• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publishing OWA with Web Chained Proxy

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Publishing OWA with Web Chained Proxy Page: [1]
Login
Message << Older Topic   Newer Topic >>
Publishing OWA with Web Chained Proxy - 1.Dec.2008 6:06:04 AM   
WingIT

 

Posts: 8
Joined: 13.Nov.2008
Status: offline
Hi,

I have set up publishing of OWA to the point where I can see the logon page and put in login details.
However, we use webchaining to an external proxy and once login has been clicked the page waits a while and comes back with a page from the external proxy which says: (actual IPs and identifying entries changed by me in this post)
============================================
This page has been blocked by your Proventia Web Filter ...

...because it belongs to the categories:
PRoxies
and is matching the following rules:
OUR_RULE
Details:
Request: 26:11:2008:14:21:49,750
IP: (OUR ROUTER EXTERNAL IP)
User:
URL: OUR OWA EXCHANGE URL
URL Categories: Anonymous Proxies
======================================
If I look in the ISA logs for our OWA rule I get
======================================


Failed Connection Attempt OUR-ISA 1/12/2008 10:07:55
Log type: Web Proxy (Reverse)
Status: 10061 No connection could be made because the target machine actively refused it. 
Rule: OUR OWA PUB
Source: External (EXTERNAL CLIENT IP)
Destination: - (WEB CHAINED PROXY IP on PORT 8080)
Request: GET OUR OWA EXCHANGE URL 
Filter information: Req ID: 0b097af6; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=public, user activity=yes
Protocol: https
User: CLIENT LOGIN CREDS
Additional information
Client agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Object source: Upstream (Object was returned from an upstream proxy cache.)
Cache info: 0x0
Processing time: 66516 ms
MIME type: -

and also followed by this log too:





Allowed Connection
OUR-ISA 01/12/2008 10:10:03

Log type: Web Proxy (Reverse)

Status: 503 Service Unavailable

Rule: OUR OWA PUB

Source: External (CLIENT IP)

Destination: - (WEB CHAINED PROXY IP PORT:8080)

Request: GET OUR OWA EXCHANGE URL

Filter information: Req ID: 0b124c87; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=private, user activity=yes

Protocol: https

User: CLIENT CREDS



Additional information

Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0...
Object source: Upstream (Object was returned from an upstream proxy cache.)
Cache info: 0x41840000 (Response includes the CACHE-CONTROL: NO-CACHE or PRAGMA: NO-CACHE header. Response includes the LAST-MODIFIED header. Response includes the EXPIRES header. Response should not be cached.)
Processing time: 93297 ms
MIME type: -
=====================================================
I spoke to the ISP who provide our external Proxy which we wechain to, and they seem to think it is to do with our ISA using the external proxy which effectively sends the OWA response back to the external client via that proxy, generating the web filter page.
If I make the OWA server an exception in the WebChaining Rule the OWA server can no longer reach the internet as it has the ISA server internal IP as it's gateway.
Can anyone give me pointers on getting the OWA working without the interference of the Proventia External Web Proxy?
Our normnal exchange mail goes through ISA no problem.
If you need more information let me know and I'll do my best to provide it.

Regards

WingIT
Post #: 1
RE: Publishing OWA with Web Chained Proxy - 1.Dec.2008 7:52:47 AM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Hi,

How many NICs you have in your ISA Server? Why do you have the internal IP as your ISA Server's gateway? Hows the ISP's web proxy setup?

I am not sure about the web filter you are using because i havent worked on Proventia Web Filter before.

I have made a test setup at my end as below and tested

Internal ==> ISA Server ==> ISP Proxy Server ==> Internet

I hope i am correct in my setup as per what you have there in your environment...

1. I created a web chaining rule from my downstream ISA to my ISP Proxy Server
2. Since, i dont have any other proxy server so i used the ISA server to act as a upstream ISA. On the upstream proxy server i have done server publishing for the downstream ISA Server to route the traffic. In your case i am not sure how you are forwarding the requests to the downstream ISA Server. But make sure your request for https://mail.yourdomain.com goes to the downstream ISA server.
3. Created OWA publishing rule on downstream ISA
4. Make sure you have same Root certificates on your proxy server which you are using for OWA publishing on downstream ISA server
5. Your ISA Server's external Gateway should point to either your upstream proxy server or your external router

During my setup and working on this scenario i learnt that web chaining will be used by the downstream ISA to send internet requests from internal to external network. When someone from external network accesses your OWA it actually/should point(s) directly to the External Interface of your downstream ISA sever. One more thing which is important is that the Name Resolution. Your ISA server should be able to resolve the public name which your are using in your web listner either through internal/DMZ DNS or through Host file.

Traces on ISA Server will help you understand what exactly the problem is.

< Message edited by inderjeet -- 1.Dec.2008 11:12:46 AM >


_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to WingIT)
Post #: 2
RE: Publishing OWA with Web Chained Proxy - 5.Dec.2008 6:18:27 AM   
WingIT

 

Posts: 8
Joined: 13.Nov.2008
Status: offline
Hi,

It's ok. I sorted it. DNS issue meant OWA traffic was going back out via the external proxy to the external OWA client.
I also fell victim to having FBA enabled on Exchange Virtual Server and in ISA publishing rule. Once I unchecked it on EVS then all worked.

Cheers for your help anyway.

Kind regards

Wing IT

(in reply to inderjeet)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Publishing OWA with Web Chained Proxy Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts