Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (Full Version)

All Forums >> [ISA Server 2004 General ] >> Exchange Publishing



Message


tshinder -> Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (5.Jul.2006 3:52:56 PM)

This thread is for discussing the article on how to publish OWA and RPC/HTTP Web farms using the new ISA firewall at: http://www.isaserver.org/tutorials/Publishing-Outlook-Web-Access-Outlook-RPCHTTP-ISA-Server-2006-Firewalls-Forms-based-Authentication-Part4.html




blomus -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (24.Sep.2006 12:45:35 AM)

Hello!

At first, excuse my English, it's a Swiss interpretation of this language [:)]

I took this Tutorial to configure my installation, Exchange 2003  behind the new ISA 2006. I adapted that to my one Exchange Server Scenario without the Farm Configuration. OWA works, but I try now about 8 hours to figure out the problem with rpc over https. I can't connect with my Outlook Client. I tried everything 399 times, no chance. The resources about ISA 2006 are very sparely, about 3 articles to that. [X(]

So, when I try to test the rpc Configuration with https://localhost/rpc, the login box comes up, what is requested. But there, I can't login to receive the requested 403.2 Error, the box comes up again 3 times and then it breaks with a credential error. So, I think I have a problem there, but I compared everything with a standard rpc installation (without isa) that works, nothing. I tried also with e reinstallation of the rpc Service and the Service Pack 2 of Exchange... no chance.

So, now I'm searching for an answer and I don't know who can help me.... [8|]

If you have an Idea... I'm very receptive to any tip!!!

Thanx and Best Regards,

blomus from Switzerland




tshinder -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (24.Sep.2006 4:40:55 PM)

Hi Blomus,

Are the certificates name correctly? Download and install the ISA Firewall BPA and see if it finds problems with your certificates.

HTH,
Tom




blomus -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (24.Sep.2006 8:09:35 PM)

Hi Tom,

Thanks for your reply. Yes, the Certificates are ok. I have an official certificate (trustcenter, like Verisign). OWA works without any error. Also the rpc tests are now successful, I made a mistake, I tested it with the guidelines of windows 2003 without SP1... so internal everything seems ok. Only when I try to connect from outside, trough the ISA Server nothing happens. When I try to test from outside with a connection to https://host.ch/rpc, the ISA Login Screen comes up (like OWA). But after sign in, nothing happens, ISA displays the login screen again!

I invested many hours now in this configuration and I can't find the failure!

Marco




tshinder -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (26.Sep.2006 1:30:51 PM)

Hi Marco,

Have you configure the Outlook client to use Basic authentication? Also, make sure the credentials delegation is set for Basic delegation.

HTH,
Tom




blomus -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (26.Sep.2006 11:59:58 PM)

Hi Tom,

Yes, everything set to Basic authentication. When I run /rpcdiag Switch, I can see, that nothing happens over HTTP. Outlook tries to connect and after a timeout of 20-30 seconds, the request fails with the standard answer that Exchange must be online! Internal everything works fine!

Regards,

Marco




tshinder -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (27.Sep.2006 1:54:05 PM)

Hi Marcos,

What is the common name on the Web site certificate bound to the Web listener?

What is the common name on the Web site certificate bound to the RPC/HTTP proxy machine?

What is the name on the TO tab?

What is the name on the public name tab?

Tom




blomus -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (27.Sep.2006 6:04:16 PM)

Hi Tom,

What is the common name on the Web site certificate bound to the Web listener? webmail.insidehost.ch

What is the common name on the Web site certificate bound to the RPC/HTTP proxy machine? webmail.insidehost.ch (exchange server/ i've exported the certificate to a file from this machine and imported it to the isa, which says me that the cert. is correctly installed)

What is the name on the TO tab? webmail.insidehost.ch and the internal name, if the external can't resolved

What is the name on the public name tab? webmail.insidehost.ch
 
Regards,

Marco




baseline -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (26.Oct.2006 2:56:41 PM)

Hi,

I've read the article through and trough but I'm still confused on one point.
ISA 2006 Web Farms are exactly what my client wants. He refuses to buy an hardware load-balancer and Windows integrated NLB doesn't work since ISA 2004 is unable to pool the destination IP's/Ports to see if they're alive.
Now, reading the article (as I've understood it) we now can have different certificates on the listener and on the target web servers?...
This is confusing, in ISA 2004 with SSL bridging I had to have the same certificate on the listener and on the target web server(s).
Is this not the case in ISA 2006 with Web Farms?

regards




tshinder -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (27.Oct.2006 9:03:57 AM)

quote:

ORIGINAL: blomus

Hi Tom,

What is the common name on the Web site certificate bound to the Web listener? webmail.insidehost.ch

What is the common name on the Web site certificate bound to the RPC/HTTP proxy machine? webmail.insidehost.ch (exchange server/ i've exported the certificate to a file from this machine and imported it to the isa, which says me that the cert. is correctly installed)

What is the name on the TO tab? webmail.insidehost.ch and the internal name, if the external can't resolved

What is the name on the public name tab? webmail.insidehost.ch
 
Regards,

Marco


Hi Marco,

OK, all that seems right.

Is the Exchange Server on a DC?

Tom




Dan Pink -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (23.Jan.2007 6:24:31 AM)

Hi Tom,

Please carry on!![:o]

I have the same problem so far as Marco, and my Exchange Server is unfortunately also the DC. What were you going to suggest to Marco if that was his case please? My certificates and client are configured fine, and I thought I had done what was needed in the registry with Exchange SP2.

Marco, let us know if you fixed it also please - that would be great.

Thanks guys

Dan




tshinder -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (24.Jan.2007 9:35:07 AM)

Hi Dan,

Its more simple when its on the DC. All you need to do is install the RPC/HTTP proxy service on the machine. You don't need to fiddle with the ports in the Registry.

Keep in mind that you can't use an FBA enabled listener for RPC/HTTP with the 2004 ISA Firewall.

HTH,
Tom




blayshing -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (27.Feb.2007 3:44:05 AM)

hi guys,
i dunno if this has been asked somewhere but do i really need to create a split DNS for me to access my OWA from external clients? are there any other alternatives?

thanks




Dan Pink -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (27.Feb.2007 3:59:25 AM)

Morning Blayshing,

Have you seen this doc that explains splitdns?

http://www.isaserver.org/tutorials/2004illegaltldsplitdns.html




blayshing -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (12.Mar.2007 2:09:11 AM)

hey dan,

thanks, but as it turns out, we have a legal top-level domain, hehe... i followed the instructions on http://www.isaserver.org/tutorials/Using-2006-ISA-Firewall-RC-Publish-OWA-Sites-Part1.html and the OWA can be accessed externally, but things seem to get stuck there... we can't log on [:(]... help please...




tshinder -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (17.Mar.2007 1:27:48 PM)

Where do things get stuck?

Thanks!
Tom




schmidlap -> RE: Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4 (20.Sep.2011 6:48:55 PM)

"Hi Dan,
Its more simple when its on the DC. All you need to do is install the RPC/HTTP proxy service on the machine. You don't need to fiddle with the ports in the Registry.
Keep in mind that you can't use an FBA enabled listener for RPC/HTTP with the 2004 ISA Firewall.
HTH,
Tom

How is this supposed to help? It doesn't even make sense or pertain to the proceeding problem. Nobody suggested fiddling with registry ports. Everyone already knows you simply apply ServicePack 2 to each Exchange server before configuring them as front end and back end in your rpc/http topology. Nobody suggested using an FBA enabled listener or ISA 2004 for that matter. You are talking about installing the RPC/HTTP proxy service which he obviously already did and does not need help with. We need to know why the ISA FBA page appears but just reappers after we enter valid credentials instead of showing the OWA mailbox.




Page: [1]