Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OWA problems
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OWA problems - 25.Jul.2007 8:20:05 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
Hello all, finally I've found a forum that looks useful, microsofts technet hasn't been much help.
I have Exchange 2003 and ISA 2006 both on windows 2003 sp2.
We had to rebuild our ISA server because of a hardware failure so I decided to use ISA 2006 but I'm having trouble getting outlook web access to work externally with SSL.
Internally web access works fine with http or https://exchange.domain.com/exchange but externally it just hangs when logging in. I looked at the monitoring>logging on the ISA server and it gets through the rule fine but seems to go nowhere from there so it just keeps trying and eventually the IP address gets blocked.
The strange thing is, I can get web access working externally if the traffic is not SSL from the ISA to the exchange server!
But obviously I want traffic to use SSL client > isa > exchange for various reasons.
Originally we had a 500 error to do with certificates but we purchased new ones (there were out of date) so I’m very sure the certificate side of things is set up.
I’ve followed many guides on how to set the rules up and using certificates so I’m convinced the problem isn’t the rule or certificate related, but I welcome anyone to prove me wrong as long as this gets sorted!
Thank you in advanced.
wilde
|
|
|
|
|
RE: OWA problems - 27.Jul.2007 1:35:28 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
It could be that the settings on the Public Name tab or TO tab are incorrect.
Run the ISA Firewall BPA on the ISA Firewall to determine if there is a certificate problem.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA problems - 2.Aug.2007 11:49:41 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
the results of the BPA tool did not help.
see this http://img183.imageshack.us/img183/6476/bpany3.jpg
I am completley out of ideas now . . . . completley.
Does anyone have any ideas?
thanks in advance
|
|
|
|
|
RE: OWA problems - 6.Aug.2007 10:17:54 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Do you still have the 500 errors?
How is your setup deviating from best practices as described on the articles on this site?
Is the ISA Firewall a multihomed firewall and is it a domain member?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA problems - 6.Aug.2007 11:01:00 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
I set the set up exactly as described in the document
"ISA Firewall Publishing OWA and TPC/HTTP with a Single IP Address"
found here
http://www.isaserver.org/tutorials/ISA-Firewall-Publishing-OWA-RPC-HTTP-Single-IP-Address-Part1.html
Something that i've noticed was LDAP authentication didn't work we have to use Active Directory?
The strange thing is, is if the traffic from the client to the ISA server is https and the ISA server to the exchange server is http then OWA works as expected.
However if the setup is https from client to ISA to exchange as in the document linked to above, you cannot log into OWA.
We have 1 ISA server and 1 Exhcange server, both on the same switch.
Thank you for your help
|
|
|
|
|
RE: OWA problems - 6.Aug.2007 11:35:48 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
a link sys adsl modem.
|
|
|
|
|
RE: OWA problems - 7.Aug.2007 5:30:23 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
I was sure I set the certificate up as documented.
Internally and Externally my OWA site is http://exchangeserver.domain.com/exchange
where on the certificate will proove what you suggest?
shouldn't I receive any other errors anywhere?
|
|
|
|
|
RE: OWA problems - 8.Aug.2007 3:53:10 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
the external client see's no error.
after they enter their domain\username and password they click log in and it stays on that age for a long time as if it keeps trying to get the info, then eventually ISA blocks the ip for too many tries.
|
|
|
|
|
RE: OWA problems - 8.Aug.2007 11:01:06 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Maybe there's something wrong with the Exchange Server?
Maybe the IIS service isn't started.
Maybe its configured to not all connections from the ISA Firewall.
Maybe the certificate is misnamed or outdated or something else.
At this point you need to really learn how OWA publishing works, and then with that knowledge, review your design to see what the hole is in it and fix it.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA problems - 8.Aug.2007 11:09:25 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
it's a tricky problem isn't it!
OWA works externally when it's not SSL between ISA and exchange, and OWA works internally so I don't think the problem lies with exchange or IIS?
The certificate is brand new, I've talked through with the providers support and they say all is fine with it.
What do you mean by "Maybe its configured to not all connections from the ISA Firewall"?
Do you have any other ideas or trouble shooting paths that I could follow to determine where the problem lies?
Thanks for your help.
|
|
|
|
|
RE: OWA problems - 8.Aug.2007 11:15:16 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Did you generate the certificate that is bound to the OWA Web site?
What is the common name on the Certificate bound to the OWA Web site?
What is the name on the TO tab of the Web Publishing Rule?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: OWA problems - 8.Aug.2007 11:38:42 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
Yes I generated the cert as per the above document, Comodo say all is ok with it.
The firewall rule is:
This rule appliest to this published site: mailserver.domain.com (same internally as well)
IP address 10.10.10.3
The certificate details is:
Issued to: mailserver.domain.com
Issued by: UTN-USERFirst-Hardware (although this is strange Comodo say this is normal)
Expiration date: 20/07/2010
Intended Purposes: Server Authentication, Client Authentication
Friendly Name: Company Name Ltd
Thanks for your help
|
|
|
|
|
RE: OWA problems - 7.Mar.2008 11:40:21 AM
|
|
|
wilde
Posts: 50
Joined: 25.Jul.2007
Status: offline
|
FYI the only way I fixed this was by building a new exchange server.
something was seriously wrong with it!
Thanks for all your help on it though! :D
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
