Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OWA https problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OWA https problem - 3.Nov.2003 2:45:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Hi
I have been trying to setup OWA on Exchange 2000 thru ISA Server and have hit a problem, that I cant seem to get around.
I have followed the documentation on here for how to set up and configure a CA for https:// I have also follwed the articles on how to set up and configure the ISA server to allow OWA using the certificate from the CA, but when I try and access the site from the outside world using https:// i get
"Can not find server or DNS Error", however when I use the http:// for the site i get "403 Forbidden - The server denies the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
Internet Security and Acceleration Server"
if i put \exchange on the end of the http:// i get
"403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)
Internet Security and Acceleration Server"
The set up here is we allow our internal network access to the net thru ISA server, but only the basicprotocols necessary for the net. We have a web site published thru the ISA server, which works fine and we have VPN, which works although a bit slow on the authentication side sometimes.
Now I wish to publish OWA but over https: preferably
Can anyone tell me what may be going wrong here or help me resolve this.
Thanks
Scott
|
|
|
|
RE: OWA https problem - 3.Nov.2003 7:22:00 PM
|
|
|
pjemiolo
Posts: 8
Joined: 3.Nov.2003
From: Virginia
Status: offline
|
Scott,
Create a destination set consisting of either
"smtp.mydomain.com" with a path of /exchweb*
"smtp.mydomain.com" with a path of /public*
"smtp.mydomain.com" with a path of /exchange*
OR
"www.mydomain.com" with a path of /exchweb*
"www.mydomain.com" with a path of /public*
"www.mydomain.com" with a path of /exchange*
Then create a web publishing rule pointing to this destination set under "Action" check to redirect the request and enter the IP of your exchange server and be sure the correct ports are filled in for bridging ssl, http and ftp. Under "Bridging" check redirect as http and redirect ssl as ssl and under applies to check "all requests" This should get you going.
Paul
|
|
|
|
RE: OWA https problem - 3.Nov.2003 7:29:00 PM
|
|
|
pjemiolo
Posts: 8
Joined: 3.Nov.2003
From: Virginia
Status: offline
|
Scott,
FYI
Also you should have a /exchange at the end of the URL not \exchange.
Paul
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 10:21:00 AM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Hi
Thanks for the info, but I have added the change you mentioned back into the ISA Destination Set and I still get the error of "Cannot find server or DNS Error". I have checked the ports and the bridging settings are set with the default ports of http : 80 https : 443. When I get s little more time today I will write up the config here and post it.
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 10:32:00 AM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
In your destination set, click on the Action tab, and what have you put in the 'Redirect the request to this internal web server', have you used the FQDN or the IP address of the server?
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 11:15:00 AM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
I have used both currently set as an internal IP to the web server that holds OWA. I have also set up hosts to point to the same machine and then used the FQDN (internal name) and i still get the SErver DNS error.
I will trry and get the config on here as soon as possible
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 12:00:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
Try the following, use the same FQDN that you use externally, for example if you type http://www.mydomain.co.uk/exchange, then put www.mydomain.co.uk in the 'redirect requests to this internal web server' and in the HOSTS file on the isa server add an entry to point www.mydomain.co.uk to the ip address of your exchange box.
|
|
|
|
RE: OWA https problem - 4.Nov.2003 12:57:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Hi Pinball
I have tried that, well i have tried both i have put the FQDN of the internal name, the FQDN of the atual site name and given it the internal IP within the hosts file (SYSTEM32\Drivers\Etc)
But I still get site not found, once more if i still use only http:// I get error page that says to use https:// when I use that i get the Site NOt Found Error
This is the url owa.stcenergy.com, if it helps
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 1:12:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
On the Action tab, have you ticked the 'Send the original host headr to the published server', if not, then select it. If you have, have you ever managed to get OWA working trying to access it externally without HTTPS, it might be worth trying that.
HTH.
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 1:39:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
I will try with out https://. would rather have it workin though, if i can. How else can I secure OWA without https://
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 1:45:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
Absolutely I agreee you should use https, but for testing purposes just to make sure the basics are all configured correctly, then once you have got http owa working, you can config the https side of it.
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:04:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Hi
Well tried that http:// works well (annoyingly) now I have put it back and it well you know the rest.
I know i mentioned this a couple of times already, but I will document as much as I can on this and post it, maybe something in all that will be wrong, hope not, though
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:12:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
Okay let got hrough this bit by bit.
1) Were is the SSL connection terminating, at the ISA server or at the Exchange server?
2) If the SSL connection goes all the way to the exchange server, have you enabled the owa website to accept ssl connections?
3) if you run netstat -na on your ISA server, do you see port 443 listed next to your external IP address?
Cheers.
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:22:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Think i maye have found something, but in order
1: The SSL is terminating at the default web site on the exchange server
2: The Default web site has a certificate added to it so any access to the Site (exchnage dirs, etc) require SSL
3: )Using Netstat I only see port 80 next to the IP on the required IP
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:26:00 PM
|
|
|
pjemiolo
Posts: 8
Joined: 3.Nov.2003
From: Virginia
Status: offline
|
Scott,
Since OWA works well without the ssl, This might be a CA problem. Have you created the cert and exported it with the public key to the ISA machine?
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:28:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
Haved you enabled the SSL Listener on ISA Server?
If you haven't, then start the ISA Management Utility, right click on the name of your isa server and select properties, then click on the Incoming Web requests and tick the enable SSL Listeners.
HTH.
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:42:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
In answer to questions
1:) I used follwed the guide for installing a windows 2003 CA, but I am installing onto 2000 server, so had to mod where necessary.
2:) I followed the How to Obtain a Web Site Cert guide from the deployment kit and created and installed a cert from that. and then exported and then imported into ISA server.
On the mnatter of SSL Listeners, they where setup on all external IP's but no port 443, I then modified it to only do the required IP and now I get a warning, that SSL wont work unless it is on all listeners
Hmmm, just run a netstat -na and I have TIME_WAIT on the required IP on port 443
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:53:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Hmmmm, even I beginning to think it may be a certificate problem now.
When you set a listner with a certificate I am assuming that when I do a netstat -na i would see something like
TCP 62.24.100.111:80 0.0.0.0:0 listening
TCP 62.24.100.111:443 0.0.0.0:0 listening
If everthing worked ok that is
Does the ISA server have to resolve the certifiate details as would a web site when it is set up to use one, with the issuing Ca to check validity. ?
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 2:53:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
How many IP addresses do you have bound to the external network card on your isa server?
If it is only one, then I suggest on the Incoming Listeners you select the 'Configure listeners individually per IP address', then you can tell the listener to use port 443 for ssl, and also what certificate to use.
HTH.
|
|
|
|
|
RE: OWA https problem - 4.Nov.2003 3:01:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
I actualy have 4 IP's bound
the first is the ISA Servers IP itself,
one of the others is for a web site we host in house, and ends up getting routed to a Web Server, which is fine using destination sets
the third is or was going to be for OWA and the last one is as yet un assigned to anything
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
