Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Using FBA on internal FE with ISA in DMZ
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Using FBA on internal FE with ISA in DMZ - 24.Dec.2007 10:49:15 AM
|
|
|
napoleon1815
Posts: 3
Joined: 24.Dec.2007
Status: offline
|
Hello all! I hope someone can help me. I am trying to enable FBA on our internal Exchange 2003 (SP2) Front End server and publish it out to ISA 2004 (Standard) in our DMZ. Right now, we have one ISA server in the DMZ (dual homed)...and internally we have one front end and one back end server (both Exchange 2003 Enterprise with SP2). Right now, ISA is set to Basic Authentication, and when users connect to OWA they get the Basic login. We want to move to FBA, but we also want to customize the login (from what I understand, you can't customize the login when FBA is done via ISA, which is why we want to use the FE to publish FBA). I've been pulling my hair out trying to get this to work. Microsoft has made a series of recommendations that haven't work. Recently, I was told to just uncheck Basic Authenticaion on the OWA Web Listener on our ISA server, enable FBA on the internal FE, and all should work. However, what happens is this..externally you get dual logins (Basic first, FBA second)...internally you get dual logins too (FBA first, Basic second). Has anyone enabled FBA via FE and got it to work through ISA? Thanks!
< Message edited by napoleon1815 -- 24.Dec.2007 10:50:49 AM >
|
|
|
|
|
RE: Using FBA on internal FE with ISA in DMZ - 5.Feb.2008 12:10:03 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
You need to disable all authentication on the ISA Firewall for the Web Publishing Rule and listener, and allow the clients to auth directly with the FE. Not recommended, but that's what you need to do to make it work the way you want it to.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Using FBA on internal FE with ISA in DMZ - 21.Feb.2008 11:26:50 AM
|
|
|
napoleon1815
Posts: 3
Joined: 24.Dec.2007
Status: offline
|
Thanks! I have this working now...so authentication is turned off on ISA, and the FBA form is published via our internal front end. Now here is what I am stuck on...we have a password management tool that will allow people to change their passwords after they've expired and unlock their own accounts. We want these links added to the FBA form so external users can access them via our OWA site. We have a lot of traveling people who can't VPN in since their password expired, so this tool will fix that. When I add the password change links to the FBA form, they work fine internally but externally the pages won't display. I should note the the links point to websites that are on the front-end server under the Default Web Site, which is fully published based on our ISA rules. I am not sure how these sites can be made visible externally. I made no rule changes in ISA for this...just added the links to the form. Microsoft won't support customizations, but they did say that as long as the websites the links point to were on the same server that published the FBA (which it is) it should work fine. Of course, this is not the case. I am totally lost on this one...I hope someone can help me! Thanks!
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
