Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OWA not accessible from ISA server
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OWA not accessible from ISA server - 19.Aug.2008 5:40:11 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
I have a problem with accessing OWA on an Exchange 2003 box from outside. The published address on the Internet resolves to the correct external Public IP and other sites are published ok through ISA. A number of websites with similar adresses.
When trying to access webmail from ISA server from outside and from the ISA box itself, the following message appears in Internet Explorer.
error code: 403 Forbidden. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
I have attempted re-publishing OWA a couple of times but it is always the same message. OWA works ok locally from other servers and clients.
Please can someone help. Its driving me crazy.
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 5:43:36 AM
|
|
|
javedmse
Posts: 8
Joined: 24.Jan.2007
Status: offline
|
First of all, make sure that you should not have IIS installed on ISA server to publish OWA.
If it is not there then, based on the error code, there might be some authentication issues preventing the access of OWA..
_____________________________
Javeed Khan
MSOC, VSNL
INDIA
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 5:44:25 AM
|
|
|
javedmse
Posts: 8
Joined: 24.Jan.2007
Status: offline
|
Forgot to ask, r u trying to publish HTTPS ?
_____________________________
Javeed Khan
MSOC, VSNL
INDIA
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 6:39:33 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
Thanks for the reply. Just about to check IIS. I have tried publishing as http and https. Ideally I want it to be https. I have created a CA internally and https does work internally but http is still permitted as well.
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 6:42:10 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
IIS isn't installed.
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 6:43:39 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
With regards to authentication, authentication works internally with OWA.
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 7:42:09 AM
|
|
|
javedmse
Posts: 8
Joined: 24.Jan.2007
Status: offline
|
Authentication is not on Exchange, authentication on the OWA publishing rule where u have an option of authentication using that ISA will itself authentication the users request instead forwarding to the Exchange server...
Configure ISA to forward the authentication directly to the Exchagne..
_____________________________
Javeed Khan
MSOC, VSNL
INDIA
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 8:15:51 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
ISA is set to allow authentication through to the Exchange server. I have two published Sharepoint sites through this box and they authenticate ok from the outside. The only difference is that the Sharepoint sites are hosted from a different server to the Exchange.
What setting should I be checking to ensure that authentication is passed through to the Exchange server.
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 8:23:39 AM
|
|
|
javedmse
Posts: 8
Joined: 24.Jan.2007
Status: offline
|
On Authentication Delegation open shoud set to "Basic Authentication" and one Listener you should select "HTTP Authentication as "Basic".
Make sure to select "Allow Client authentication over HTTP".
_____________________________
Javeed Khan
MSOC, VSNL
INDIA
|
|
|
|
|
RE: OWA not accessible from ISA server - 19.Aug.2008 11:15:08 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
Thanks for the posts so far by the way.
I am not sure where precisely some need to be set but I'll explain here what I have just carried out.
(1) The External Listener was set to 'No Authentication'. This is used by all rules that Publish sharepoint sites and our Internet Site. Authentication works for the Sharepoint sites. These sites are on a different server to Exchange (OWA).
(2) I set the External listener to Basic authentication and ensured Basic authentication was set on the 'Exchange' site in IIS. It was currently set to Windows Authentication only.
(3) Still get the same message.
|
|
|
|
|
RE: OWA not accessible from ISA server - 20.Aug.2008 12:25:06 AM
|
|
|
javedmse
Posts: 8
Joined: 24.Jan.2007
Status: offline
|
When it is basic authentication on ISA then same should be there on Exchange Virtual directory in IIS.
Have you configured different listener for OWA? If possible, try to separate listener for Sharepoint.That requires one virtual IP address configure on the external NIC..
Dont forget, when u configure Basic authentication on ISA and same has to be there on exchange virtual directory.
_____________________________
Javeed Khan
MSOC, VSNL
INDIA
|
|
|
|
|
RE: OWA not accessible from ISA server - 20.Aug.2008 7:00:59 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
Thanks for the post. My terminilogy was wrong. It was the Exchange virtual server that I was referring to. Good idea with the separate listener. I tried adding a separate one for OWA but wasn't permitted as IP address was in use. With regards to virtual IP for OWA, what is the process to go about it? I can then set Forms authentication for OWA as well.
|
|
|
|
|
RE: OWA not accessible from ISA server - 21.Aug.2008 3:03:31 AM
|
|
|
javedmse
Posts: 8
Joined: 24.Jan.2007
Status: offline
|
If you have two Publishing sites, you need to have two different listners.
Configure one Virtual IP on the External NIC of the ISA, if it is exposed to internet directly then configure one more Public IP on external NIC of the ISA.
Then create one more listener an and bind to the new IP which is newly configured.
Create new publishing rule and select the newly created listener and follow the same authentication steps that we discussed earlier.
When you configure HTTPS, then your publishing URL (Ex. mail.mydomain.com) also should resolve internally to your exchange server. that means when you do nslookup internally to mail.mydomain.com that should resolve your internal exchange server. for that you need to have one Host A record for mail.mydomain.com which points to your internal Exchange host name.
It should work....
_____________________________
Javeed Khan
MSOC, VSNL
INDIA
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
