Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OWA Publishing Problem?????
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OWA Publishing Problem????? - 27.Nov.2007 6:03:45 PM
|
|
|
mdbradsh
Posts: 29
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
|
Hi,
I am having trouble publishing OWA to my internal Exchange 2003 Server. I can access OWA just fine from clients on the internal network. But when I try from an external PC on the Internet, the connection fails and I get an ISA Server Alert saying there is a name mismatch between the publishing server certificate and the name of the internal server in the publishing rule? I have used the same name for the certificate (owa.xxxxx.net) and for the public name in the publishing rule, so I do not understand why I am getting this alert and failed connection? Please help!
|
|
|
|
|
RE: OWA Publishing Problem????? - 28.Nov.2007 11:16:42 PM
|
|
|
BBooth
Posts: 9
Joined: 22.Nov.2007
Status: offline
|
It sounds as tho ISA server is referencing your Exchange server as something other than what the exchange server's certificate says. I'm presuming here that your doing ssl to ssl bridging.
In your rule to publish OWA, the Server on the TO tab should have the same name as what the certificate the Exchange Server is presenting says.
If the Certificate on the Exchange server says "mail.internaldomain.com" then the ISA server must be able to reference it via that exact name. If required you can edit your HOSTS file in order to point at the correct IP address if there's no DNS entry for the name provided.
HTH,
Brendon
|
|
|
|
|
RE: OWA Publishing Problem????? - 29.Nov.2007 5:49:28 AM
|
|
|
tom1311
Posts: 3
Joined: 28.Nov.2007
Status: offline
|
Or another way: create a split-dns with an entry for the certificate-name which is pointing to the ip-address of the Exchange-Server.
There is a good split-dns-tutorial on this website I think.
Greetings,
Tom
|
|
|
|
|
RE: OWA Publishing Problem????? - 29.Nov.2007 5:00:59 PM
|
|
|
mdbradsh
Posts: 29
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
|
Thank you Brendon and Tom,
I appeciate your replies. I have tried to set up my split DNS as described in your Split DNS article Tom. I am running a 3-leg perimeter network with a dynamic IP so it is somewhat difficult to set up DNS exactly as you described. But actually, I finally got this working by redefining my publishing rule and ensuring I used the same name in the "To" as on the certificate and public name. It works very well and so far I have been able to access OWA from any computer on the internet I've tried from. However, internal network users just get the standard small login box when acessing OWA. But get the "OWA Form" login page when accessing from the internet, even though I unchecked that option from the exchange manager? I was expecting to get an ISA Server Form log in? It does work now though so I'm very thankful for that. The form thing is not a big deal as long as it works. Any ideas on that?
Thank you both again for your replies. I was really lost on this one.
|
|
|
|
|
RE: OWA Publishing Problem????? - 29.Nov.2007 6:53:57 PM
|
|
|
BBooth
Posts: 9
Joined: 22.Nov.2007
Status: offline
|
Hi MDB,
First congrats on getting it working, I know the relief this brings after so much frustration.
As for the forms problems you're experiencing, I believe this is the reason.
Internally, your users are using the OWA on the Exchange server for their mail, which is set to Basic Authentication (due to the instructions followed and also this is required).
Externally, your users are accessing the OWA published through ISA which is set to Forms Based Authentication, which is providing them with the nice graphics based one.
In order for your internal users to receive the same form, they'll need to access OWA through a new rule on the ISA server, which can be difficult to set up due to certificates that have been shared around.
A quick rundown of this would be:
Create a certificate (if you're using a key infrastructure in your domain) with the name you wish internal users to connect to.
Set up a new listener for https on the internal ISA address with this new certificate.
This listener should have Forms Based Authentication selected.
Create a new rule identical to your external rule except it should use the new listener and also in the Path tab, make sure the name on the certificate is in here.
Add a DNS entry to point to the new name on the certificate ISA's using internally.
This should allow your internal users to access OWA through the ISA server using the pretty forms based authentication and without any Certificate mismatch warnings.
In my opinion, if you don't have the time to work on it, just tell the users to be happy with the basic authentication :-) It does very much the same job, just doesn't look as pretty.
HTH,
Brendon
|
|
|
|
|
RE: OWA Publishing Problem????? - 29.Nov.2007 8:05:47 PM
|
|
|
mdbradsh
Posts: 29
Joined: 22.Jul.2006
From: Indianapolis
Status: offline
|
Thanks much Brendon! No one is complaining. They are just happy to be able to access their email from anywhere, as am I. I'm just being a bit picky about the log in, so, I will probably give your instructions a try. Thank you again. I do appreciate your help and hope I can return the favor some day.
|
|
|
|
|
RE: OWA Publishing Problem????? - 29.Nov.2007 8:12:29 PM
|
|
|
BBooth
Posts: 9
Joined: 22.Nov.2007
Status: offline
|
No worries. I just hope my explaination and instructions make some sense.. If not feel free to reply and i'll have another go at it :-)
Good luck and let us know how you go.
Cheers,
Brendon
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
