• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA 2007/ISA 2007 can't get past login page

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> OWA 2007/ISA 2007 can't get past login page Page: [1]
Login
Message << Older Topic   Newer Topic >>
OWA 2007/ISA 2007 can't get past login page - 16.Oct.2008 4:48:46 PM   
philgrad

 

Posts: 3
Joined: 16.Oct.2008
Status: offline
Hi, all.
We are running the following: 
ISA 2006 SP1 on Windows 2003
Exchange 2007 (Client Access) on Windows 2008
split DNS
SAN cert with the following subject alternative names
CAservername
CAservername.company.com
(internal DNS/FQDN)
owa.company.us (external DNS entry for OWA)** this is the primary SAN

FBA is disabled on the CA server.

I have published OWA as per the technet article.

From an external machine, I go to https://owa.company.us/exchange, and I get the login page.  When I put in domain\username and pass, it thinks for a bit, then brings me back to the login page.

On the ISA server, I can type the https://CAservername.company.com/exchange and OWA works perfectly.

Internal to the network, I can also access OWA properly as it works on the ISA server.  Using "https://owa.company.us/exchange" takes me out to the public interface on the ISA server, so I get the ISA-secured FBA login page.

Looking in the logs on the ISA server, this is the only hit on the OWA publishing rule that I see:

Denied Connection
Log type: Web Proxy (Reverse)
Status: 12232 The server denied the specified Uniform Resource Locator (URL)
Rule:  Outlook Web Access
Request:  GET http://owa.company.us/exchange
Protocol: https
User:  anonymous

If you look at the referenced rule, you can see that /exchange/* is explicitly allowed.  Any ideas?
Post #: 1
RE: OWA 2007/ISA 2007 can't get past login page - 17.Oct.2008 2:04:08 PM   
philgrad

 

Posts: 3
Joined: 16.Oct.2008
Status: offline
I think I have narrowed down the problem a bit.  Since OWA is working from the ISA server (connecting to the FQDN of the CA server via a hosts entry, which matches a line in the SAN cert), and you can get to the OWA login page from externally, it seems that this might be a bridging issue....

(in reply to philgrad)
Post #: 2
RE: OWA 2007/ISA 2007 can't get past login page - 17.Oct.2008 3:40:37 PM   
philgrad

 

Posts: 3
Joined: 16.Oct.2008
Status: offline
This is definitely a problem with ISA.  If I stop the Default Website on the Client Access Server, I get the SAME behavior in ISA.

The irritating part about this is testing the OWA publishing rule in ISA works properly.

(in reply to philgrad)
Post #: 3
RE: OWA 2007/ISA 2007 can't get past login page - 20.Sep.2011 7:26:35 PM   
schmidlap

 

Posts: 13
Joined: 8.Jul.2010
Status: offline
Hey dude, I am having the EXACT same problem with ISA 2006/Exchange 2003. Trying to publish OWA sitting behind a back to back ISA 2006 firewall DMZ. Did you ever get past this? I want to use the ISA form instead of the OWA so I disabled FBA on the Exchange server and use HTML form authentication on the back end ISA. I enter my credentials on that page and it just goes right back to that logon page.

(in reply to philgrad)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> OWA 2007/ISA 2007 can't get past login page Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts