• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Trying to publish Exchange 2003 with ISA 2006

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Trying to publish Exchange 2003 with ISA 2006 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Trying to publish Exchange 2003 with ISA 2006 - 19.Aug.2008 8:18:12 AM   
FCP

 

Posts: 4
Joined: 19.Aug.2008
Status: offline
Hi everyone. I have read various documents on this subject I have found that many contradict each other. I am try to publish OWA via an internal ISA 2006 server.

I have an Exchange 2003 server in our domain with mailboxes accessed via Outlook on the local network. I have also setup OWA and this is working locally for those that VPN on to our network.

I have an ISA 2006 server that sits on our local network though it is not part of the domain. This is currently used as a proxy server for a number of remote users that access one or two external sites. I want to use this to publish OWA using this server.

Both these servers sit behind a Checkpoint FW1 cluster. I have not changed any rules for these server servers yet as I want to get things working internally before I start opening external ports.

I have produced a certificate on the Exchange server using the name webmail.<domain>.co.uk. I have then exported this certificate before importing it onto the ISA server. I have also added a static entry into our DNS for webmail pointing to the Exchange serverís internal ip address.

What I would like to do is let our users access their mailboxes via the Internet. I have had OWA working using http and https but I cannot get anything working via the ISA server.

What authentication should be set on the Exchange servers default web site, integrated and basic? I am happy for remote VPN users to access their email using HTTP via OWA but I obviously want remote users coming in from the internet to use HTTPS.

Just to test access I have added the ip of the ISA server to my proxy settings in IE. I get the following when I try and access OWA via the URL

Network Access Message: The page cannot be displayed

And

Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)

Any guidance getting this working would be much appreciated.

Phill
Post #: 1
RE: Trying to publish Exchange 2003 with ISA 2006 - 19.Aug.2008 8:40:14 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Phil,

Check out my articles on publishing OWA. They are accurate an correct and use principles and procedures that have stood the test of time.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FCP)
Post #: 2
RE: Trying to publish Exchange 2003 with ISA 2006 - 19.Aug.2008 9:34:32 AM   
FCP

 

Posts: 4
Joined: 19.Aug.2008
Status: offline
Hi Tom, thanks for the reply. I have changed all the virtual directories to 'basic' but then it requires me to restart IIS services. I have 200 people accessing this box on the LAN using Outlook, will they lose connection during the time the IIS services are restarted?

Thanks

Phill

(in reply to tshinder)
Post #: 3
RE: Trying to publish Exchange 2003 with ISA 2006 - 20.Aug.2008 4:57:00 AM   
FCP

 

Posts: 4
Joined: 19.Aug.2008
Status: offline
In your first article it says to set authentication on the three web folders to 'basic' but then your second article talks about 'SSL bridging'.

I would like to leave 'integrated' ticked as VPN uses can connect without haveing to authenticate manually.

Has anyone seen this error before?

Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)

(in reply to tshinder)
Post #: 4
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 4:16:53 AM   
VirtualJames

 

Posts: 8
Joined: 19.Aug.2008
Status: offline
I've had that same message.  That's the probem I have when attempting to access OWA from outside of sat at the ISA server.

I'm waiting to hear back regarding creating a Virtual IP and configuring a separate listener with different authentication methos than the current that also support Sharepoint logon.

(in reply to FCP)
Post #: 5
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 8:36:27 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: FCP

Hi Tom, thanks for the reply. I have changed all the virtual directories to 'basic' but then it requires me to restart IIS services. I have 200 people accessing this box on the LAN using Outlook, will they lose connection during the time the IIS services are restarted?

Thanks

Phill


MAPI clients won't be disconnected if you restart the Web services.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FCP)
Post #: 6
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 8:37:24 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: FCP

In your first article it says to set authentication on the three web folders to 'basic' but then your second article talks about 'SSL bridging'.

I would like to leave 'integrated' ticked as VPN uses can connect without haveing to authenticate manually.

Has anyone seen this error before?

Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)


Not sure what basic versus integrated has to do with SSL bridging or VPN. The point of using OWA is to avoid VPN connections for users who only need email.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FCP)
Post #: 7
RE: Trying to publish Exchange 2003 with ISA 2006 - 21.Aug.2008 8:39:15 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: VirtualJames

I've had that same message.  That's the probem I have when attempting to access OWA from outside of sat at the ISA server.

I'm waiting to hear back regarding creating a Virtual IP and configuring a separate listener with different authentication methos than the current that also support Sharepoint logon.


You don't need a virtual IP address, you can just add a second IP address to the external interface of the Firewall.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to VirtualJames)
Post #: 8
RE: Trying to publish Exchange 2003 with ISA 2006 - 27.Aug.2008 6:23:43 AM   
FCP

 

Posts: 4
Joined: 19.Aug.2008
Status: offline
I am still getting this problem. Even if I try publishing OWA using the site publisher I still get the same problem.

Could my problem be anything to do with the fact that the ISA server is connected to our internal network with a single network card, with an IP address on the same subnet as the Exchange server?

(in reply to tshinder)
Post #: 9
RE: Trying to publish Exchange 2003 with ISA 2006 - 28.Aug.2008 8:48:38 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Perhaps. Hork Mode (single NIC) configurations aren't a good security solution. Install in full firewall mode and repeat the configuration.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to FCP)
Post #: 10
RE: Trying to publish Exchange 2003 with ISA 2006 - 28.Aug.2008 5:44:05 PM   
mylo

 

Posts: 144
Joined: 26.Mar.2002
Status: offline
Haha... Tom... that's the most "moderated" response I've seen from you with regards hork mode ;-)

Phill... stick another NIC in the ISA server if you can and join it to the domain.. I realise this may be a big ask particularly if you're sitting in the middle of a data centre DMZ but you'll save yourself a lot of heartache with the configuration. Lock down the external facing NIC, run the security configuration wizard etc and follow best practises.

Regards,
Mylo

(in reply to tshinder)
Post #: 11
RE: Trying to publish Exchange 2003 with ISA 2006 - 2.Sep.2008 9:17:04 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mylo,



Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mylo)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Trying to publish Exchange 2003 with ISA 2006 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts