Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OWA again
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OWA again - 29.Jan.2008 7:35:53 PM
|
|
|
Geoffs
Posts: 4
Joined: 29.Jan.2008
Status: offline
|
There seems to be several OWA threads, so my apologies for starting another.
I have an SBS2003 server with 2 network adapters - one connected to the internet router (192.168.1.x), the other to the local network (192.168.50.x). I have run the CEICW and it creates all the rules in ISA, including one for OWA, but it doesn't work. ("internet explorer cannot display the webpage"). OWA works internally, but not externally.
If I reconfigure the server (including ISA) so that it is using a single network adapter all is well and I can use OWA from anywhere.
I am assuming there is configuration required in addition to the CEICW, but VPN connections via ISA work perfectly, and client pcs on the local network can all access the internet, so I can't see that there can be too much wrong.
Any advice very gratefully received - the MD is getting very impatient!
|
|
|
|
|
RE: OWA again - 29.Jan.2008 9:07:18 PM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
Hi,
As you mentioned it may be a publishing rule issue and any combination of things. Are you using a FQDN to access the OWA server publicly or by an IP? If it’s working through a single NIC scenario I would imagine it’s how your rule is configured. Running CEICW doesn’t necessarily mean it’s going to be configured right.
If you can share (in a general way) how the interfaces were configured and particularly the Web publishing rule specifics, that would be a good start.
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: OWA again - 30.Jan.2008 1:28:21 PM
|
|
|
Geoffs
Posts: 4
Joined: 29.Jan.2008
Status: offline
|
External nic:
IP: 82.xxx.xxx.194 (static address provided by ISP)
sm: 255.0.0.0
DG: 82.xxx.xxx.193
DNS: 192.xxx.xx.202 (SBS server IP)
LAN nic:
IP: 192.xxx.xx.202
sm: 255.255.255.0
No default gateway
DNS: 192.xxx.xx.202
OWA Web Publishing rule (created by CEICW)
Allow: HTTP & HTTPS
From: SBS Web listener
To: Publishing.domain.local
All Users
SBS Web Listener:
External networks
Http (80) & SSL (443)
Am I right in thinking it's not acertificate issue, because if it were I'd actually get a certificate error, not plain old "page cannot be displayed"? I don't think it's even getting that far.
Thanks again.
|
|
|
|
|
RE: OWA again - 30.Jan.2008 7:22:44 PM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
quote:
External nic:
IP: 82.xxx.xxx.194 (static address provided by ISP)
sm: 255.0.0.0
DG: 82.xxx.xxx.193
DNS: 192.xxx.xx.202 (SBS server IP)
Problem #1 DNS on the External NIC!
Please read the article below on how to properly configure your ISA NIC’s.
http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
quote:
OWA Web Publishing rule (created by CEICW)
Allow: HTTP & HTTPS
From: SBS Web listener
To: Publishing.domain.local
All Users
If DNS is not configured properly you’re going to have a problem. My guess is that it’s not. The TO: tab in the publishing rule properties would be the most critical. There are several options that when set affect how the requests are forwarded to the published server. Not having a proper, well configured “Split DNS” infrastructure is the big reason for publishing failures. Adding Certificates to the mix, then it’s imperative to be running a “Split DNS” When you get your NIC’s configured properly we can tackle the Publishing rule.
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: OWA again - 31.Jan.2008 2:49:12 AM
|
|
|
Geoffs
Posts: 4
Joined: 29.Jan.2008
Status: offline
|
OK, will go through the config later.
Thanks.
|
|
|
|
|
RE: OWA again - 31.Jan.2008 2:11:28 PM
|
|
|
Rotorblade
Posts: 963
Joined: 27.Feb.2007
Status: offline
|
quote:
External nic:
IP: 82.xxx.xxx.194 (static address provided by ISP)
The above is the bigger problem. Having the static 82.x.x.x network assigned to the External NIC would be incorrect if the ISA's External network (Internet router side of the ISA) is in the 192.168.1.x network based on the information that you gave. You're NAT'd back to the ISA's external interface which means it needs to be in the same network as the routers GW. The static needs to be either assigned to the Internet router's WAN interface and ported back to the ISA's external assigned IP or the DSL router needs to be configured in bridging mode.
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
RE: OWA again - 6.Feb.2008 3:33:15 PM
|
|
|
Geoffs
Posts: 4
Joined: 29.Jan.2008
Status: offline
|
Sorry for the slow reply...
I can't change any of the router settings - it's a managed device supplied by the ISP, and is password protected. I can't change the NIC config until I'm on site in a day or so - I have remote access, but I think it's a fair bet that if I change anything remotely I'll cut myself off....
Thanks for the advice so far.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
