OWA hangs at logon screen (Forms-based authentication) (Full Version)

All Forums >> [ISA Server 2004 General ] >> Exchange Publishing



Message


GregorSuster -> OWA hangs at logon screen (Forms-based authentication) (28.Mar.2006 11:14:14 PM)

Hi.

I'm trying to solve this OWA publishing problem:

There is an ISA Server 2004, SP2, with 2x NIC (internal and external). MS Exchange is on another internal server. Users can access owa over https from internal network without a problem, but when they try to access mailbox from external address they get:

1. Security alert (because of the certificate)
2. OWA/ISA logon screen (Forms-based)
3a. When they enter correct U&P "OWA hangs". All they see is running progress bar and "Opening page https://owa.server.com/cookieauth.dll?Logon..."
3b. When they enter wrong U&P the get "You could not be logged on to Outlook Web Access. Make sure your domain\user name and password are correct, and then try again."

So, the number 3a is my problem. Any idea?

Some background:
- Publishing rule worked before SP2, but at that time I also added a NIC into the machine and did some reconfiguring.
- Results of ISA logging:

External IP = <external client IP>  
Internal IP = <internal OWA IP>  
Destination = 443   
Protocol = https
Action = Allowed Connection
Rule = [Ext] Owa
Client Username = <domain>\<UN>
Source network = External       
HTTP Method = GET
URL = http://owa.server.com:443/exchange

Any idea?

Regards, Greg.




tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (29.Mar.2006 4:09:57 PM)

Hi Greg,

What errors do you see in the ISA firewall's log files for the failed connections?

Thanks!
Tom




GregorSuster -> RE: OWA hangs at logon screen (Forms-based authentication) (29.Mar.2006 7:55:51 PM)

Hi Thomas,

thank you for trying to solve the problem. ;-)

Besides of the allowed connections (1st post) I also have some "Failed connection attempts".  Just after I press "Log on" button, i get this one:

Destination Host Name = owa.server.com
Transport = TCP
Object Source
HTTP Status Code = "12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator."   
Cache Information = 0x0
Error Information = 0x200
Log Record Type = Web Proxy Filter
Client IP = <Ext user IP>
Destination IP = <Ext ISA IP>
Destination Port = 443
Protocol = https
Action = Failed Connection Attempt
Rule = -
Client Username = anonymous
Source Network = -
Destination Network = -    
HTTP Method = POST
URL = http://owa.server.com/CookieAuth.dll?Logon

...and after that some of these errors:

Destination Host Name = owa.server.com
Transport = TCP
Object Source
HTTP Status Code = "12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator."   
Cache Information = 0x0
Error Information = 0x80
Log Record Type = Web Proxy Filter
Client IP = <Ext user IP>
Destination IP = <Ext ISA IP>
Destination Port = 443
Protocol = https
Action = Failed Connection Attempt
Rule = -
Client Username = anonymous
Source Network = -
Destination Network = -    
HTTP Method = GET
URL = http://owa.server.com/CookieAuth.dll?GetLogon?reason=1

URL's are changing but the errors are the same as the one above.

http://owa.server.com/CookieAuth.dll?GetPic?image=logon_logo.gif
http://owa.server.com/CookieAuth.dll?GetPic?image=logon_IE_top.gif
http://owa.server.com/CookieAuth.dll?GetPic?image=logon_IE_bot.gif
http://owa.server.com/CookieAuth.dll?GetPic?image=spacer.gif
http://owa.server.com/CookieAuth.dll?GetPic?image=logon_Microsoft.gif

Thank's for your help.

Regards, Greg.




tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (30.Mar.2006 4:57:51 PM)

Hi Greg,

OK, some things to try:

1. Run the ISA firewall BPA on your firewall to see if the certificates are configured correctly

2. What is the exact name on the Public Name tab?

3. What is the exact name on the "To" tab?

Thanks!
Tom




GregorSuster -> RE: OWA hangs at logon screen (Forms-based authentication) (31.Mar.2006 11:39:10 AM)

Hi Thomas,

1. BPA did not find any errors, just that MTU is disabled.
2. Public name = owa.server.com
3. To = owa.server.com (*)

(*) Server.com is in fact another domain, but owa.domain.com is registered in ISP's DNS. On ISA I use hosts file to "redirect" owa.domain.com to internal IP address of the Exchange server. And there is also an alias owa.domain.com in Internal DNS, because hostname of the Exchange server is not Owa.

I saw also, that other people had the same problem. When I talked to "dwd",  he told me that he reformated the server, reinstalled ISA and from that moment Owa works fine, but i'm not very exited about the idea. :-)

http://forums.isaserver.org/m_2002006295/mpage_1/key_/tm.htm#2002006295

Regards, Greg.




tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (1.Apr.2006 9:23:47 PM)

Dewd!

When I ask for exact information, that's what I need.

Thanks!
Tom




GregorSuster -> RE: OWA hangs at logon screen (Forms-based authentication) (2.Apr.2006 2:14:38 PM)

O, sorry.

I've sent you PM with extact information and with UN & PWD, so you can test it on you own if you like.

Regards, Greg.  




tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (2.Apr.2006 4:52:14 PM)

Hi Greg,

I don't know if I have PMs turned on.

You can send it to tshinder@isaserver.org

Thanks!
Tom




Sot -> RE: OWA hangs at logon screen (Forms-based authentication) (8.Apr.2007 6:43:33 PM)

hello there,

i am experiencing exactly the same problem. i have gone through your discussion here; but no solution is yet to offer.

Here is my configuration:
1. One separated DC server
2. One ISA 2006 server (two NICs, external(public ip) and internal(private ip) nics)
3. One exchange server 2003 with CA installed

my outlook 2003 mapi client seems to work fine through the internet using rpc/https protocol; but i could not make owa published successfully.

The Office Outlook Web Access form appeared properly; but whenever i type in domain\username and password, it stay there for at least 5 minutes and display in web browser status bar as https://mail.mopf.gov.tl/CookieAuth.dll?Logon... once the time has expired it produced message "





Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.





Try the following:
    Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
    Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
    Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.




Technical Information (for support personnel)
    Error Code: 500 Internal Server Error. The number of HTTP requests per minute exceeded the configured limit. Contact the server administrator. (12219)

"

your advice would be very much appreciated.

sincerely,
Sot




soimer -> RE: OWA hangs at logon screen (Forms-based authentication) (10.Apr.2007 10:05:43 AM)

I've got exactly the same problem, posted in ISA2006 section, any idea?
http://forums.isaserver.org/OWA_publishing_-_login_waiting_forever_%25%25%25/m_2002042084/tm.htm
 
 
Thanks!




Sot -> RE: OWA hangs at logon screen (Forms-based authentication) (11.Apr.2007 3:39:57 AM)

go to exchange server and disable the form-base authentication. this works for fine from the Internet; but this is not the way i wanted as my LAN user wont get the benefit of form-base authentication again.

if somebody knows how to solve this problem and yet offer the benefit of LAN user to access form-base authentication, i would be much appreciated.

Sot




Sot -> RE: OWA hangs at logon screen (Forms-based authentication) (11.Apr.2007 3:40:36 AM)

go to exchange server and disable the form-base authentication. this works fine from the Internet; but this is not the way i wanted as my LAN user wont get the benefit of form-base authentication again.

if somebody knows how to solve this problem and yet offer the benefit of LAN user to access form-base authentication, i would be much appreciated.

Sot




tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (11.Apr.2007 12:36:57 PM)

Hi Sot,

Create a split DNS and have the internal interface listen for connections for the internal clients so that they get the ISA Firewall's FBA.

HTH,
Tom




Sot -> RE: OWA hangs at logon screen (Forms-based authentication) (13.Apr.2007 7:59:28 AM)

Dear Tom,

Thanks for your prompted reply.

Yes, i do have split DNS. Here is my the details:

External or Intenet zone named: MOPF.GOV.TL
mail.mopf.gov.tl   A 202.72.106.130

Internal or AD zone named: MOPF.GOV.TL
mail.mopf.gov.tl   A 192.168.0.17

Waht is the correct procedure to setup the internal interface listen for connections for the internal clients so that they get the ISA Firewall's FBA?

Thanks once again.

Regards,
Sot





tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (13.Apr.2007 10:44:19 AM)

Hi Sot,

Very good! With the split DNS in place, it'll be easy.

Just go into the listener properties and configure it to listen on the Internal Network.

HTH,
Tom




Sot -> RE: OWA hangs at logon screen (Forms-based authentication) (14.Apr.2007 7:53:37 AM)

Dear Tom,

Many thanks for taking time to respond to my on-going request.

I have checked my Listener and it has been configured to listen on both External and Internal Networks.

The thing is that my client browsers have been to configured to bypass proxy when an attempt is made to access local resources and thus they did not even attempt to send any request to a proxy et al. I then took out the bypass proxy from one of the client just to simulate the scenario and force it to send a request to proxy even it will access my exchange webmail locally-- and it failed too.

Your next advice would highly appreciate.

Regards,
Sot




tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (14.Apr.2007 12:25:00 PM)

Hi Sot,

They should bypass the proxy for the connection to the internal interface -- since we don't want them to make requests to the Web proxy listener, we want them to connect to the Web listener on TCP 80/443.

HTH,
Tom




Sot -> RE: OWA hangs at logon screen (Forms-based authentication) (15.Apr.2007 6:56:13 AM)

Dear Tom,

By default all my client browsers have been configured to use proxy (ISA) with "bypass proxy server for local addresses". And here is what ISA has responded "



Network Access Message: The page cannot be displayed







Technical Information (for Support personnel)
    Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
    IP Address: 192.168.1.1
    Date: 15/04/2007 10:43:35 [GMT]
    Server: srv-proxy.mopf.gov.tl
    Source: proxy
"

BTW, how to force the client browser to connect to the Web listener on TCP 80/443???.
"

Thank you
Regards,
Sot





tshinder -> RE: OWA hangs at logon screen (Forms-based authentication) (15.Apr.2007 10:16:10 AM)

That "bypass proxy for local addresses" just means bypass single label names -- it has nothing to do with "local" addresses.

Make sure to configure the configure the domain for Direct Access.

HTH,
Tom




Sot -> RE: OWA hangs at logon screen (Forms-based authentication) (16.Apr.2007 4:11:34 AM)

Dear Tom,

I seem not able to solve this on my own untill further guidance is provided please. here is the Internal Property:
Web Browser Tab:
Bypass proxy for Web servers in this network (checked)
Directly access computers specified in the Domains tab (checked)
Domain names Tab:
*.mopf.gov.tl

Here is my HTTP Listener Property:
Networks Tab:
Exernal 202.72.106.130
Internal <All IP addresses>

Please guide me further.
Thanks once again.
Regards,
Sot




Page: [1] 2   next >   >>