I have strange problem here, We are using windows 2003 / Exchange 2007/ ISA 2006 with latest patches.
We have total 4 exchange servers 0wa/owa2/owa3/owa4 for four data centers
We have published owa on isa 2006 and it is working fine from outside as well as internally within one data center owa4
It is also working fine from remote site which is different from Head office network/domain. It is connected thru l2tp vpn thru isa
My problem is that it is not working from other data center location which is part of one domain connected thru l2tp vpn thru isa. other data centers owa/owa2/owa3 are not able to access owa4 using owa4 address.But other data center and interconnection are working also owa4 is able to access other owa sites. country server connected to owa4 network thru l2tp vpn and part of same domain are not able to access owa4. ISA log does not block anything, it is simply giving closed connection. Site is not part of domain but same l2tp vpn is working
No we can not see any alerts regarding network overlaps.
It is working fine on following scenarios.
Ourdomain : Testdomain
1) Within internal network of owa4 : Domain Testdomain 2) Externally but outside testdomain network, it can be standalone machine or anyother domain network
It is not working from other network of owa3/owa2/owa. All have common domain testdomain
I can not see any denied connection on logs. I can see initiated connection entries and closed connection entries for the same client ips. So i am not able to figure out what is causing problem.
After installing this please run the ISA Data Packager from the Start, Programs, ISA Server, ISA Tools menu Select the 'Collect data from one of the following repro scenarios' radio button and select the 'Basic Repro and Static Configuration' option, select 'Next' and then 'Start Data Collection'.
When the ISA Data Packager has initialized the various data captures you will be asked to press the Spacebar to start capturing data. This is going to capture a number of data outputs from a repro of the issue (Network traces, ISA tracing output, ISA logs) so before running this and pressing the spacebar please get set-up to repro the issue.
When you are ready to repro the issue press the spacebar, repro the issue and then press the spacebar again to stop the captures. If you can try to keep this the time you are capturing quite short that will help our analysis of the data. The BPA will also gather config data from the ISA server that will help us understand your set-up and will output all the data captures to a file on the desktop called isapackage.cab.
Do you want me to install both network monitoring tool 3.2 and ISA BPA on ISA server. I'll send you the capture asap.
Also one more thing i noticed. From owa/owa2/owa3 sites we are not able to load owa4 from the client computers, however we are able to load owa4 from isa server of owa/owa2/owa3 sites. The only difference is DNS. ISA server is using public DNS and Client computer is using internal DNS.
If i understood correctly then your Datacenters are interconnected using L2TP Site-to-site VPN using ISA. If that's the scenario then the users should be able to access the resources usign their internal DNS names. Considering, your DNS Infrastruture is setup properly.
Do you want users to open OWA using the public name or the private name? How are your clients configured?
If they are configured as SecureNAT (gateway as their respective ISA's IP) then your local DNS should resolve names for them. Your local DNS should be able to forward requests to the ISP DNS. If your using FWC or Web proxy clients (IE set to direct requests to ISA) then you will need ISA to resolve it.
Since your ISA is able to resolve the OWA4 address being on public network, Try configuring your test client machine at OWA/OWA2/OWA3 sites as web proxy client
Yes you are right. It is connected thru l2tp vpn. We are able to load using internal server name. It is working fine. however we have configured outlook anywhere with owa4.test.com
We have situation where one data center visitor visiting other data center, so he needs to use owa4 with public name. we have current workaround to use internal name, but outlook anywhere may not work with owa4.
Yes we are using ISA server as gateway. With/without DNS forwarder we still face the issue, we are able to resolve the dns name to local from the client and to public from ISA server.
How do i use owa/owa2 /owa3 as webproxy client, I am not clear with this point
Eg. Khobar owa4 is connected Bahrain country server. Bahrain users are connecting to owa4 from khobar thru l2tp vpn. all conections are working except owa4 webpage. It is working with active sync, Outlook anywhere.but owa4 webpage is not loading. It is giving DNS error
Khobar ISA log is showing denied connection with blank rule for https . I saw your posting on curstom http filter. can you elaporate this point please
Ah, i dint realize that you posted the same entry under different catagory as well. I said custom HTTP because there you were not clera if your were accessing the OWA4 webpage internally or externally.... It is seen a bug in ISA when you have a web proxy filer enabled on HTTP then you aren't able to open HTTP/HTTPs webpages over Site-to-Site VPN. For making it work the recommended best practice is to remove the web proxy filter by making a new protocol... If that question is in reference to the same issue then forget it, it's not applicable to your problem, because you are accessing it public not over Site-to Site VPN
Did you generate the logs which i mentioned? Are you able to open OWA4 from internet, i mean not sitting in any other data center but somewhere outside like your home or cafe? When sitting in other Datacenters what IP are you able to resolve the OWA4 website?
Yes owa4 is working from outside. eg home or internet cafe.
OWA4 Working environment
Inside abcgroup.local(domain) network
L2tp VPN connected to other site network .Eg. domain - sakfs.local
Externally using any internet connection
active sync is working with owa4 on any setup
outlookanywhere is also working
OWA4 not working environement
l2tp VPN connected to other country /data center to same domain as abcgroup.local Note : i'll generate the log today or tmrw and send it , i was waiting for Group IT manage approval,
From other data center client we are able to resolve internal ip of owa4 which is isa server. and from isa server it is resolving to external ip of owa4 or isa server
From other data center client we are able to resolve internal ip of owa4 which is isa server. and from isa server it is resolving to external ip of owa4 or isa server
Sorry but i couldn't understand this. Can you be more specific? What IPs do you get for OWA/OWA2/OWA3 from OWA4 site when you try to resolve?
When we try from client machine it resolves to local ip of respecitve isa server, when we try from isa server it resolves to public ip of isa server. as ISA external uses ISP dns.
Eg. owa4
ISA ext - 212.10.170.39 - same public ip is registered from owa4 ISA int : 192.161.32.127
Have you published the OWA4 for internally as well through ISA? Should the users go to OWA4 internally?
OWA should be internally resolved to the OWA4 server and not to the internal IP of the ISA Server if you are not using the ISA publishing internally....
1. Install Network Monitor on the client machine from where you are testing it 2. Install Network Monitor on the concerned ISA Server 3. Install the below ISABPA tool on the ISA 4. Run netmon on client and ISABPA samultaneously when doing the test
After installing this please run the ISA Data Packager from the Start, Programs, ISA Server, ISA Tools menuSelect the ‘Collect data from one of the following repro scenarios’ radio button and select the ‘Basic Repro and Static Configuration’ option, select ‘Next’ and then ‘Start Data Collection’.
When the ISA Data Packager has initialized the various data captures you will be asked to press the Spacebar to start capturing data. This is going to capture a number of data outputs from a repro of the issue (Network traces, ISA tracing output, ISA logs) so before running this and pressing the spacebar please get set-up to repro the issue.
When you are ready to repro the issue press the spacebar, repro the issue and then press the spacebar again to stop the captures. If you can try to keep this the time you are capturing quite short that will help our analysis of the data.
The BPA will also gather config data from the ISA server that will help us understand your set-up and will output all the data captures to a file on the desktop called isapackage.cab.
Send the isapackage.cab file to isaissues@yahoo.com if it's more than 5MB then upload it on megashare.com or rapidshare.com and send me the link
Actually i am not allowed to install any software on ISA as i need to take too many approval from my corporate due to security reasons, however i can install software on my client machine.
Is there anything we can do with the help of client tool, or if you want i can send isa log file. Does it help?
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> owa page not loading from vpn network 
owa page not loading from vpn network - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread