Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion about article on publishing OWA and RPC/HTTP
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about article on publishing OWA and RPC/... - 14.May2008 12:57:04 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
quote:
some reason my access is getting denied. How should I trouble shoot? I am using
I did a test for LDAP communication between ISA and DC and it worked. So, I dont think there is communnication errror but when I try to create a OWA users group and add users to that group from AD using LDAP it gives me error Specified user not found.
when I try to hit https://owa.bhavin.us/exchange
in the error logs it say trying to connect from Ext to Localhost HTTPS denied.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 15.May2008 6:19:43 AM
|
|
|
tshinder
Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
|
I get the log on page just fine.
Check your LDAP config again, or better, just join the ISA Firewall to the domain, since that's an ISA firewall best practice.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 15.May2008 4:18:52 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
Tom,
I have my production server on domain but I would like to try LDAP in my LAB Network.
What else can I check to find out what 's wrong? I tried LDP.exe from ISA to DC and it worked fine. I was able to make connection.
I also have LDAP port open from local host to DC.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 18.May2008 12:28:48 PM
|
|
|
tshinder
Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
|
When LDAP authentication is enabled, the System Policy is automatically configured to support the protocols required.
If you're using LDAPS, remember that you need to install the CA certificate of the CA that issued the server certificate on the DC.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 19.May2008 10:53:42 AM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
I am not using LDAPS. I also tried to re-configure LDAP settings but it is still not working.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 20.May2008 11:28:37 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
screen shot of LDAP configuration and error logs.
http://www.bhavin.us/doc1.htm
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 27.May2008 10:22:07 AM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
quote:
ORIGINAL: tshinder
Maybe a name resolution problem?
The Event Viewer is often helpful in these situations.
HTH,
Tom
what else could be wrong? did not find any thing in event viewer.
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 28.May2008 8:52:19 AM
|
|
|
tshinder
Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hard to say. I'd just join the ISA firewall to the domain and be done with it. Then you have time to play with LDAP configurations.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 12.Jun.2008 8:41:00 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
Now I am able to make ldap work and I added groups from AD to allow OWA to group of users ,but when I try to loginto OWA it fails. In the log I can see external host is trying to connect to localhost instead of exchange server.
http://www.bhavin.us/doc1.htm
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 15.Jun.2008 12:29:42 AM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
Hi Tom,
Finally I got it working. I restarted from scratch and I think I missed to copy cert to Trusted CA and did not disable FBA authentication on Exchage server.
Now the only problem is how do I configure ISA so that user dont have to enter domain name?
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 16.Jun.2008 10:34:57 AM
|
|
|
tshinder
Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
|
You can use the UPN, such as user@domain.com
Only Basic authentication works without a domain name, and in that case, you need to configure the default domain on the Web listener and the Exchange Server.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 16.Jun.2008 11:14:35 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
I have configured default domain on exchange server and I configured default domain on web listner Under Authentication/ Advance / Default name and it is working. Thanks
other question is when I try to launch OWA using https://owa.bhavin.us it takes me to ISA Server OWA page,
When I try https://owa.bhavin.us/exchange it takes me to MS Office outlook OWA page.
what it the reason,if I have to customize the OWA page I have to work on two different pages.
< Message edited by bhavin78 -- 17.Jun.2008 9:30:17 AM >
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 17.Jun.2008 7:39:34 AM
|
|
|
tshinder
Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
|
There must be different Web Listeners and different rules that are controlling access to the root of the Web site and the /exchange path.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 17.Jun.2008 7:34:28 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
According to your article, I need to remove Authenticated Users from OWA Redirect Policy but I get error when I try to do that (Weblistner selected for this rule requires authentication). I did not remove Authenticated Users but, I added All users and now it's working fine for both below URL.
https://owa.bhavin.us and Https://owa.bhavin.us/exchange
How can internal user hit OWA site direclty without loop back? (split DNS is not configured on our network)
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 18.Jun.2008 12:10:33 PM
|
|
|
tshinder
Posts: 47181
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Very good.
You'll need to do two things to support the internal users.
1. Create a split DNS entry on your internal DNS server to map owa.bhavin.us to the internal interface of the ISA Firewall
2. Configure the Web Listener on the rule to listen on the Internal interface IP address
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 18.Jun.2008 12:33:49 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
How do I, Create a split DNS entry on your internal DNS server to map owa.bhavin.us to the internal interface of the ISA Firewall?
Do I have to create Forward lookup zone name bhavin.us and create entry which points to internal NIC of ISA?
Thanks Tom
|
|
|
|
|
RE: Discussion about article on publishing OWA and RPC/... - 27.Jun.2008 2:18:33 PM
|
|
|
bhavin78
Posts: 428
Joined: 18.Jul.2005
From: USA
Status: offline
|
quote:
ORIGINAL: tshinder
Very good.
You'll need to do two things to support the internal users.
1. Create a split DNS entry on your internal DNS server to map owa.bhavin.us to the internal interface of the ISA Firewall
2. Configure the Web Listener on the rule to listen on the Internal interface IP address
HTH,
Tom
I have three weblistner (one for OWA, Website and Sharepoint). Each weblistner has uniqure Exp IP. Only only have one IP configured for Internal NIC, now how can I make this work?
only one listner can user my internal IP, what is the work around?
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
