From: Søborg, Denmark, Europe
First of all: Thank you for sharing your immense knowledge and experience on ISA – I have found a lot of sound advices and knowledge. For my current problem I have searched isaserver.org and Technet's ISA-forum for troubleshooting advice – but seems to be out of luck. I used to run SBS2003 with ISA2004 and Exchange2003 on a server with 2 NICs – and WWW, OWA and VPN worked just fine. In my new configuration:
ISA (in a 3-leg perimeter setup) and MS Virtual Server on a dedicated server with 2 NICs
Win2k3 DC with Exchange Server in the Internal zone (10.0.0.5)
a published WebServer in the DMZ (10.0.1.3 virtual machine on the ISA-machine - works OK)
Points to owa.xxx.dk (ExchangeServer.xxx.local, 10.0.0.5) in Internal Zone
HOST record ("just in case”): 10.0.0.5 owa.xxx.dk
Ping owa.ebs.dk: 10.0.0.5 time<1ms
WWW publishing rule – works OK
Points to 10.0.1.3 in DMZ
SMTP publishing rules – works OK
From: External and All Protected Networks
Points to 10.0.0.5 in Internal Zone
Exchange, Exchweb, Publish
SSL 128 bit owa.xxx.dk
--- Hypothesis OWA works all fine using http - meaning that I probably have a SSL-issue But http obviously is NOT best practice and do NOT match our security policies. --- Troubleshooting efforts and results I have documented some troubleshooting effords: Disable http compression No cigar Publishing Rule: OWA Using http OWA works all fine using http Using common listener: OWA (80) I figured out, that I didn't need dedicated listeners for port 80 and port 443 on the same ip. So I created a new listener OWA (80) by copying the existing WWW-listener. Setting up so that both the OWA- and the WWW-publishing rule uses Listener: OWA (80). Listener: OWA (80) config
Publishing Rule: OWA Using http AND https On the Bridging tab: · Redirect requests to HTTP port: 80 · Redirect requests to SSL port: 443 · Do not check "Use a certificate to authenticate to the SSL Web server”
Publishing Rule: SSL between ISA and ExchangeServer On the Bridging tab:
Redirect requests to HTTP port: 80
Redirect requests to SSL port: 443
Use a certificate to authenticate to the SSL Web server
Select Certificate: <No valid certificates was found on this server>
This message puzzles me a bit as Certificates (Local Computer)\Personal\Certificates contains 3 certificates – all OK !? --- according to Tom's answer in another thread today I can discard for this as being part of the SSL-publishing problem ... ---
I sure hope someone are able to help me out - I feel totally stuck with this.
< Message edited by ErikBo -- 9.Nov.2006 3:28:03 PM >
From: Søborg, Denmark, Europe
Hi Ryan Thank you for taking time to answer in my need.
It has been my understanding that Forms authentication MUST be used on the ISA Server which is publishing the OWA-forms: "On the Authentication Settings page you have a number of options. However, you’ll always want to select the HTML Form Authentication option from the Select how clients will provide credentials to ISA Server drop down list when publishing OWA sites."
As for the communication from ISA to the Exchange Server I haven't had the opportunity to configure Forms authentification - so I've configured the recommended Basic authentication. Which I have confirmed on the securuty tab for ExchWeb in IIS Manager.
Where should I disable Forms authentication on the Exchange Server?