Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Strange OWA FBA problem...
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Strange OWA FBA problem... - 10.Apr.2006 1:49:44 PM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
Dear Tom,
At first i would like to thank you for all your effort you have made to help thousands and thousands of people and making an IMPACT in an IT industry. you are the GURU and your book is like a BIBLE for ISA Server.
I have used many of your articles to perform several tasks in my ISA environment and succesfully done it except Outlook Web Access publishing...
I just dont know what the problem is ... i tried everything step by step from your articles, from books, from microsoft documentation but i just can't...
If i do the Server Publishing of HTTPS Server and send it to my internal OWA server, it works. But SSL brdging with Mail server publishing doesnot.
I did the Mail Server publishing with SSL bridging in test environment and it works... it is really wierd for me.
Here is the summary:
Internal mail Server name: mailsrvr.companyname.com
External Server Name: mail.companyname.com
(internal and external company name are the same but server name is different)
External Name resolved to the ISA server public Ip , which is bound to the external interface.
I have installed certificate authority, issued certificate for mail.companyname.com, export and import succesfully (with private keys), in ISA machine personal certificate store i have the certificate mail.companyname.com , which i have imported and it is same like the external name i.e mail.companyname.com )
In Mail server publishing rule, i have given the same name in public , mail.companyname.com. In ISA i have added this name to HOSTs file and resove it to internal IP address. i have tested the resolution by pinging public name (mail.companyname.com)from ISA , it resolve it to internal ip which is 10.10.10.209.
FBA is disabled on Exchange 2003. And enabled in Web listener on ISA 2004. now when i try to connect from an external client, it give me security warning for certificate that this CA is not in trusted. once i click ok to proceed, it give me this message...
Error Code 10061: Connection refused
Background: When the gateway or proxy server contacted the upstream (Web) server, the connection was refused. This usually results from trying to connect to a service that is inactive on the upstream server.
I also tried by deselecting FBA and choose basic but result is the same.
I just really dont know what is the problem. As far as i am concerned, i am sure that i am doing the right steps in ISA because in test domain it works, but i dont know. Please help me on this matter. I will really appreciate this. I have read all the messages in this section to see maybe i find the solution, but still i am unable to do so. for the time being i am using server publishing rule to publish my OWA until the problem is solved.
Please reply ASAP and onceagain thank you for your support.
Faisal
|
|
|
|
|
RE: Strange OWA FBA problem... - 11.Apr.2006 5:24:38 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Faisal,
Thanks for the kind words about my work :)
I think the problem is related to:
1. Your HOSTS file entry
2. The name on the TO tab
3. The common/subject name on the certificate bound to the Web site
The HOSTS file entry needs to point to mailsvr.domain.com
The name on the TO tab needs to be mailsvr.domain.com
The common/subject name on the Web site certificate bound to the OWA Web site must be mailsvr.domain.com
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Strange OWA FBA problem... - 11.Apr.2006 11:58:12 AM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
No, actually thank you for providing all the guidance to thousands of It pros like us. What i said i meant every word of it.
regarding your suggested solution, ok... because mailsrvr is the internal name, so i was using the external one in certificate, to tab and host file, which is MAIL
Thank you, i will try this and let you know.
|
|
|
|
|
RE: Strange OWA FBA problem... - 12.Apr.2006 5:48:48 PM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
HI Dr.,
I did exactly what you have said... now the error has changed and it is giving me this error...
Error Code: 404 Not Found. The requested item could not be located. (12028)
I really dont know what the problem is...
Please Help...
|
|
|
|
|
RE: Strange OWA FBA problem... - 12.Apr.2006 7:31:12 PM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
Hi Dr.
there is some progress...
when In path tab of OWA rule , i add Cookieauth.dll? along with the builtin /exchange/* , /exchweb/* and /public/* and also
In Listener Properties, when i select "require all users to authenticate" and apply those settings , it gave me the OWA FBA logon Page with this URL
https://mail.companyname.com/CookieAuth.dll?GetLogonWrapper?url=%2Fexchange&reason=0
but
When i enter my username and password in this format domain\user , it give me once again this message...
Error Code: 404 Not Found. The requested item could not be located. (12028)
and when i close this error page, it launch other window with this logoff url which is,
https://mail.companyname.com/exchange/?Cmd=logoff
but after that it shows the same Error Code : 404 Not Found error on this page as well...
So what i did , i went to path tab of OWA rule again and remove /CookieAuth.dll? and tried again...
It gave me the login page as before , but after entering username and password it gives the same good old Error Code: 404 Not Found.
so i believe adding Cookieauth.dll? does not made a difference, but selecting require all users to authenticate did...
as i mention earlier this login page appear when i select require all users to authenticate check box....
also I tried by typing the wrong password. It gave me the error that you could not log on to server…it means (I believe) authentication is working…
Please help me for this puzzle...PLEASEEEEEEEEEEEEEEEEEEEEEEEEEEEE........................
thank you,
Faisal
|
|
|
|
|
RE: Strange OWA FBA problem... - 12.Apr.2006 8:10:36 PM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
Hi,
Here is something else that might help you understand the problem...
From the ISA Server, when i try to connect using internet name, (mail.companyname.com), i am using ISA server as a web proxy client of itself, it gave me the login page and after entering username and password, it gave me the same thing that it was giving me from external client which is :
Error Code: 404 Not Found. The requested item could not be located. (12028)
but when i dont make ISA , web proxy client of itself and access, it gave me the login page and after entering username and password , it gave me this message...
Error Code: 10061 (connection refused)
Please help me on this....
|
|
|
|
|
RE: Strange OWA FBA problem... - 13.Apr.2006 2:51:24 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Faisal,
Can you tell me:
1. The name on the Public Name tab?
2. The name on the To tab?
3. The common/subject name on the Web listener's certificate?
4. The common/subject name on the Web site certificate bound to the OWA Web site?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Strange OWA FBA problem... - 13.Apr.2006 7:11:25 PM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
Hi Dr,
The Name on the Public tab is mail.companyname.com
The Name on the To Tab is mailsrvr.companyname.com
The common/Sbject name on the Web Listener Certificate is mailsrvr.companyname.com
The common/Subject name on the Web Server Certificate bound to the OWA Website is mailsrvr.al-madina.com
|
|
|
|
|
RE: Strange OWA FBA problem... - 13.Apr.2006 7:16:35 PM
|
|
|
PCC
Posts: 185
Joined: 13.Nov.2001
From: Michigan
Status: offline
|
quote:
ORIGINAL: fsaifie
Hi Dr,
The Name on the Public tab is mail.companyname.com
The Name on the To Tab is mailsrvr.companyname.com
The common/Sbject name on the Web Listener Certificate is mailsrvr.companyname.com
The common/Subject name on the Web Server Certificate bound to the OWA Website is mailsrvr.al-madina.com
I believe all those names should be mail.companyname.com for it to work properly.
|
|
|
|
|
RE: Strange OWA FBA problem... - 13.Apr.2006 8:04:53 PM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
Dear PCC,
Previously i have tried all these names with mail.companyname.com and it didnot work. then i follow the suggestion of Dr. tom and use mailsrvr.companyname.com in certificates as well as in To tab. but i dont know what is the problem , result is the same....Error code 10061: Connection refused. I manage to get OWA FBA login page only if i select "require all users to authenticate: option in web listener property.... but nothing after that.... If i just make Server Publishing rule for HTTPS server and just forward it to internal Server, it works fine.... But mail server publishing for OWA just doesnot work...
Regarding the Mail Server, let me tell you that it was not a fresh installation of Exchange 2003. It is a in-place upgrade from Exchange 2000 to Exchange 2003. maybe this point will help you guys to sort out the problem...
|
|
|
|
|
RE: Strange OWA FBA problem... - 13.Apr.2006 10:35:30 PM
|
|
|
fsaifie
Posts: 48
Joined: 23.Jul.2004
Status: offline
|
BOOM BOOM.... Its working now...
Dr. Tom was right...
Certificate names and name under TO tab must be internal name, in my case. (mailsrvr.companyname.com)
under public Tab, external name is defined which is mail.companyname.com
The problem was something else...
What i did for testing purpose is to try publish the owa site with HTTP.
After publishing when i try to access it from external client and from ISA, it takes me to the restriction page supplied by the Govt. Agency...
Actually, here in this country, the internet is filtered, all ISP must go through one centralized set of proxy servers (for internet filtering) then go to internet. Also in my web chaining rule, i must type the ISP proxy server as an upstream server. so see, its all like a big chain in my scenario.
What was happening is (i dont know why?) that when ISA was resolving public name to TO tab name, it was using upstream proxy server to reach to my internal server (10.10.10.209), which ofcourse doesnot exist there... and that upstream was forwarding it to internet or Govt. Agency Intranet...(thats what i believe). I also try to enable and disable this host header check box and keep testing it with changing names, (FQDN, host name only, local ip) and one time it takes me to mailsrvr.com website...that gave me hint also...
So when i make one web chaining rule for my internal name, mailsrvr.companyname.com and set it to retreive request directly then that's it....IT WORKS...
After than i use all the procedure provided by Dr. Tom in his article for SSL bridging and it works...
All this efforts i believe is just because of the fact that we have filtered internet and my external and internal exchange server name doesnot match...
This can be a good reference to the people like me who are using...
filtered Internet
using ISP proxy as upstream server
Intenal and External Names are different
At the End , i would like to thank Dr. Tom for giving his precious time to me all everybody in this board for their suggestions...
This Place ROCKS....
bye,
Faisal
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
