Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Trying to publish Exchange 2003 with ISA 2006
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Trying to publish Exchange 2003 with ISA 2006 - 19.Aug.2008 8:18:12 AM
|
|
|
FCP
Posts: 4
Joined: 19.Aug.2008
Status: offline
|
Hi everyone. I have read various documents on this subject I have found that many contradict each other. I am try to publish OWA via an internal ISA 2006 server.
I have an Exchange 2003 server in our domain with mailboxes accessed via Outlook on the local network. I have also setup OWA and this is working locally for those that VPN on to our network.
I have an ISA 2006 server that sits on our local network though it is not part of the domain. This is currently used as a proxy server for a number of remote users that access one or two external sites. I want to use this to publish OWA using this server.
Both these servers sit behind a Checkpoint FW1 cluster. I have not changed any rules for these server servers yet as I want to get things working internally before I start opening external ports.
I have produced a certificate on the Exchange server using the name webmail.<domain>.co.uk. I have then exported this certificate before importing it onto the ISA server. I have also added a static entry into our DNS for webmail pointing to the Exchange server’s internal ip address.
What I would like to do is let our users access their mailboxes via the Internet. I have had OWA working using http and https but I cannot get anything working via the ISA server.
What authentication should be set on the Exchange servers default web site, integrated and basic? I am happy for remote VPN users to access their email using HTTP via OWA but I obviously want remote users coming in from the internet to use HTTPS.
Just to test access I have added the ip of the ISA server to my proxy settings in IE. I get the following when I try and access OWA via the URL
Network Access Message: The page cannot be displayed
And
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
Any guidance getting this working would be much appreciated.
Phill
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 19.Aug.2008 8:40:14 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Phil,
Check out my articles on publishing OWA. They are accurate an correct and use principles and procedures that have stood the test of time.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 19.Aug.2008 9:34:32 AM
|
|
|
FCP
Posts: 4
Joined: 19.Aug.2008
Status: offline
|
Hi Tom, thanks for the reply. I have changed all the virtual directories to 'basic' but then it requires me to restart IIS services. I have 200 people accessing this box on the LAN using Outlook, will they lose connection during the time the IIS services are restarted?
Thanks
Phill
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 20.Aug.2008 4:57:00 AM
|
|
|
FCP
Posts: 4
Joined: 19.Aug.2008
Status: offline
|
In your first article it says to set authentication on the three web folders to 'basic' but then your second article talks about 'SSL bridging'.
I would like to leave 'integrated' ticked as VPN uses can connect without haveing to authenticate manually.
Has anyone seen this error before?
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 4:16:53 AM
|
|
|
VirtualJames
Posts: 8
Joined: 19.Aug.2008
Status: offline
|
I've had that same message. That's the probem I have when attempting to access OWA from outside of sat at the ISA server.
I'm waiting to hear back regarding creating a Virtual IP and configuring a separate listener with different authentication methos than the current that also support Sharepoint logon.
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 8:36:27 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: FCP
Hi Tom, thanks for the reply. I have changed all the virtual directories to 'basic' but then it requires me to restart IIS services. I have 200 people accessing this box on the LAN using Outlook, will they lose connection during the time the IIS services are restarted?
Thanks
Phill
MAPI clients won't be disconnected if you restart the Web services.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 8:37:24 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: FCP
In your first article it says to set authentication on the three web folders to 'basic' but then your second article talks about 'SSL bridging'.
I would like to leave 'integrated' ticked as VPN uses can connect without haveing to authenticate manually.
Has anyone seen this error before?
Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
Not sure what basic versus integrated has to do with SSL bridging or VPN. The point of using OWA is to avoid VPN connections for users who only need email.
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 8:39:15 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: VirtualJames
I've had that same message. That's the probem I have when attempting to access OWA from outside of sat at the ISA server.
I'm waiting to hear back regarding creating a Virtual IP and configuring a separate listener with different authentication methos than the current that also support Sharepoint logon.
You don't need a virtual IP address, you can just add a second IP address to the external interface of the Firewall.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 27.Aug.2008 6:23:43 AM
|
|
|
FCP
Posts: 4
Joined: 19.Aug.2008
Status: offline
|
I am still getting this problem. Even if I try publishing OWA using the site publisher I still get the same problem.
Could my problem be anything to do with the fact that the ISA server is connected to our internal network with a single network card, with an IP address on the same subnet as the Exchange server?
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 28.Aug.2008 8:48:38 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Perhaps. Hork Mode (single NIC) configurations aren't a good security solution. Install in full firewall mode and repeat the configuration.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Trying to publish Exchange 2003 with ISA 2006 - 28.Aug.2008 5:44:05 PM
|
|
|
mylo
Posts: 138
Joined: 26.Mar.2002
Status: offline
|
Haha... Tom... that's the most "moderated" response I've seen from you with regards hork mode ;-)
Phill... stick another NIC in the ISA server if you can and join it to the domain.. I realise this may be a big ask particularly if you're sitting in the middle of a data centre DMZ but you'll save yourself a lot of heartache with the configuration. Lock down the external facing NIC, run the security configuration wizard etc and follow best practises.
Regards,
Mylo
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
