• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA https problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Server Publishing >> OWA https problem Page: [1] 2 3   next >   >>
Login
Message << Older Topic   Newer Topic >>
OWA https problem - 3.Nov.2003 2:45:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
Hi

I have been trying to setup OWA on Exchange 2000 thru ISA Server and have hit a problem, that I cant seem to get around.

I have followed the documentation on here for how to set up and configure a CA for https:// I have also follwed the articles on how to set up and configure the ISA server to allow OWA using the certificate from the CA, but when I try and access the site from the outside world using https:// i get

"Can not find server or DNS Error", however when I use the http:// for the site i get "403 Forbidden - The server denies the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
Internet Security and Acceleration Server"

if i put \exchange on the end of the http:// i get

"403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)
Internet Security and Acceleration Server"

The set up here is we allow our internal network access to the net thru ISA server, but only the basicprotocols necessary for the net. We have a web site published thru the ISA server, which works fine and we have VPN, which works although a bit slow on the authentication side sometimes.
Now I wish to publish OWA but over https: preferably

Can anyone tell me what may be going wrong here or help me resolve this.

Thanks

Scott
Post #: 1
RE: OWA https problem - 3.Nov.2003 7:22:00 PM   
pjemiolo

 

Posts: 8
Joined: 3.Nov.2003
From: Virginia
Status: offline
Scott,
Create a destination set consisting of either

"smtp.mydomain.com" with a path of /exchweb*
"smtp.mydomain.com" with a path of /public*
"smtp.mydomain.com" with a path of /exchange*

OR

"www.mydomain.com" with a path of /exchweb*
"www.mydomain.com" with a path of /public*
"www.mydomain.com" with a path of /exchange*

Then create a web publishing rule pointing to this destination set under "Action" check to redirect the request and enter the IP of your exchange server and be sure the correct ports are filled in for bridging ssl, http and ftp. Under "Bridging" check redirect as http and redirect ssl as ssl and under applies to check "all requests" This should get you going.
Paul

(in reply to ScottSTC)
Post #: 2
RE: OWA https problem - 3.Nov.2003 7:29:00 PM   
pjemiolo

 

Posts: 8
Joined: 3.Nov.2003
From: Virginia
Status: offline
Scott,
FYI
Also you should have a /exchange at the end of the URL not \exchange.
Paul

(in reply to ScottSTC)
Post #: 3
RE: OWA https problem - 4.Nov.2003 10:21:00 AM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
Hi

Thanks for the info, but I have added the change you mentioned back into the ISA Destination Set and I still get the error of "Cannot find server or DNS Error". I have checked the ports and the bridging settings are set with the default ports of http : 80 https : 443. When I get s little more time today I will write up the config here and post it.

(in reply to ScottSTC)
Post #: 4
RE: OWA https problem - 4.Nov.2003 10:32:00 AM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Hi Scott,

In your destination set, click on the Action tab, and what have you put in the 'Redirect the request to this internal web server', have you used the FQDN or the IP address of the server?

(in reply to ScottSTC)
Post #: 5
RE: OWA https problem - 4.Nov.2003 11:15:00 AM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
I have used both currently set as an internal IP to the web server that holds OWA. I have also set up hosts to point to the same machine and then used the FQDN (internal name) and i still get the SErver DNS error.

I will trry and get the config on here as soon as possible

(in reply to ScottSTC)
Post #: 6
RE: OWA https problem - 4.Nov.2003 12:00:00 PM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Hi Scott,

Try the following, use the same FQDN that you use externally, for example if you type http://www.mydomain.co.uk/exchange, then put www.mydomain.co.uk in the 'redirect requests to this internal web server' and in the HOSTS file on the isa server add an entry to point www.mydomain.co.uk to the ip address of your exchange box.

(in reply to ScottSTC)
Post #: 7
RE: OWA https problem - 4.Nov.2003 12:57:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
Hi Pinball

I have tried that, well i have tried both i have put the FQDN of the internal name, the FQDN of the atual site name and given it the internal IP within the hosts file (SYSTEM32\Drivers\Etc)

But I still get site not found, once more if i still use only http:// I get error page that says to use https:// when I use that i get the Site NOt Found Error

This is the url owa.stcenergy.com, if it helps

(in reply to ScottSTC)
Post #: 8
RE: OWA https problem - 4.Nov.2003 1:12:00 PM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Hi Scott,

On the Action tab, have you ticked the 'Send the original host headr to the published server', if not, then select it. If you have, have you ever managed to get OWA working trying to access it externally without HTTPS, it might be worth trying that.

HTH.

(in reply to ScottSTC)
Post #: 9
RE: OWA https problem - 4.Nov.2003 1:39:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
I will try with out https://. would rather have it workin though, if i can. How else can I secure OWA without https://

(in reply to ScottSTC)
Post #: 10
RE: OWA https problem - 4.Nov.2003 1:45:00 PM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Hi Scott,

Absolutely I agreee you should use https, but for testing purposes just to make sure the basics are all configured correctly, then once you have got http owa working, you can config the https side of it.

(in reply to ScottSTC)
Post #: 11
RE: OWA https problem - 4.Nov.2003 2:04:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
Hi

Well tried that http:// works well (annoyingly) now I have put it back and it well you know the rest.

I know i mentioned this a couple of times already, but I will document as much as I can on this and post it, maybe something in all that will be wrong, hope not, though

(in reply to ScottSTC)
Post #: 12
RE: OWA https problem - 4.Nov.2003 2:12:00 PM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Hi Scott,

Okay let got hrough this bit by bit.

1) Were is the SSL connection terminating, at the ISA server or at the Exchange server?

2) If the SSL connection goes all the way to the exchange server, have you enabled the owa website to accept ssl connections?

3) if you run netstat -na on your ISA server, do you see port 443 listed next to your external IP address?

Cheers.

(in reply to ScottSTC)
Post #: 13
RE: OWA https problem - 4.Nov.2003 2:22:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
Think i maye have found something, but in order

1: The SSL is terminating at the default web site on the exchange server

2: The Default web site has a certificate added to it so any access to the Site (exchnage dirs, etc) require SSL

3: )Using Netstat I only see port 80 next to the IP on the required IP

(in reply to ScottSTC)
Post #: 14
RE: OWA https problem - 4.Nov.2003 2:26:00 PM   
pjemiolo

 

Posts: 8
Joined: 3.Nov.2003
From: Virginia
Status: offline
Scott,
Since OWA works well without the ssl, This might be a CA problem. Have you created the cert and exported it with the public key to the ISA machine?

(in reply to ScottSTC)
Post #: 15
RE: OWA https problem - 4.Nov.2003 2:28:00 PM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Hi Scott,

Haved you enabled the SSL Listener on ISA Server?

If you haven't, then start the ISA Management Utility, right click on the name of your isa server and select properties, then click on the Incoming Web requests and tick the enable SSL Listeners.

HTH.

(in reply to ScottSTC)
Post #: 16
RE: OWA https problem - 4.Nov.2003 2:42:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
In answer to questions
1:) I used follwed the guide for installing a windows 2003 CA, but I am installing onto 2000 server, so had to mod where necessary.
2:) I followed the How to Obtain a Web Site Cert guide from the deployment kit and created and installed a cert from that. and then exported and then imported into ISA server.

On the mnatter of SSL Listeners, they where setup on all external IP's but no port 443, I then modified it to only do the required IP and now I get a warning, that SSL wont work unless it is on all listeners

Hmmm, just run a netstat -na and I have TIME_WAIT on the required IP on port 443

(in reply to ScottSTC)
Post #: 17
RE: OWA https problem - 4.Nov.2003 2:53:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
Hmmmm, even I beginning to think it may be a certificate problem now.

When you set a listner with a certificate I am assuming that when I do a netstat -na i would see something like
TCP 62.24.100.111:80 0.0.0.0:0 listening
TCP 62.24.100.111:443 0.0.0.0:0 listening

If everthing worked ok that is

Does the ISA server have to resolve the certifiate details as would a web site when it is set up to use one, with the issuing Ca to check validity. ?

(in reply to ScottSTC)
Post #: 18
RE: OWA https problem - 4.Nov.2003 2:53:00 PM   
pinball

 

Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
Hi Scott,

How many IP addresses do you have bound to the external network card on your isa server?

If it is only one, then I suggest on the Incoming Listeners you select the 'Configure listeners individually per IP address', then you can tell the listener to use port 443 for ssl, and also what certificate to use.

HTH.

(in reply to ScottSTC)
Post #: 19
RE: OWA https problem - 4.Nov.2003 3:01:00 PM   
ScottSTC

 

Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
I actualy have 4 IP's bound

the first is the ISA Servers IP itself,
one of the others is for a web site we host in house, and ends up getting routed to a Web Server, which is fine using destination sets
the third is or was going to be for OWA and the last one is as yet un assigned to anything

(in reply to ScottSTC)
Post #: 20

Page:   [1] 2 3   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Server Publishing >> OWA https problem Page: [1] 2 3   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts