• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Login to ISA2006 not OWA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Login to ISA2006 not OWA Page: [1]
Login
Message << Older Topic   Newer Topic >>
Login to ISA2006 not OWA - 8.Feb.2008 5:19:19 PM   
kstephens

 

Posts: 7
Joined: 23.Aug.2006
Status: offline
In Exchange 2007 owa, it is setup for https://email.company.com/owa for both internal and external.

When I enter https://email.company.com/owa either internally or externally it brings up a login box for ISA 2006, NOT OWA.  If I use https://ipaddress/owa (internally) the OWA login appears. The SSL certificate on the listener is a public CA issued and is also defined on the Exchange server in IIS.

I can't find what is causing this.

I have followed this:
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part6.html  and 
http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx with no luck.
Any suggestions ??
Thanks,
Ken
Post #: 1
RE: Login to ISA2006 not OWA - 15.Feb.2008 10:50:17 AM   
charlieit

 

Posts: 108
Joined: 19.Aug.2004
From: US
Status: offline
Just a suggestion:  You may want to lookup (on this site) how to setup "Split DNS".

Hope that helps!

Charlie

(in reply to kstephens)
Post #: 2
RE: Login to ISA2006 not OWA - 26.Feb.2008 9:38:30 PM   
dale.hardin@enpro.us

 

Posts: 2
Joined: 26.Feb.2008
Status: offline
I have basically the same problem.  I have two CAS servers that are published to the Internet via two different ISA 2006 servers.  On one, I get the "Office Outlook Web Access" form, and on the other I get the "Internet Security & Acceleration Server 2006" form.  Both ISA servers are at the same patch level, and I published Exchange on both using the wizard.  I don't see any differences in the ISA servers.

I do see the following, however:


The only difference being the "formdir=1" vs. "formdir=3."  Does anyone know why this would redirect to the wrong form?  Again, I published with the wizard in both cases, and I have looked at the publishing rules in detail and don't see any differences.

(in reply to kstephens)
Post #: 3
RE: Login to ISA2006 not OWA - 26.Feb.2008 10:06:16 PM   
charlieit

 

Posts: 108
Joined: 19.Aug.2004
From: US
Status: offline
From my experience I can only say that there are two absolutely crucial/critical things to make or break using SSL and forms authentication with OWA : 

1.  A properly formatted and installed certificate.  EACH certificate MUST be setup for EXACTLY the address that people are going to enter to get to OWA either internally or externally.  Your publishing rule MUST reflect this.  For your situation you would need at least TWO totally separate certificates:  one for the first server and one for the next.  Each would be named  https://email1.company.com  https://email2.company.comIf you used the same certificate or have different ones but named them the same thing, I would guess that you would have the problem you are encountering.

2.  A properly implemented SPLIT DNS infrastructure.

I THOUGHT I knew certificates and split dns but I didn't.  I know it well enough now that I can install ISA and OWA at my company with confidence.  I'm not a complete security expert or a total ISA expert, but knowing the answers to these two concepts totally solved my problem. 

I hope that helps!

Charlie

(in reply to dale.hardin@enpro.us)
Post #: 4
RE: Login to ISA2006 not OWA - 27.Feb.2008 8:09:18 AM   
dale.hardin@enpro.us

 

Posts: 2
Joined: 26.Feb.2008
Status: offline
Maybe I'm crazy, but I don't see any way that DNS or SSL are involved in this.  For the record, though, both are correctly configured.  Each of my ISA servers publishes a different CAS server with a different external IP and hostname.  Both sites work perfectly except that one ISA server uses the wrong login form.

(in reply to charlieit)
Post #: 5
RE: Login to ISA2006 not OWA - 3.Mar.2008 9:31:37 AM   
Snowfresh

 

Posts: 31
Joined: 18.Feb.2005
Status: offline
did you disable form based authentication on both CAS servers?

(in reply to dale.hardin@enpro.us)
Post #: 6
RE: Login to ISA2006 not OWA - 13.Sep.2008 4:06:41 AM   
shekharsahab

 

Posts: 4
Joined: 4.Jan.2008
Status: offline
Try this

Under User tab on your ISA server , select All Users , instead of Authenticted User .


(in reply to Snowfresh)
Post #: 7
RE: Login to ISA2006 not OWA - 13.Sep.2008 6:11:34 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: dale.hardin@enpro.us

I have basically the same problem.  I have two CAS servers that are published to the Internet via two different ISA 2006 servers.  On one, I get the "Office Outlook Web Access" form, and on the other I get the "Internet Security & Acceleration Server 2006" form.  Both ISA servers are at the same patch level, and I published Exchange on both using the wizard.  I don't see any differences in the ISA servers.

I do see the following, however:


The only difference being the "formdir=1" vs. "formdir=3."  Does anyone know why this would redirect to the wrong form?  Again, I published with the wizard in both cases, and I have looked at the publishing rules in detail and don't see any differences.


It sounds to me like one ISA server is using the default ISA form and the other is using the Exchange form.

In addition to the actual publishing rule, you can define a custom form on the web listener. This settting will override the configuration on the actual publishing rule and is often missed first time around.

If you disable the custom form setting on the web listener, the custom form define on the pulishing rule will take over...

Cheers

JJ 

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to dale.hardin@enpro.us)
Post #: 8
RE: Login to ISA2006 not OWA - 13.Sep.2008 6:13:38 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: shekharsahab

Try this

Under User tab on your ISA server , select All Users , instead of Authenticted User .




NO!!!! - Not unless you want to completely lower your level of security by disabling ISA Server pre-authentication and allow anonymous access to your CAS servers!!!

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to shekharsahab)
Post #: 9
RE: Login to ISA2006 not OWA - 15.Sep.2010 8:11:08 PM   
spdracr713

 

Posts: 1
Joined: 15.Sep.2010
Status: offline
I'm having the same issue - not sure why but the rule is redirecting to formdir=3 instead of formdir=1. If i manually change the value, the correct form loads up.

(in reply to Jason Jones)
Post #: 10
RE: Login to ISA2006 not OWA - 20.Sep.2011 7:10:15 PM   
schmidlap

 

Posts: 13
Joined: 8.Jul.2010
Status: offline
Just a suggestion: You may want to lookup (on this site) how to setup "Split DNS".
Hope that helps!
Charlie

No, it doesn't help Charlie. First of all, he clearly stated that both internal and external users use the exact same URL to reach the site. Obviously split DNS has already been implemented. He didn't ask for help on setting up split DNS. Please don't litter the threads with posts that are completely unrelated to the question at hand.

Hope that helps,
Steve

(in reply to charlieit)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Login to ISA2006 not OWA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts