My scenario: ISA Server and Exchange Server. Two certificates generated with our CA. Both generated with public FQDN Common Name mail.isasucks.com. One for Internal OWA Access and one for External OWA Access. From internal OWA works because of the split DNS, but from external I get a 403 forbidden error (12202) after OWA logon screen. Form based authentication is disabled on Exchange Server.
ISA Monitoring shows first:
Log type: Web Proxy (Reverse) Status: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator. Rule: Source: ( 10.10.0.10:0) Destination: ( 10.10.0.10:443) Request: POST http://mail.isasucks.com/CookieAuth.dll?Logon Filter information: Req ID: 086b2bc2 Protocol: https User: anonymous
then second:
Log type: Web Proxy (Reverse) Status: 12202 The ISA Server denied the specified Uniform Resource Locator (URL). Rule: Default rule Source: Branch Office ( 10.10.30.100:0) Destination: ( 10.10.10.100:443) Request: GET http://mail.isasucks.com/ Filter information: Req ID: 086b2bc4 Protocol: https User: isasucks.local\kambu
ISABPA show this error both certification (Internal and External):
The name of the certificate attached to the External OWA Access Web publishing rule does not match the public name. The certificate was issued to mail.isasucks.com, and the set of public names is Not Found.
I have googled all net, tried all step-by-step guide and "solution" but none helped. Please give me a real solution. Thank You!
< Message edited by yesname -- 14.May2009 11:22:58 AM >
"The name of the certificate attached to the External OWA Access Web publishing rule does not match the public name. The certificate was issued to mail.isasucks.com, and the set of public names is Not Found. "
Both certificate (internal and external) issued to mail.isasucks.com and CNs are the same. Public (external) FQDN the same. On the Public Name tab of Web publishing rule the name is the same again. And it does not work. I tried to issue new certifications, reconfiguring rules and all things. Tried so much step-by-step guide and everytime I get this error.
Please read again my post No. 3 and please forgot that FQDN. As i said I forgot to rewrite that FQDN to mail.isasucks.com <- not the real. Please edit your comments and delete that domain. Thanks!
Yes I know, as I said this is not real. Now I found the source of my problem. Mybe the link translation or something. Internal network I can access with mail.isasucks.com, but from external works only with mail.isasucks.com/exchange! Why?
Found the solution. Because it is worked with only the https://mail.isasucks.com from internal network I did not try the https://mail.isasucks.com/exchange from external network. Now I tried it and it worked. I forgot to set the path to /* only and set the link translation to work with https://mail.isasucks.com from external networks. Now changed mail.isasucks.com to mail.ISuck.com :)
< Message edited by yesname -- 15.May2009 1:58:47 AM >
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> 403 forbieen (12202) after logon OWA 
403 forbieen (12202) after logon OWA - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread