We are having a problem getting Outlook Mobile Access and Active-Sync to work behind our ISA 2000 firewall. Our corporate security policy calls for all of these services to be behind an authenticated firewall. We have published Outlook Web Mail this way, and it works fine. A user connects to the web site, and ISA 2000 first throws up a firewall login screen, then after authentication, the user gets to the OWA login page. However, when we try to access the OMA page or the Active-Synce page using the same method, the user receives the ISA login the same, but no matter how many time we enter the credentials, we can not get past the ISA login. Here is our setup:
Exchange 2003 SP2 All sites require SSL Using forms based authentication All mobile devices are Starcom Smart Phones running Mobile 5.0 with the security feature pack installed ISA server 2000 with exchange web server published using a "Web Publishing Rule" and set to only allow connections from users of a certain active Directory group.
I have followed the steps in the MS knowledge base articles to make OMA work when you have SSL forced and forms based authenticaton on OWA, and it is working fine in house. I can access all three pages no problem from inside the network (OWA, OMA and Active-Synce), but only OWA works from the Internet. If I try to access these pages using IE6, I get the following symptoms:
OMA: ISA login (enter credentials) ISA login again (enter credentials) Errors out with this message: HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.
Active-Sync: ISA login (enter credentials) ISA login again (enter credentials) ISA login again (enter credentials) Errors out with a simple page saying this: Error: Access is Denied.
If I turn off the authentication part of the web publishing rule, everything works just fine. I can sync our smart phone or surf the OMA page via the Internet.
Does anybody know if this configuration is possible?