I have published my exchange 2007 CAS through ISA 2006 with single network. The ISA is inside our network and is joined to the domain .I created a web listener and Publishing rule, I test the rule and everything seems ok. FBA is disabled on the CAS. However, each time I want to access my site internally, I am presented with a password prompt or basic/standard authentication instead of the FBA authentication configured on the ISA server. I have installed server certificates on the testserver CAS 2007 using private CA within our domain and exported the installed certificates to ISA server and the certificates are correctly installed and valid. Please help I want to use FBA on the ISA 2006 sp1.When I login using the password prompt, I get connected to mailbox and when logging off I get the normal FBA log off screen. Where have I missed it? How do I know if ISA 2006 is the one doing the authentication even without FBA? I have a feeling the password prompt I get when accessing OWA is coming directly from the CAS and not from ISA, correct me if I am wrong. My topology is like this. 1 Testserver: Server where CAS exchange 2007 is installed, running windows server x64 and is joined to domain 2 ISAServer Server where ISA 2006 SP1Ent edition installed running windows server 2003 R2 x32 with a single NIC and is joined to domain 3 Mail1: Exchange 2007 Server hosting mailbox
From: Taylorville, IL
If the ISA is not Delegating the authentication,...you will get the second prompt. ISa must take the credentials you logged in through the FBA,...authenticate you with them,...and then pass them on (delegate them) to the Exchange Server.
Thanks for the reply. As way of testing I disconnected the ISA form the network and tried to login internally,Surprisingly the same login prompt showed u(not FBA) and i was able to login.Which confirms my earlier assertion that the ISA is not doing any authentication and that perhaps the reason I am not getting the ISA 2006 FBA.It it the placement of ISA server that is wrong or what? How do I ensure that all OWA authentications go through the ISA.