Jan.2007 11:56:45 AM
|
|
|
dEjAvU23
Posts: 3
Joined: 8.May2006
Status: offline
|
Hi all,
A reboot sometimes solves a lot :-) I get another error now:
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
I hope someone can help me out!
Thanks,
Marcel
|
|
|
|
|
RE: ISA2006 with WSS 3.0 and FBA..... - 28.Oct.2007 10:02:35 PM
|
|
|
cliffnelson
Posts: 2
Joined: 24.Oct.2007
Status: offline
|
Hi Dejavu23,
I am facing a similar issue.
MOSS2007 on 2003 server
ISA 2006
I have published an internal site with both default (NTLM) and internet (NTLM) zones and adjusted AAM to connect the internat zone.
the app pool and both zones are enabled for anonymous access.
the sites both load as anonymous user, however, here is where the issue starts for me.
the anonymous user trying to log-in from the default zone triggers the NTLM login and all works well, (direct access, bypass ISA)
the anonymous user trying to log-in from the internet zone results in a 403 error, denied by the publishing rule, no good information in the logs.
I have tried FBA, SSO (ISA), basic authentication, posting to this board, and still no joy.
Please let me know if you have any ideas.
regards,
Cliff Nelson
|
|
|
|
|
RE: ISA2006 with WSS 3.0 and FBA..... - 7.Dec.2007 7:52:19 AM
|
|
|
mlindqvist
Posts: 10
Joined: 8.Nov.2007
Status: offline
|
Hey there,
I've done the following and it works for me (remember that the steps are pretty much from my head):
1. Alternate Access Mapping - Configured alternate access mapping to allow the external name to be valid to connect with. I even use a CNAME internally as well, intranet.domain.local.
2. Certificates - I've made 2 SSL Web certificates, one for internal use, one for external use, both using FQDN (external.domain.com and intranet.domain.local).
I also exported both certificates to the ISA server, then went into the Certificate MMC on ISA->Computer Account. Went to Personal->Right Click->All tasks/Import. I also copied this imported certificate to Trusted Root Certificate Authority.
After this I browsed the https://intranet.domain.local just to make sure that the ISAserver accepts the SSL cert (applies on self generated SSL cert, i.e. via own ROOTCA or SelfSSL, if bought from known SSL authorization, Verisign,Thawte this shouldn't be necessary).
3. Did the Publish SharePoint Sites wizard according to the following steps:
Publish single Web site or load balancer.
Use SSL to connect to the published web server or server farm.
Internal site name: intranet.domain.local
Public name: external.domain.com
Created a new Web listener
Network: External / and specific outside IP
Connections: Enable SSL
Certificate: extranet.domain.com certificate
Authentication: HTML Form Authentication ->Advanced Auth Opt/Domain name: domain (netbios name for your AD domain)
Forms: Default (nothing changed)
SSO: Default (not enabled)
Authentication Delegation: NTLM
Alternate Access Mapping: SharePoint AAM is Already configured
User Sets: All AuthUsers->Finish
Go back and edit the Rule (To tab) and do the following:
This rule applies to this published site: external.domain.com
Computer name (internal): intranet.domain.local
Uncheck Forward original hostheader...
If you from an external IP/network go to the external FQDN (external.domain.com) you should now be presented with an ISA 2006 Forms Based Authentication site for the SharePoint environment.
Hope this helps!
My problem now lies when trying to use Kerberos Constrained Delegation instead of NTLM to try to evade the Double-Hop issue with some SharePoint Webparts (webservices in general I guess) where it simply ends with a 403 Forbidden (12202).
< Message edited by mlindqvist -- 7.Dec.2007 8:00:24 AM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
