Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OWA hangs at logon screen (Forms-based authentication)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OWA hangs at logon screen (Forms-based authentication) - 28.Mar.2006 11:14:14 PM
|
|
|
GregorSuster
Posts: 6
Joined: 22.Sep.2004
Status: offline
|
Hi.
I'm trying to solve this OWA publishing problem:
There is an ISA Server 2004, SP2, with 2x NIC (internal and external). MS Exchange is on another internal server. Users can access owa over https from internal network without a problem, but when they try to access mailbox from external address they get:
1. Security alert (because of the certificate)
2. OWA/ISA logon screen (Forms-based)
3a. When they enter correct U&P "OWA hangs". All they see is running progress bar and "Opening page https://owa.server.com/cookieauth.dll?Logon..."
3b. When they enter wrong U&P the get "You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again."
So, the number 3a is my problem. Any idea?
Some background:
- Publishing rule worked before SP2, but at that time I also added a NIC into the machine and did some reconfiguring.
- Results of ISA logging:
External IP = <external client IP>
Internal IP = <internal OWA IP>
Destination = 443
Protocol = https
Action = Allowed Connection
Rule = [Ext] Owa
Client Username = <domain>\<UN>
Source network = External
HTTP Method = GET
URL = http://owa.server.com:443/exchange
Any idea?
Regards, Greg.
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 30.Mar.2006 4:57:51 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Greg,
OK, some things to try:
1. Run the ISA firewall BPA on your firewall to see if the certificates are configured correctly
2. What is the exact name on the Public Name tab?
3. What is the exact name on the "To" tab?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 31.Mar.2006 11:39:10 AM
|
|
|
GregorSuster
Posts: 6
Joined: 22.Sep.2004
Status: offline
|
Hi Thomas,
1. BPA did not find any errors, just that MTU is disabled.
2. Public name = owa.server.com
3. To = owa.server.com (*)
(*) Server.com is in fact another domain, but owa.domain.com is registered in ISP's DNS. On ISA I use hosts file to "redirect" owa.domain.com to internal IP address of the Exchange server. And there is also an alias owa.domain.com in Internal DNS, because hostname of the Exchange server is not Owa.
I saw also, that other people had the same problem. When I talked to "dwd", he told me that he reformated the server, reinstalled ISA and from that moment Owa works fine, but i'm not very exited about the idea. :-)
http://forums.isaserver.org/m_2002006295/mpage_1/key_/tm.htm#2002006295
Regards, Greg.
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 2.Apr.2006 2:14:38 PM
|
|
|
GregorSuster
Posts: 6
Joined: 22.Sep.2004
Status: offline
|
O, sorry.
I've sent you PM with extact information and with UN & PWD, so you can test it on you own if you like.
Regards, Greg.
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 8.Apr.2007 6:43:33 PM
|
|
|
Sot
Posts: 18
Joined: 6.Sep.2002
From: East Timor
Status: offline
|
hello there,
i am experiencing exactly the same problem. i have gone through your discussion here; but no solution is yet to offer.
Here is my configuration:
1. One separated DC server
2. One ISA 2006 server (two NICs, external(public ip) and internal(private ip) nics)
3. One exchange server 2003 with CA installed
my outlook 2003 mapi client seems to work fine through the internet using rpc/https protocol; but i could not make owa published successfully.
The Office Outlook Web Access form appeared properly; but whenever i type in domain\username and password, it stay there for at least 5 minutes and display in web browser status bar as https://mail.mopf.gov.tl/CookieAuth.dll?Logon... once the time has expired it produced message "
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
Technical Information (for support personnel)
Error Code: 500 Internal Server Error. The number of HTTP requests per minute exceeded the configured limit. Contact the server administrator. (12219)
"
your advice would be very much appreciated.
sincerely,
Sot
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 11.Apr.2007 3:39:57 AM
|
|
|
Sot
Posts: 18
Joined: 6.Sep.2002
From: East Timor
Status: offline
|
go to exchange server and disable the form-base authentication. this works for fine from the Internet; but this is not the way i wanted as my LAN user wont get the benefit of form-base authentication again.
if somebody knows how to solve this problem and yet offer the benefit of LAN user to access form-base authentication, i would be much appreciated.
Sot
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 11.Apr.2007 3:40:36 AM
|
|
|
Sot
Posts: 18
Joined: 6.Sep.2002
From: East Timor
Status: offline
|
go to exchange server and disable the form-base authentication. this works fine from the Internet; but this is not the way i wanted as my LAN user wont get the benefit of form-base authentication again.
if somebody knows how to solve this problem and yet offer the benefit of LAN user to access form-base authentication, i would be much appreciated.
Sot
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 11.Apr.2007 12:36:57 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sot,
Create a split DNS and have the internal interface listen for connections for the internal clients so that they get the ISA Firewall's FBA.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 13.Apr.2007 7:59:28 AM
|
|
|
Sot
Posts: 18
Joined: 6.Sep.2002
From: East Timor
Status: offline
|
Dear Tom,
Thanks for your prompted reply.
Yes, i do have split DNS. Here is my the details:
External or Intenet zone named: MOPF.GOV.TL
mail.mopf.gov.tl A 202.72.106.130
Internal or AD zone named: MOPF.GOV.TL
mail.mopf.gov.tl A 192.168.0.17
Waht is the correct procedure to setup the internal interface listen for connections for the internal clients so that they get the ISA Firewall's FBA?
Thanks once again.
Regards,
Sot
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 13.Apr.2007 10:44:19 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sot,
Very good! With the split DNS in place, it'll be easy.
Just go into the listener properties and configure it to listen on the Internal Network.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 14.Apr.2007 7:53:37 AM
|
|
|
Sot
Posts: 18
Joined: 6.Sep.2002
From: East Timor
Status: offline
|
Dear Tom,
Many thanks for taking time to respond to my on-going request.
I have checked my Listener and it has been configured to listen on both External and Internal Networks.
The thing is that my client browsers have been to configured to bypass proxy when an attempt is made to access local resources and thus they did not even attempt to send any request to a proxy et al. I then took out the bypass proxy from one of the client just to simulate the scenario and force it to send a request to proxy even it will access my exchange webmail locally-- and it failed too.
Your next advice would highly appreciate.
Regards,
Sot
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 14.Apr.2007 12:25:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sot,
They should bypass the proxy for the connection to the internal interface -- since we don't want them to make requests to the Web proxy listener, we want them to connect to the Web listener on TCP 80/443.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 15.Apr.2007 6:56:13 AM
|
|
|
Sot
Posts: 18
Joined: 6.Sep.2002
From: East Timor
Status: offline
|
Dear Tom,
By default all my client browsers have been configured to use proxy (ISA) with "bypass proxy server for local addresses". And here is what ISA has responded "
Network Access Message: The page cannot be displayed
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 192.168.1.1
Date: 15/04/2007 10:43:35 [GMT]
Server: srv-proxy.mopf.gov.tl
Source: proxy "
BTW, how to force the client browser to connect to the Web listener on TCP 80/443???.
"
Thank you
Regards,
Sot
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 15.Apr.2007 10:16:10 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
That "bypass proxy for local addresses" just means bypass single label names -- it has nothing to do with "local" addresses.
Make sure to configure the configure the domain for Direct Access.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA hangs at logon screen (Forms-based authentication) - 16.Apr.2007 4:11:34 AM
|
|
|
Sot
Posts: 18
Joined: 6.Sep.2002
From: East Timor
Status: offline
|
Dear Tom,
I seem not able to solve this on my own untill further guidance is provided please. here is the Internal Property:
Web Browser Tab:
Bypass proxy for Web servers in this network (checked)
Directly access computers specified in the Domains tab (checked)
Domain names Tab:
*.mopf.gov.tl
Here is my HTTP Listener Property:
Networks Tab:
Exernal 202.72.106.130
Internal <All IP addresses>
Please guide me further.
Thanks once again.
Regards,
Sot
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: OWA hangs at logon screen (Forms-based authentication) - 