• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of Publishing OWA 2003 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  1 [2] 3 4 5   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: Discussion of Publishing OWA 2003 article - 19.Jul.2003 11:45:00 PM   
TGPIS

 

Posts: 1
Joined: 19.Jul.2003
From: Edmonton
Status: offline
Hi All,

We're migrating from Novell to Microsoft, and have just implemented an ISA firewall. We're not in the position to use our IIS server yet, and still need to use our Novell Web Server. On our Novell web server, we have a customer login link that requires SSL. That's why we're here. This looks related to what we're trying to accomplish. Are we on the right path? We've installed the certificate on the ISA Box, following your detailed steps, but we are unable to bind to the listener. We receive the message:
"There are no certificates configured on this
server"

We apologize if we're in the wrong place, and perhaps you can tell us where to go (the right place)

Thanks in advance

TGPIS [Confused]

(in reply to tshinder)
Post #: 21
RE: Discussion of Publishing OWA 2003 article - 20.Jul.2003 12:08:00 AM   
brokenribgolfer

 

Posts: 12
Joined: 23.Feb.2002
Status: offline
Tom,

Thanks for the set of articles. Makes sense and works great! One question though: Is there any way to require the external OWA client have the certificate imported before even gaining access to the OWA site? It appears that this procedure protects the transmission of unencrypted data from the client through to the Exchange server (and back),,,, but it does not keep anyone from connecting and attempting to guess a valid username/password. I would prefer that an external client without a valid certificate installed simply receive an access error.

Am I wrong about this? (Always the most likely possibility)

Thanks again.

Mark

(in reply to tshinder)
Post #: 22
RE: Discussion of Publishing OWA 2003 article - 21.Jul.2003 2:19:00 AM   
SanMan

 

Posts: 50
Joined: 23.Feb.2001
From: ZA
Status: offline
Hi there,

When I redirect root to default.asp to
<% Response.Redirect "/exchweb/bin/auth" %>

I am able to login thereafter I get the following error when accessing owaauth.dll

Blank page with

Unspecified error

Any Ideas

SanMan

ps. normal redirect to /exchange works fine and without redirection problem persists.

(in reply to tshinder)
Post #: 23
RE: Discussion of Publishing OWA 2003 article - 21.Jul.2003 5:54:00 AM   
Nobbyness

 

Posts: 7
Joined: 21.Jul.2003
From: Tallahassee
Status: offline
quote:
Originally posted by tshinder:
Hi Rob,

I wasted a day this week trying to figure it out. I suspect the problem is that you need to hard code the RPC ports. I did get it to work with a Web Publishing rule with a /rpc* for the path along with the /exchange*, /public* and /exchweb* paths. The problem was that it was extraordinarily slow. It may have been a problem with my scenario, because I co-located the Exchange Server with a DC, and the docs say that you need to use a FE/BE config for it to work. I'll try that next week and report my finding for Exchange RPC over HTTP when I get a definitive finding.

Thanks!
Tom

Could you point me at the docs you're referring to? I've hunted all over (mainly the MS site), but all I've come up with relates to configuring the client side. Zilch on either Exchange 2003 or ISA on the subject of RPC over HTTP.

Thanks. Pat.

(in reply to tshinder)
Post #: 24
RE: Discussion of Publishing OWA 2003 article - 23.Jul.2003 6:25:00 AM   
SanMan

 

Posts: 50
Joined: 23.Feb.2001
From: ZA
Status: offline
Hi All,

Got some info on RPC over HTTP

Overview of an RPC/HTTP deployment
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/rpc_over_http_deployment_recommendations.asp



Remote Procedure Calls Using RPC over HTTP
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/remote_procedure_calls_using_rpc_over_http.asp



The Registry Keys
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/rpc/rpc/remote_procedure_calls_using_rpc_over_http.asp



Configuring Outlook 2003 for RPC over HTTP

http://www.microsoft.com/office/ork/xp/beta/three/ch8/OutC07.htm

I can get it working internal of ISA but externally it does not work.

HTH [Smile]
SanMan

(in reply to tshinder)
Post #: 25
RE: Discussion of Publishing OWA 2003 article - 23.Jul.2003 3:57:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by SanMan:
Hi All,

Got some info on RPC over HTTP

Overview of an RPC/HTTP deployment
http://msdn.microsoft.com/library/default.asp?url=/librar y/en-us/rpc/rpc/rpc_over_http_deployment_recommendations.asp



Remote Procedure Calls Using RPC over HTTP
http://msdn.microsoft.com/library/default.asp?url=/libr ary/en-us/rpc/rpc/remote_procedure_calls_using_rpc_over_http.asp



The Registry Keys
http://msdn.microsoft.com/library/default.asp?url=/libr ary/en-us/rpc/rpc/remote_procedure_calls_using_rpc_over_http.asp



Configuring Outlook 2003 for RPC over HTTP

http://www.microsoft.com/office/ork/xp/beta/three/ch8/OutC07.htm

I can get it working internal of ISA but externally it does not work.

HTH [Smile]
SanMan

Hi SanMan,

Those are interesting articles, too bad they don't help [Smile]

I can get it to work, and it even works with a single server, without a FE/BE config. However, its VERY SLOW.

I'll figure it out. I just need the right motivation [Big Grin]

Thanks!
Tom

(in reply to tshinder)
Post #: 26
RE: Discussion of Publishing OWA 2003 article - 23.Jul.2003 3:59:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by TGPIS:
Hi All,

We're migrating from Novell to Microsoft, and have just implemented an ISA firewall. We're not in the position to use our IIS server yet, and still need to use our Novell Web Server. On our Novell web server, we have a customer login link that requires SSL. That's why we're here. This looks related to what we're trying to accomplish. Are we on the right path? We've installed the certificate on the ISA Box, following your detailed steps, but we are unable to bind to the listener. We receive the message:
"There are no certificates configured on this
server"

We apologize if we're in the wrong place, and perhaps you can tell us where to go (the right place)

Thanks in advance

TGPIS [Confused]

Hi TGPIS,

The most likely reason is that the:

1. Certificate is not in the correct certificate store

2. The private key isn't included with the certificate

HTH,
Tom

(in reply to tshinder)
Post #: 27
RE: Discussion of Publishing OWA 2003 article - 23.Jul.2003 4:01:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by brokenribgolfer:
Tom,

Thanks for the set of articles. Makes sense and works great! One question though: Is there any way to require the external OWA client have the certificate imported before even gaining access to the OWA site? It appears that this procedure protects the transmission of unencrypted data from the client through to the Exchange server (and back),,,, but it does not keep anyone from connecting and attempting to guess a valid username/password. I would prefer that an external client without a valid certificate installed simply receive an access error.

Am I wrong about this? (Always the most likely possibility)

Thanks again.

Mark

Hi Mark,

You can certainly use client certificate authentication at the ISA firewall and basic auth at the Exchange site! That might be a good article for the future. Check out my client certifiate authentication article over at www.isaserver.org/shinder

HTH,
Tom

(in reply to tshinder)
Post #: 28
RE: Discussion of Publishing OWA 2003 article - 30.Jul.2003 8:27:00 AM   
belindam

 

Posts: 20
Joined: 1.Jul.2003
Status: offline
Dear Tom,

Firstly the articles on this site are fantastic. I have learnt a great deal from them and the Configuring ISA Server 2000 book. About to get ISA Server & Beyond.

I have run through the steps involved in publishing OWA on ISA Server. My issue is that since i enabled Packet Filtering i have lost OWA access from both internal and external clients.

I am able to access OWA ONLY using the UNC path from an INTERNAL client (http://servername/change). I cannot access it using http://servername.domain.com.au/exchange from either internal or external clients.

I have created the Destination Set and Publishing Rule as described. IIS is running. Still no joy!

I am running SBS2000 with DC, EXC and ISA co-hosted on the same box. Not ideal i know but a necessity with budget and other constraints in place.

I am at a loss as to what to try next. Any ideas would be great appreciated.

[Confused]

(in reply to tshinder)
Post #: 29
RE: Discussion of Publishing OWA 2003 article - 5.Aug.2003 10:38:00 AM   
SanMan

 

Posts: 50
Joined: 23.Feb.2001
From: ZA
Status: offline
Hi Belinda,
Have u checked your DNS internal(have u created a zone file or host) and external(ISP).

HTH

Hi Tom,
How is the motivation coming along for an RPC document ?

Thank you,
SanMan

(in reply to tshinder)
Post #: 30
RE: Discussion of Publishing OWA 2003 article - 5.Aug.2003 11:13:00 AM   
belindam

 

Posts: 20
Joined: 1.Jul.2003
Status: offline
SanMan,

I have not created any DNS entries for the server. I previously had all OWA and external exchange server access working without an issue. Troubles arose when i enabled Packet Filtering. Since then i cannot access externally.

What DNS entries do i need to create?

Belinda

(in reply to tshinder)
Post #: 31
RE: Discussion of Publishing OWA 2003 article - 5.Aug.2003 12:15:00 PM   
belindam

 

Posts: 20
Joined: 1.Jul.2003
Status: offline
SanMan,

I have not created any DNS entries for the server. I previously had all OWA and external exchange server access working without an issue. Troubles arose when i enabled Packet Filtering. Since then i cannot access externally.

What DNS entries do i need to create?

Belinda

(in reply to tshinder)
Post #: 32
RE: Discussion of Publishing OWA 2003 article - 5.Aug.2003 11:31:00 PM   
SanMan

 

Posts: 50
Joined: 23.Feb.2001
From: ZA
Status: offline
Belinda,
Does interal work when you goto http://mail.domainname.com.au/exchange ?
Use nslookup to check.

Does domainname.com.au = FQDN ?
If not create a zone for this.

Does external work when you goto you external url ?

Packet filtering should not affect this as it is published.

Hope that helps you out a lil.
SanMan

(in reply to tshinder)
Post #: 33
RE: Discussion of Publishing OWA 2003 article - 6.Aug.2003 7:00:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Belinda:
Dear Tom,

Firstly the articles on this site are fantastic. I have learnt a great deal from them and the Configuring ISA Server 2000 book. About to get ISA Server & Beyond.

I have run through the steps involved in publishing OWA on ISA Server. My issue is that since i enabled Packet Filtering i have lost OWA access from both internal and external clients.

I am able to access OWA ONLY using the UNC path from an INTERNAL client (http://servername/change). I cannot access it using http://servername.domain.com.au/exchange from either internal or external clients.

I have created the Destination Set and Publishing Rule as described. IIS is running. Still no joy!

I am running SBS2000 with DC, EXC and ISA co-hosted on the same box. Not ideal i know but a necessity with budget and other constraints in place.

I am at a loss as to what to try next. Any ideas would be great appreciated.

[Confused]

Hi Belinda,

Good news is that I have complete detailed info on how to confiugure OWA on the ISA firewall itself in ISA Server and Beyond. Bad news is that its a complex procedure, compromises security provided by the firewall, and hurts both Exchange and firewall performance. Otherwise, it works great! [Wink]

HTH,
Tom

(in reply to tshinder)
Post #: 34
RE: Discussion of Publishing OWA 2003 article - 6.Aug.2003 7:02:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by SanMan:
Hi Belinda,
Have u checked your DNS internal(have u created a zone file or host) and external(ISP).

HTH

Hi Tom,
How is the motivation coming along for an RPC document ?

Thank you,
SanMan

Hi SanMan,

The word is that the motivation might increase significantly this week. I'll let you know what happens. If the deal goes thumbs up, you can look forward to this info next week.

HTH,
Tom

(in reply to tshinder)
Post #: 35
RE: Discussion of Publishing OWA 2003 article - 6.Aug.2003 7:04:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Belinda:
SanMan,

I have not created any DNS entries for the server. I previously had all OWA and external exchange server access working without an issue. Troubles arose when i enabled Packet Filtering. Since then i cannot access externally.

What DNS entries do i need to create?

Belinda

Hi Belinda,

You must have packet filtering enabled. Packet filtering is the first line of defense, and if it is disabled, the server is wide open to every exploit known to man. In fact, if packet filter has been disabled, and this machine was connected to the Internet, I would reformat and reinstall as there is a good chance the machine has already been compromised.

HTH,
Tom

(in reply to tshinder)
Post #: 36
RE: Discussion of Publishing OWA 2003 article - 6.Aug.2003 7:05:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by SanMan:
Belinda,
Does interal work when you goto http://mail.domainname.com.au/exchange ?
Use nslookup to check.

Does domainname.com.au = FQDN ?
If not create a zone for this.

Does external work when you goto you external url ?

Packet filtering should not affect this as it is published.

Hope that helps you out a lil.
SanMan

Hi SanMan,

I think part of the problem is that a split DNS is required, which is a real problem if you only have a single server, since you need at least two servers to create the split DNS *if* you are hosting your external records yourself.

HTH,
Tom

(in reply to tshinder)
Post #: 37
RE: Discussion of Publishing OWA 2003 article - 16.Aug.2003 2:39:00 AM   
BDreeszen

 

Posts: 1
Joined: 16.Aug.2003
Status: offline
Tom,
Great Article! I have set this up on one of my clients servers and it works like a million bucks! Here is my dilema......
The server with OWA is also running a Web server for the company (Real Estate). So mydomain.com goes to the web server and mail.mydomain.com goes to the web server also. In the past they have just had to put /exchange at the end of the URL. Now they have to put https: and /exchange etc. etc. in the url. This is generating a lot of call volume at my help desk. I'd like to keep this security measure in place as there is a lot of confidential information being swapped around. Have you got any ideas as to how I can set it up so that when the url http://mail.mydomain.com is entered, its redirected to https://mydomain.com/exchange.
I read in one of your earlier posts that you thought someone was playing games or being lazy, I would have to agree, but this is getting past lazy and its starting to take a dent in my pocketbook. Any thoughts would be appreciative!
Thanks
Brian

(in reply to tshinder)
Post #: 38
RE: Discussion of Publishing OWA 2003 article - 20.Aug.2003 7:32:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Brian,

You can create a page with a meta tag so that when users go to http://mail.domain.com it automatically redirects them https://mail.domain.com/exchange

If you're going to run a second Web site on the Exchange Server, I'd recommend creating a second virtual Web server for the site.

HTH,
Tom

(in reply to tshinder)
Post #: 39
RE: Discussion of Publishing OWA 2003 article - 25.Aug.2003 1:16:00 PM   
TaN

 

Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
Hello!
I've read your article ans I think that it is very good! I haven't started materialize it yet but I'm going to!
Well,
I have an Exchange 5.5 server running in a Win2000 Server and an ISA server running in Win2000 Server, too. Both of them are members of a 2003 Domain.
I want to publish my Exchange server on the Internet using Exchange OWA and SSL in order to my clients have access at their mails via internet.
I don't have an OWA site, just an Exchange Server.
Can these articles work in my case?

[ August 25, 2003, 02:56 PM: Message edited by: TaN ]

(in reply to tshinder)
Post #: 40

Page:   <<   < prev  1 [2] 3 4 5   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  1 [2] 3 4 5   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts