Honestly this is driving me mad. For some reason I cannot get this working. I have a single MS Exchange 2003 Ent install with its SSL Certificate. I'm using ISA 2006 Ent. also. I followed Many Tutorials Including the ones on this site.
Letís review my configuration.
I Enroll a Certificate with its FQDN for my domain (webmail.lapuja.com) is issued by my private CA and its installed. Using SSL is not a problem everything works well. On my System Management I have chosen to use Form Based Authorization.
On my ISA Server
I have installed the same certificate from Exchange as explain on many tutorials. On the Web Listener when I chose the certificate it tells me the certificate is OK.
I made the Exchange Web Client Rule Filled up the fields.
I get the login Screen from an external accessing my OWA, I enter a User and Password and it doesn't pull up the email account it just stays sending packets and I get this error.
Error Code: 500 Internal Server Error. The number of HTTP Request per minute exceeded the configured limit. Contact the server administrator (12219)
A port from SSL I tried publishing OWA without it and i got the following error:
Error Code: 403 Forbidden. The server denied the specified uniform recourse locator(URL). Contac the Server Administrator. (12202).
Honestly I don't know what is going on. I found on another Tutorial to chose Basic Authorization when using SSL. When i test the Published rule i get en error on http://webmail.lapuja.com/exchange/ URL saying this:
Testing URL https://webmail.lapuja.com:443/Exchange/ Category: General error Error details: The authentication delegation method defined in the rule does not match the authentication method selected for the published directory on the server hosting the site. Publishing rule authentication delegation method: Basic. Published server authentication methods: Forms-Based Authentication. Action: You can change the authentication method on the published server or select "No delegation, but client may authenticate directly" in the Authentication Delegation tab of the publishing rule.
I even changed the Authentication Delegation from Basic Authentication to No Delegation, But Client may Authenticate Directly.
None of this seems to work, like I said before I get form base authentication but I can't pull up the Mailbox Account.
Technically, yes, you should be able to do that. You can just publish your OWA server as a plain web server and don't do any authentication on ISA. However, you'll find several articles on these forums about losing most of the benefits of up front authentication by ISA if you go that route.