Publishing OWA (Full Version)

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing



Message


sxlalan -> Publishing OWA (15.Aug.2006 2:24:31 PM)

Can anyone offer any tips on publishing an Exchange 2003 Front End Server over SSL using ISA 2006?  AT the moment I am able to connect to the isa server using the url of my published server and get to the forms based authentication page.  When I enter my credentials and click the Log On button I am immediately presented with the following...

  • Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

    This shows up in the ISA log as an Access Denied message processed by the Default Enterprise rule.  The source IP is my external clients IP and the destination is the (Virtual) IP of the ISA external network that I am trying to publish the Exchange server through.

    Any suggestions would be greatly appreciated!

    Thanks

    Alan




  • tshinder -> RE: Publishing OWA (15.Aug.2006 2:36:29 PM)

    Hi Alan,

    Have you read my recent articles on how to publish OWA on ISA 2006? All the details are there.

    HTH,
    Tom




    sxlalan -> RE: Publishing OWA (15.Aug.2006 2:42:09 PM)

    Hi Tom.  I found the article about publishing the back-end server and had a read through that and it seems to be pretty much what I have done.  I'm not sure if there are important differences for a front-end server.

    I've discovered that what seems to be happening is that after I click log on I am redirected to https://mailserver.com/ rather than to https://mailserver.com/exchange.  if I add the exchange bit myself then OWA starts as expected.  Any ideas as to why this would be happening and how to resolve it?

    Thanks

    Alan




    sxlalan -> RE: Publishing OWA (15.Aug.2006 3:15:39 PM)

    P.S. the default website on the FE Server has been set to automatically redirect to /exchange but this doesn't seem to be happening with ISA 2006.  The redirect works fine if I connect to te FE Server directly from our LAN.

    Cheers

    Alan




    sxlalan -> RE: Publishing OWA (15.Aug.2006 3:52:18 PM)

    This seems to be working now!  I had to add a path to the rule mapping "/" to "/exchange"  Dont try adding "/*" as the external path as this then conflicts with all of the other mappings.  Also, don't add "/exchange\" as the internal path (as Tom found worked for ISA2004) as this causes a corruption of the config with ISA2006!

    Thanks

    Alan




    gja -> RE: Publishing OWA (15.Aug.2006 9:38:20 PM)

    Hoi Alan,

    I had the same problem with connecting to exchange, and I didn't solve by adding a mapping but I added a rule. The rule is denies all the traffic to https://mailserver.domain.nl and redirects all the traffic to https://mailserver.domain.nl/exchange. The rule only listnes to the / path.

    But way you are doing it also works.

    Cheers
    Gijs




    sxlalan -> RE: Publishing OWA (16.Aug.2006 9:00:39 AM)

    Good tip, thanks Gijs




    tshinder -> RE: Publishing OWA (17.Aug.2006 3:43:14 AM)

    Hey guys,

    Good info!
    Thanks!
    Tom




    kinai -> RE: Publishing OWA (19.Sep.2006 11:36:11 PM)

    hello all,

    I'm used ISA 2006 to publish many differents Exchange Servers by using FBA and Radius.
    It's working as fine.

    I try to apply the path "/" to "/exchange" ... it seems working on the first publication.
    On the second publication, when I try to connect, the client send multiple HTTP request and ISA block the client IP address (spoofing, more than 500 HTTP Request per seconde).

    I can not apply the rules suggest by Gijs because I have multiple external domain name for the same server and the translation must keep the external server name.

    If someone have an idea.
    Thanks,
    Regards,
    Kinai

    ISA2006 / Two Exchange Organisation based on different Active Directory (different forest)
    Authentification based on forms and RADIUS.




    tshinder -> RE: Publishing OWA (20.Sep.2006 1:43:25 PM)

    quote:

    ORIGINAL: gja

    Hoi Alan,

    I had the same problem with connecting to exchange, and I didn't solve by adding a mapping but I added a rule. The rule is denies all the traffic to https://mailserver.domain.nl and redirects all the traffic to https://mailserver.domain.nl/exchange. The rule only listnes to the / path.

    But way you are doing it also works.

    Cheers
    Gijs


    Hi Gijs,

    How do you do the redirect in the Deny Rule when there is no redirect ability for Deny Web Publishing Rules?

    Thanks!
    Tom




    PCC -> RE: Publishing OWA (9.Oct.2006 11:29:03 AM)

    quote:

    ORIGINAL: sxlalan

    This seems to be working now!  I had to add a path to the rule mapping "/" to "/exchange"  Dont try adding "/*" as the external path as this then conflicts with all of the other mappings.  Also, don't add "/exchange\" as the internal path (as Tom found worked for ISA2004) as this causes a corruption of the config with ISA2006!

    Thanks

    Alan


    I used the "/Exchange\" mapping rule in ISA 2004.  But if I add the rule to map "/" to "/Exchange" it just hangs when I try to logon.  I really don't want my users to have to remember to add the "/Exchange" to the end of the URL because I know they won't remember to do it.  Is there any other way to redirect if someone goes to https://owa.mydomain.com/ to make it go to https://owa.mydomain.com/exchange ?




    tshinder -> RE: Publishing OWA (11.Oct.2006 10:46:25 AM)

    Hi PCC,

    There's a trick I put in my blog on how to use the new ISA Firewall's ability to redirect denied requests to make it work without have to use the /Exchange\ trick.

    HTH,
    Tom




    PCC -> RE: Publishing OWA (11.Oct.2006 12:06:40 PM)

    I must apologize, but I don't see anything in your blog on this topic.  Could you please provide a link or post it here?

    Thanks.





    PCC -> RE: Publishing OWA (11.Oct.2006 9:03:59 PM)

    Tom,

    I did find your blog on the redirect.  I didn't look far enough back the first time.  It works great to redirect http://owa.mydomain.com to https://owa.mydomain.com/exchange (which I have been using WebDirect for in the past but this works just as good).  But I can't figure out how to redirect https://owa.mydomain.com to https://owa.mydomain.com/exchange .  I just seem to get a loop that keeps redirecting me to the FBA login page.  I guess it's not a big deal because I always direct everyone to use http://owa.mydomain.com anyhow and let the redirect take care of everything.  But I would like to get it working even if someone types https://owa.mydomain.com.




    Page: [1]