When I enter https://email.company.com/owa either internally or externally it brings up a login box for ISA 2006, NOT OWA. If I use https://ipaddress/owa (internally) the OWA login appears. The SSL certificate on the listener is a public CA issued and is also defined on the Exchange server in IIS.
I have basically the same problem. I have two CAS servers that are published to the Internet via two different ISA 2006 servers. On one, I get the "Office Outlook Web Access" form, and on the other I get the "Internet Security & Acceleration Server 2006" form. Both ISA servers are at the same patch level, and I published Exchange on both using the wizard. I don't see any differences in the ISA servers.
The only difference being the "formdir=1" vs. "formdir=3." Does anyone know why this would redirect to the wrong form? Again, I published with the wizard in both cases, and I have looked at the publishing rules in detail and don't see any differences.
Posts: 108
Joined: 19.Aug.2004
From: US
Status: offline
From my experience I can only say that there are two absolutely crucial/critical things to make or break using SSL and forms authentication with OWA :
1. A properly formatted and installed certificate. EACH certificate MUST be setup for EXACTLY the address that people are going to enter to get to OWA either internally or externally. Your publishing rule MUST reflect this. For your situation you would need at least TWO totally separate certificates: one for the first server and one for the next. Each would be named https://email1.company.comhttps://email2.company.com. If you used the same certificate or have different ones but named them the same thing, I would guess that you would have the problem you are encountering.
2. A properly implemented SPLIT DNS infrastructure.
I THOUGHT I knew certificates and split dns but I didn't. I know it well enough now that I can install ISA and OWA at my company with confidence. I'm not a complete security expert or a total ISA expert, but knowing the answers to these two concepts totally solved my problem.
Maybe I'm crazy, but I don't see any way that DNS or SSL are involved in this. For the record, though, both are correctly configured. Each of my ISA servers publishes a different CAS server with a different external IP and hostname. Both sites work perfectly except that one ISA server uses the wrong login form.
I have basically the same problem. I have two CAS servers that are published to the Internet via two different ISA 2006 servers. On one, I get the "Office Outlook Web Access" form, and on the other I get the "Internet Security & Acceleration Server 2006" form. Both ISA servers are at the same patch level, and I published Exchange on both using the wizard. I don't see any differences in the ISA servers.
The only difference being the "formdir=1" vs. "formdir=3." Does anyone know why this would redirect to the wrong form? Again, I published with the wizard in both cases, and I have looked at the publishing rules in detail and don't see any differences.
It sounds to me like one ISA server is using the default ISA form and the other is using the Exchange form.
In addition to the actual publishing rule, you can define a custom form on the web listener. This settting will override the configuration on the actual publishing rule and is often missed first time around.
If you disable the custom form setting on the web listener, the custom form define on the pulishing rule will take over...
Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:
ORIGINAL: shekharsahab
Try this
Under User tab on your ISA server , select All Users , instead of Authenticted User .
NO!!!! - Not unless you want to completely lower your level of security by disabling ISA Server pre-authentication and allow anonymous access to your CAS servers!!!
I'm having the same issue - not sure why but the rule is redirecting to formdir=3 instead of formdir=1. If i manually change the value, the correct form loads up.
Just a suggestion: You may want to lookup (on this site) how to setup "Split DNS". Hope that helps! Charlie
No, it doesn't help Charlie. First of all, he clearly stated that both internal and external users use the exact same URL to reach the site. Obviously split DNS has already been implemented. He didn't ask for help on setting up split DNS. Please don't litter the threads with posts that are completely unrelated to the question at hand.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Login to ISA2006 not OWA 
Login to ISA2006 not OWA - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread