• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

can I add second listener for OWA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> can I add second listener for OWA Page: [1]
Login
Message << Older Topic   Newer Topic >>
can I add second listener for OWA - 24.Mar.2006 8:15:20 PM   
kenisswell

 

Posts: 29
Joined: 31.Dec.2005
Status: offline
Can I publish a second listener in my ISA 2004 server for OWA?

I currently have ISA setup with one listener for my OWA. On the external side I am using a wild card certificate. On my internal side (exchange 2003 FE server) I am using a self signed cert. I use forms based authentication.  I have a modified logon.asp page that includes the domain name so my clients dont have to enter it. The Exchange 2K3 FE server is doing the authentication. The ISA server is not doing any authentication. (I never could get it to work the other way with ISA doing auth).

I am implementing RSA secure ID now. I would like to add another listener to use RSA during testing. Then I could either convert my previous OWA listener to radius or somehow chain the two of them.

1)Can I create another listener which uses RSA and points to the same OWA? (leaving the old listener in place)
Post #: 1
RE: can I add second listener for OWA - 24.Mar.2006 10:25:29 PM   
brother100011

 

Posts: 7
Joined: 24.Mar.2006
Status: offline
Yes, but you will have to use a different port for the internal connection.  You will also have a different external address for that particular listener.  You can give the interface another IP as long as it is on the same subnet, then when you create the listener, set the listening port for that specific address (not <All Addresses>)

FUnny you could not get the OWA auth to work..  I just set it up with no issues (SSL with a gated process).

Let me know how you like the RSA ID.  I hear it is buggy.

(in reply to kenisswell)
Post #: 2
RE: can I add second listener for OWA - 24.Mar.2006 11:04:53 PM   
kenisswell

 

Posts: 29
Joined: 31.Dec.2005
Status: offline
quote:

Funny you could not get the OWA auth to work..  I just set it up with no issues (SSL with a gated process).

I think the reason that it did not work had to do with the customized logon.asp. I could not successfully modify the logon page on the ISA server. Every time I tried to match the custom page I have on my FE server it would totally screw up ISA and ISA would not start. So I just fell back to using the FE for auth. Even though it is not as secure (an sort of defeats the purpose of ISA) I figured it did not matter since I am going to require RSA auth first on ISA anyway.

-----back to the original question...
So you are saying I need to use another port on the internal connection? I don't see how I can do that. My Exchange and IIS is already using 443 to listen for OWA. How do I add an additional port? I can see how I do that with the ISA listener but how do I specify another port on the OWA FE side?

Oh...Would I just add an additional SSL port (like 445) in IIS to the default web on the FE server?

Ken

(in reply to brother100011)
Post #: 3
RE: can I add second listener for OWA - 25.Mar.2006 3:36:52 PM   
brother100011

 

Posts: 7
Joined: 24.Mar.2006
Status: offline
Dont customize the logon.asp on the FE OWA.  Customize the logon_MSIERICH.HTM on the ISA server.  Restart the Microsoft Firewall service when you make changes.  The file is in the CookAuth something or another. 

In Re to second para:
You are right on the last part.  You have to give the new listener a different listening IP address (the external one).  You will redirect the listener to the inside address, that could be a different IP, or the same IP on a different PORT.  If you use the same external IP, then it has to be on a different PORT...





YOU WROTE:
I think the reason that it did not work had to do with the customized logon.asp. I could not successfully modify the logon page on the ISA server. Every time I tried to match the custom page I have on my FE server it would totally screw up ISA and ISA would not start. So I just fell back to using the FE for auth. Even though it is not as secure (an sort of defeats the purpose of ISA) I figured it did not matter since I am going to require RSA auth first on ISA anyway.

-----back to the original question...
So you are saying I need to use another port on the internal connection? I don't see how I can do that. My Exchange and IIS is already using 443 to listen for OWA. How do I add an additional port? I can see how I do that with the ISA listener but how do I specify another port on the OWA FE side?

Oh...Would I just add an additional SSL port (like 445) in IIS to the default web on the FE server?

Ken

(in reply to kenisswell)
Post #: 4
RE: can I add second listener for OWA - 25.Mar.2006 9:27:57 PM   
kenisswell

 

Posts: 29
Joined: 31.Dec.2005
Status: offline
quote:

Dont customize the logon.asp on the FE OWA.  Customize the logon_MSIERICH.HTM on the ISA server.  Restart the Microsoft Firewall service when you make changes.  The file is in the CookAuth something or another.


This is what I did. I edited the logon_MSIERICH.HTM on the ISA server. I turned off FBA on the FE server (Restearted Exchange/IIS so the settings were set.) It was odd, I would make changes to the logon_MSIERICH.HTM page but they were not working. If I changed the html to point to another .gif (my company image in the same directory) they would show as a broken link. If I tried to rename the original microsoft .gif and that would cause ISA not to start. I would restart the firewall service each time. So I gave up.

----

back to the original... I will try creating new port or IP on both the external connection and the internal connection and see if I can get it to work.

(in reply to brother100011)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> can I add second listener for OWA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts