I've published OWA through ISA, it seems to work. However with some exceptions. Using IE 7 I can log into OWA, then I can see folders, list of mails in them. What I don't see is mail body, neither in main view nor when I open message in new window. Also I don't see status images near the message subject in list of mails. Also I can't create new message.
Using Firefox I can view messages, however I still can't create and send a new one.
What could be a source of the problem? And how to solve it?
I checked it on three machines, problem occured on everyone. But during tests I found something more:
On IIS on Exchange there are three sites defined: 1. Default Web Site - the web site created during Exchange installation, it has only basic authentication enabled, it's ports are changed to 8080 and 8443 2. OWA local - web site created through Exchange System Manager, it has anonymous set in IIS and enabled FBA in System Manager, it's working on ports 81 and 443 3. OWA redirect - web site created in IIS, it's working on 80 port, and it just redirects all request incoming to port 80 to port 443.
Such configuration is required because: - external access to OWA is required - of course we would like to authenticate users on ISA and only on it, and we would like to use FBA - also internal access to OWA is required - also FBA should be used
So on ISA in my rule I've set redirection for all communication incoming to ISA on port 443 to port 8443 on Exchange. And basically it works - I can connect to OWA from external. But as I found when I try to view e.g. list of mails in Inbox in status bar of IE I can see that IE tries to download some content from https://client.pl:8443 address. Which of course fails from external network.
Just for testing I switched the ports on which web sites are listening on Exchange and made Default Web Site listening on 443 instead of 8443, then I changed my ISA rule to redirect request to 443 not to 8443. And everything worked OK.
However it's not acceptable solution so is there anything what can be done on ISA to make it not answering to clients with information that some data (e.g. images) should be downloaded from https://client.pl:8443?
Also I have found in ISA logs entries with status message "207 The ring 2 stack is in use", what it could be about?
But how to achive access to OWA through FBA from external and internal networks? If there is only one Exchange server, customers doesn't want access OWA through ISA external IP from internal and external users are to be authorized on ISA and only ISA?