Cannot publish OMA, EAS and OWA with only one listener (Full Version)

All Forums >> [ISA 2006 Publishing] >> Exchange Publishing



Message


brandy -> Cannot publish OMA, EAS and OWA with only one listener (8.Sep.2006 12:25:34 PM)

Yesterday I installed ISA 2006 Standard Edt in out production environment.

We uses ISA as reverse proxy to publish OMA, EAS (Active Sync) and OWA.

With ISA 2004 I follow this article http://www.isaserver.org/tutorials/2004pubowamobile.html to publish these services.
It is a really hack to use the localhost, but it works.

I read this blog:
http://blogs.isaserver.org/shinder/2006/05/03/isa-2006-enables-fba-and-activesync-rpchttp-on-the-same-web-listener
 
Because of this I decided to upgrade to ISA 2006, and get rid of the localhost listener. ( I install 2006 on a brand new server)
 
I create a publishing rule to publish OMA, OWA and EAS. I use forms-based  on the rule and EAS and OWA works fine, but OMA dosn`t work with the new forms based authentication. If I use basic authentication OMA work, but I want to use Forms Based!
 
Many of my users use Nokia with Mail for Exchange installed, but thay cannot sync after upgrade to ISA 2006. Qtek work fine.
 
Because of this problem I decided to downgrade to ISA 2004 again!!!
 
Any comments to my problems?
 
brandy
 
 





tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (8.Sep.2006 7:44:37 PM)

Hi Brandy,

That's very interesting. I wonder if they took that away in RTM?

I'll have to check that out!

Tom




FrancWest -> RE: Cannot publish OMA, EAS and OWA with only one listener (12.Sep.2006 5:01:48 PM)

Hi,

I've also installed ISA 2006 Standard and I can succesfully sync with Mail for Exchange on my Nokia E70, but I have a problem with OMA and Windows Mobile 2003, when I access it using internet explorer from my Desktop or from the browser on the Nokia E70, I'm presented with the Form Based Authentication screen so that works. However, when I access it using Pocket Internet Explorer on my PDA running windows mobile 2003, I immediately get '401 Unauthorized. The server requires authentication to fullfill the request. I get no password prompt or the FBA screen.

Franc.




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (13.Sep.2006 2:48:26 PM)

Hi Franc,

Are you delegating basic authentication credentails?

Thanks!
Tom




FrancWest -> RE: Cannot publish OMA, EAS and OWA with only one listener (13.Sep.2006 10:56:42 PM)

Hi Tom,

yes. On the delegation tab for the OWA publishing rule 'Basic Authentication' is selected. Weird thing is, that it works in every browser, except for Windows Mobile 2003. Even my Nokia E70 displays the FBA logon screen, but WM2003 does not.

Franc.




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (14.Sep.2006 3:49:34 PM)

Hi Franc,

Wish I could test this out, as there is a potential fix. What I need to know is the entry in the Client Agent field in the ISA Firewall's log files. Then we can potentially use this information for the failback to basic feature.

Tom




FrancWest -> RE: Cannot publish OMA, EAS and OWA with only one listener (14.Sep.2006 4:11:13 PM)

Hi Tom,

this is the user agent string as recorded in the logs:

Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)

Regards,
Franc.




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (15.Sep.2006 1:48:21 PM)

Hi Franc,

GREAT!

Let me check in to that and I'll get right back.

Thanks!
Tom




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (15.Sep.2006 1:55:18 PM)

Hi Franc,

OK, here's what I have:

User agent= *Windows CE* associated with xHTML
User agent= *Symbain OS* associated with xHTML
User agent= *SonyEricsson* associated with xHTML

Soooooo...I will "assume" that the user-agent: header contains Windows CE and it should get the xHTML page that the smart phones receive. So it should work like it does with your smart phones.

Let's see if I can pull someone smarter than me into this thread.

Thanks!
Tom




alans -> RE: Cannot publish OMA, EAS and OWA with only one listener (17.Sep.2006 3:09:23 AM)

Hi,

just wondering if you tried to update the phones firmware?

Seeing that it works on all other phones.

Regard

alans




henning -> RE: Cannot publish OMA, EAS and OWA with only one listener (18.Sep.2006 4:05:11 PM)

I have more or less the same scenario as Brandy descibes in his first post, trying to publish all exchange services on the same listener. Using mostly symbian based Nokias and SonyEricssons with roadsync and Nokia's own Mail4Exchange push email client. I spent quite a lot of time on timeout issues with ISA 2004 to make sure I had an "honest push email scenario" without constant timeouts and reauthentications. FYI here is a link to my posts on a Nokia forum describing some related issues: http://discussions.nokia.co.uk/discussions/tracker?user.id=8565 . I have deployed ISA 2006 in a test scenario and also experience that the OMA presents the FBA in the Nokia phone as Brandy describes. If I understand your posts correctlly, this is by design and does not pose any handicap in my scenarioes.

What I am having trouble with, is the timeout issue. On ISA 2004 I had this working by selecting 1800 secs on the ISA listener and on the IIS web server hosting the exchange directories.(Still not sure if the latter was necessary). This was based on the fact that the Roadsync product had a 15 minutes default keepalive setting for push email and that Nokia would not even disclose the value they had chosen. I also looked at the following MS article: http://support.microsoft.com/?id=905013 On the ISA 2006 I have selected the same value but clients keep disconnecting/reconnecting more or less all the time. I was hoping for some guidance here. The listener has FBA, Basic auth delegated, force users to auth.

Regards
Henning




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (20.Sep.2006 1:17:50 PM)

Hi Henning,

So you find that FBA works OK for the OMA client?

I was wondering if maybe the authentication delegation was not set up right, as the delegation should be basic and SSL to SSL must be used.

Thanks!
Tom




FrancWest -> RE: Cannot publish OMA, EAS and OWA with only one listener (23.Sep.2006 9:53:56 PM)

Hi Tom,

thanks for the update. Basic delegation is set up fine and I'm using SSL to SSL. When going to the oma page from a windows mobile device I'm directly presented with the oma.aspx page (along with a very long string before it, I suspect this is the cookie string). However, the page displays that I'm not authorized. So I assume that ISA 2006 thinks that it should handle the request just a if it's an activesync request thus passing through instead of presenting the FBA page. However, since it's unauthenticated it fails.

Just my thoughts.

Franc.




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (24.Sep.2006 4:46:24 PM)

Hi Franc,

Does the OMA.aspx have fields to enter credentails?

Thanks!
Tom




FrancWest -> RE: Cannot publish OMA, EAS and OWA with only one listener (24.Sep.2006 4:48:36 PM)

Hi Tom,

no, when accessing it from the internal network, I'm presented with the normal basic authentication dialog from IIS.

Franc.




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (24.Sep.2006 4:54:58 PM)

Hi Franc,

How about from the external network, when they're going through the ISA Firewall?

Thanks!
Tom




FrancWest -> RE: Cannot publish OMA, EAS and OWA with only one listener (24.Sep.2006 4:59:23 PM)

Hi Tom,

that's really the problem we are currently facing. As soon as we use one listener for Activesync, OMA and have FBA enabled on the ISA 2006 server, the issue occurs that's mentioned in this thread (unauthorized message and no FBA screen on Windows CE, but a FBA screen on Nokia E70 and normal desktops). When disabling the FBA on the isa server and passing through authentication to the exchange server itself then everything works. But that's not what we want, since we need ISA to authenticate on behalf of the exchange server.

Franc.




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (24.Sep.2006 5:21:01 PM)

Hi Franc,

Is the User Agent field in the ISA Firewall's firewall log files showing "Windows CE" or something else?

Tom




FrancWest -> RE: Cannot publish OMA, EAS and OWA with only one listener (24.Sep.2006 5:23:11 PM)

Hi Tom,

see my post earlier in this thread, where you asked me to lookup the user agent string.

Yes, it shows Windows CE.

Franc.




tshinder -> RE: Cannot publish OMA, EAS and OWA with only one listener (26.Sep.2006 1:33:51 PM)

Hi Franc,

Then I'm stuck -- time for PSS call.

Tom




Page: [1] 2   next >   >>