Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion about article on publishing OWA and RPC/HTTP
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 3:10:10 AM
|
|
|
docxp
Posts: 4
Joined: 5.Dec.2006
Status: offline
|
quote:
Hi Marius,
Make sure the client is seutp correctly too. The CA certificate on the client is often forgotten.
HTH,
Tom
Certificate on client is ok. I imported the ROOT CA. When I open OWA I don't get any warnings.
From internal networks RPC/HTTPS works ok, but not from External. I use the same address to connect to RPC/HTTPS from internal and external (I use split DNS). It seems that when I pass through ISA 2004 there is a problem (https://ADDRESS/rpc/rpcproxy.dll), and I get the:
Technical Information (for support personnel)
Error Code 64: Host not available
Background: The connection to the Web server was lost.
_____________________________
Regards,
Marius.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 3:32:27 AM
|
|
|
ErikBo
Posts: 16
Joined: 25.Oct.2006
From: Søborg, Denmark, Europe
Status: offline
|
Howdy Tom,
Thanx for sharing.
Two short questions:
- What will the implications if the Exchange Server runs on the DC be?
- Why are you using LDAP when you could use Windows auth?
_____________________________
Best regards
Erik Bo Sørensen
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 8:53:12 AM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: docxp
quote:
Hi Marius,
Make sure the client is seutp correctly too. The CA certificate on the client is often forgotten.
HTH,
Tom
Certificate on client is ok. I imported the ROOT CA. When I open OWA I don't get any warnings.
From internal networks RPC/HTTPS works ok, but not from External. I use the same address to connect to RPC/HTTPS from internal and external (I use split DNS). It seems that when I pass through ISA 2004 there is a problem (https://ADDRESS/rpc/rpcproxy.dll), and I get the:
Technical Information (for support personnel)
Error Code 64: Host not available
Background: The connection to the Web server was lost.
Hi Marius,
What is the EXACT information contained on the Public Name and TO tabs?
Thanks!
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 8:54:53 AM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: ErikBo
Howdy Tom,
Thanx for sharing.
Two short questions:
- What will the implications if the Exchange Server runs on the DC be?
- Why are you using LDAP when you could use Windows auth?
1. None that I know of, but I'm not an Exchange Server MVP, so there may be Exchange issues, but the ISA Firewall itself doesn't care
2. LDAP authentication is a new feature in ISA 2006, so I thought I'd let people know about it. Windows integrated auth with the ISA Firewall being a domain member is always the superior security and functionality decision
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 9:30:03 AM
|
|
|
docxp
Posts: 4
Joined: 5.Dec.2006
Status: offline
|
quote:
Hi Marius,
What is the EXACT information contained on the Public Name and TO tabs?
Thanks!
Tom
Hi,
let's say that the public name is mail.domain.com.
- so, at the TO tab I have mail.domain.com (configured to point to the internal exchange server, tested from the ISA browser works ok, https://mail.domain.com/rpc/rpcproxy.dll opens a blank page, witch is ok)
- traffic tab: HTTPS
- listener: only HTTPS, Basic Auth, certificate name is : mail domain.com, Domain for Authentication: internaldomain.LOCAL
- users tab: All, FW basic Auth
- Bridging: HTTPS only
- Paths; /rpc/* plus all othe exchange ones
- Public Name: mail.domain.com
On the IIS server I put the certificate mail.domain.com, the same certificate as on the ISA Listener (I exported it from IIS and Imported on the ISA computer personal cerificate store)
RPCoverHTTPS works ok from Internal network, the https://mail.domain.com/rpc/rpcproxy.dll opens a blank page, so it seems that something happends on the ISA.
Should I upgrade to ISA 2006, maybe it could be easyer to troubleshoot?
What kind of tools can I use to troubleshoot this ISA/RPCoverHTTPS issue?
Thank you very much for your help,
_____________________________
Regards,
Marius.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 10:02:01 AM
|
|
|
wingchan12
Posts: 3
Joined: 5.Dec.2006
Status: offline
|
Referring to your Step 2 section on Install Web Site Certificate on the Exchange Server, step 16, enforce secure SSL connections to the Web site:
1. How to enforce SSL connections, is it from Secure Communications, click Edit and set Require secure communications (SSL) checkbox
2. Do we enforce SSL connections on the web site or through each individual Virtual Directory ie. /Exchange, /RPC, /OMA etc
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 10:04:00 AM
|
|
|
docxp
Posts: 4
Joined: 5.Dec.2006
Status: offline
|
quote:
Did you configure the permissions on the /rpc directory as outlined in the article?
Tom
I only modified at the Directory Security\ Authentication and Access control:
There is only Basic Authentication and the Default domain configured to internaldomain.LOCAL
_____________________________
Regards,
Marius.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 10:17:24 AM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
Hi Tom,
What permissions are you talking about here? I followed the steps outlined in the article, but it seems to me I'm missing something here...
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 8.Dec.2006 10:35:11 AM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
Don't mind my last question, because finally I got it working. I was looking over my settings from the beginning and found out I made a mistake in the registry setting for the RPCProxy...
Thanks for all your help...
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 10.Dec.2006 3:08:48 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
In some cases I've found that the /rpc directory permissions aren't set correctly. You need to remove the anonymous permission and configure for Basic authentication.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 10.Dec.2006 3:10:19 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: wingchan12
Referring to your Step 2 section on Install Web Site Certificate on the Exchange Server, step 16, enforce secure SSL connections to the Web site:
1. How to enforce SSL connections, is it from Secure Communications, click Edit and set Require secure communications (SSL) checkbox
2. Do we enforce SSL connections on the web site or through each individual Virtual Directory ie. /Exchange, /RPC, /OMA etc
That's actually an optional step, but you can configure it on a per directory basis.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 11.Dec.2006 3:30:30 PM
|
|
|
strongbad
Posts: 13
Joined: 11.Jan.2005
Status: offline
|
Doc, thanks for your help above. OWA is working like a charm! Your tutorial was excellent. When I get the phones in I will try the Activesync component.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 12.Dec.2006 8:22:50 PM
|
|
|
dila125
Posts: 19
Joined: 24.Sep.2004
Status: offline
|
Followed the 5 part guide after upgrading to ISA 2006. Only difference with our configuaration is that we have exchange on the DC, and the ISA server is on the domain and is using windows authentication instead of LDAP. We're also using a commercial web certificate.
OWA is still working great (as it was with ISA 2004) but I've still had no sucess get RPC/HTTP to work.
When trying to connect in Outlook 2003, I get the basic authentication window but a long timeout and then an error. Looking at the ISA server monitor I see at the same time a whole load of requests on port 135 are denied.
Do I also need to add an access rule to allow inbound/outbound access on port 135 for all users?
< Message edited by dila125 -- 14.Dec.2006 5:33:52 AM >
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 14.Dec.2006 5:35:02 AM
|
|
|
dila125
Posts: 19
Joined: 24.Sep.2004
Status: offline
|
When following this guide, should ports 6001, 6002 & 6004 be open on our DSL router?
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 12.May2008 9:39:43 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
Hi Tom,
Redirection of http to https not working
and
I am not able to use OWA, for some reason my access is getting denied. How should I trouble shoot? I am using LDAP for authentication.
I think there is something wrong with the communication between ISA (not a domain member) and DC.
< Message edited by bhavin78 -- 12.May2008 9:49:50 PM >
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 14.May2008 11:59:37 AM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: dila125
When following this guide, should ports 6001, 6002 & 6004 be open on our DSL router?
No, only 443 needs to be forwarded from the NAT device to the external interface of the ISA Firewall.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 14.May2008 12:00:35 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: bhavin78
Hi Tom,
Redirection of http to https not working
and
I am not able to use OWA, for some reason my access is getting denied. How should I trouble shoot? I am using LDAP for authentication.
I think there is something wrong with the communication between ISA (not a domain member) and DC.
Check the Event Viewer for LDAP communication errors.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
