• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of Publishing OWA 2003 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  1 2 [3] 4 5   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 9:45:00 AM   
TaN

 

Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
Well... I tried to do whatever the article says but when I'm trying to access the OWA via a Laptop connected to Internet I can't connect! I read the ISA Logs (IPPDxxxxxx.log) and it shows me this:
"8/26/2003, 10:51:27, 212.205.255.184, <Ext Int on ISA>, Tcp, 1267, 443, -, BLOCKED, Dialout, -, -"
I also notice that at the Event Viewer of ISA tells me that "The Web Proxy service failed to bind its socket to "externalip" port 443".
By typing netstat I saw that 0.0.0.0 uses port 443.

What Can I do?? [Confused]

[ August 26, 2003, 01:34 PM: Message edited by: TaN ]

(in reply to tshinder)
Post #: 41
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 1:48:00 PM   
TaN

 

Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
Fortunatelly, everything works althought nobody answer to my questions :-/
port 443 was being used by IIS on ISA Server.
Now it's ok.

Thanks anyway.

[ August 26, 2003, 04:21 PM: Message edited by: TaN ]

(in reply to tshinder)
Post #: 42
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 6:31:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by TaN:
Hello!
I've read your article ans I think that it is very good! I haven't started materialize it yet but I'm going to!
Well,
I have an Exchange 5.5 server running in a Win2000 Server and an ISA server running in Win2000 Server, too. Both of them are members of a 2003 Domain.
I want to publish my Exchange server on the Internet using Exchange OWA and SSL in order to my clients have access at their mails via internet.
I don't have an OWA site, just an Exchange Server.
Can these articles work in my case?

Hi TaN,

Not sure. I've never worked with Exchange 5.5 and publishing its OWA site with ISA.

Thanks!
Tom

(in reply to tshinder)
Post #: 43
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 6:33:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by TaN:
Fortunatelly, everything works althought nobody answer to my questions :-/
port 443 was being used by IIS on ISA Server.
Now it's ok.

Thanks anyway.

Hi TaN,

Yes, *always* disable Web services on the firewall!

Good to hear you got it working and thanks for the followup!

Tom

(in reply to tshinder)
Post #: 44
RE: Discussion of Publishing OWA 2003 article - 27.Aug.2003 12:34:00 PM   
TaN

 

Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
Thank you Tom!

Something last.. Do I have to disable SMTP SERVICE on ISA, too?

(in reply to tshinder)
Post #: 45
RE: Discussion of Publishing OWA 2003 article - 30.Aug.2003 8:03:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi TaN,

If you want to publish the SMTP service on the internal Exchange Server, then you need to disable the SMTP service on the firewall.

HTH,
Tom

(in reply to tshinder)
Post #: 46
RE: Discussion of Publishing OWA 2003 article - 11.Sep.2003 3:07:00 PM   
Rowan

 

Posts: 2
Joined: 11.Sep.2003
From: Namibia
Status: offline
Hi there,

I posted this in the wrong thread earlier ... [Embarrassed]

I've run through the article but I've got a problem logging into the site externally.

Exchange 2003 is on a Windows Server 2003 box behind the ISA box (also on Server 2003). I can access OWA internally (via SSL) and I can trace a route to the site via the Internet (the IP is correct and everything, an ISP is hosting the DNS for us).

However, when I try to access the site from outside, or even from an internal client using our internet connection, it seems that ISA isn't passing the authentication through to the OWA Exchange box. I try to log in three times, then it kicks me out.

It is Exchange 2003 eval version, but since I can access OWA internally, I don't think the issue is there.

Any help, please?

(in reply to tshinder)
Post #: 47
RE: Discussion of Publishing OWA 2003 article - 24.Sep.2003 5:12:00 AM   
Thudd

 

Posts: 5
Joined: 10.Sep.2003
Status: offline
I'm currently running through the 5-part article that Tom wrote regarding publishing OWA (http://isaserver.org/tutorials/pubowa2003part4.html) and I'm unsure about step 9 in part 4. That is, configuring the incoming listener to use the previously created certificate.

Point 3 says: "Select the IP address you want the listener to listen on. Make sure this address resolves to the IP address used by the FQDN listened in the common name on the certificate. This is also the FQDN the external users will use to access the OWA Web site from external network locations"

All I get at this point is a list of the *internal* addresses (ie 192.168.x.x & 127.0.0.1) and not the external address (203.x.x.x) that our fqdn mail.myserver.com.au resolves to. So my questions are:
Should I be able to select 203.x.x.x from the list? And if so, why isn't it there?
Should I be able to type *any* address in? And if so, why can't I?
If 'no' to the above, which internal address should I use? The internal nic address of the ISA pc?

I'm using SBS 2000 (dc/isa/exch 2000, all on same box). Any help appreciated!

(p.s. mods: I originally posted this in the web publishing forum before remembering to come here; feel free to delete it and run with this one, thanks)

(in reply to tshinder)
Post #: 48
RE: Discussion of Publishing OWA 2003 article - 24.Sep.2003 4:45:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Rowan:
Hi there,

I posted this in the wrong thread earlier ... [Embarrassed]

I've run through the article but I've got a problem logging into the site externally.

Exchange 2003 is on a Windows Server 2003 box behind the ISA box (also on Server 2003). I can access OWA internally (via SSL) and I can trace a route to the site via the Internet (the IP is correct and everything, an ISP is hosting the DNS for us).

However, when I try to access the site from outside, or even from an internal client using our internet connection, it seems that ISA isn't passing the authentication through to the OWA Exchange box. I try to log in three times, then it kicks me out.

It is Exchange 2003 eval version, but since I can access OWA internally, I don't think the issue is there.

Any help, please?

Hi Rowen,

Check out the authentiation config on the OWA directories on the Exchange Server. This most common cause for the problem you're seeing is that you haven't forced basic authentication.

HTH,
Tom

(in reply to tshinder)
Post #: 49
RE: Discussion of Publishing OWA 2003 article - 24.Sep.2003 4:47:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Brian K:
I'm currently running through the 5-part article that Tom wrote regarding publishing OWA (http://isaserver.org/tutorials/pubowa2003part4.html) and I'm unsure about step 9 in part 4. That is, configuring the incoming listener to use the previously created certificate.

Point 3 says: "Select the IP address you want the listener to listen on. Make sure this address resolves to the IP address used by the FQDN listened in the common name on the certificate. This is also the FQDN the external users will use to access the OWA Web site from external network locations"

All I get at this point is a list of the *internal* addresses (ie 192.168.x.x & 127.0.0.1) and not the external address (203.x.x.x) that our fqdn mail.myserver.com.au resolves to. So my questions are:
Should I be able to select 203.x.x.x from the list? And if so, why isn't it there?
Should I be able to type *any* address in? And if so, why can't I?
If 'no' to the above, which internal address should I use? The internal nic address of the ISA pc?

I'm using SBS 2000 (dc/isa/exch 2000, all on same box). Any help appreciated!

(p.s. mods: I originally posted this in the web publishing forum before remembering to come here; feel free to delete it and run with this one, thanks)

Hi Brian,

Two things come to mind:

1. You're looking at the outgoing web requests listener and not the incoming

or

2. Your LAT is misconfigured

HTH,
Tom

(in reply to tshinder)
Post #: 50
RE: Discussion of Publishing OWA 2003 article - 5.Oct.2003 5:53:00 PM   
bblock

 

Posts: 7
Joined: 8.Mar.2003
Status: offline
Hi, Tom. This may be slightly off-topic, but only slightly, since the first article mentions it. I wonder if you could enlighten me as to the security ramifications of making ISA a domain member. I see it lets you authenticate at the ISA server, but what about the risks of access to the domain in light of an ISA security breach?

Do the benefits of ISA domain membership outweigh the risks, or am I overstating the risks?

Thank you for your wonderful articles and knowledge!

Bryan

(in reply to tshinder)
Post #: 51
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 5:11:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bryan,

At this time I would say that the benefits of domain membership for outweight the risks. However, it depends on your environment. If you're a high profile target like the defense department or the NSA, I would not recommend it. But almost everyone else is good with this setup. No ISA firewall that's been properly configured has been compromised, so that's good enough for me!

HTH,
Tom

(in reply to tshinder)
Post #: 52
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 10:33:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
I have followed the instructions in the article, but must have made a mistake somewhere OR I don't understand how to use OWA..

I have not performed the last part of the article - installing and configuring URL scan..

However when I type 'www.domain.net/exchange' I get 403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)
This occurs whether I am on my external client or internal. ( I have verified that the DNS is working properly for internal routing of the www.domain.net by verifying that nslookup returns the internal IP of my web/exchange system).
What could be wrong?

(in reply to tshinder)
Post #: 53
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 10:41:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi D,

You have to use

https://

to connect to the secure site.

HTH,
Tom

(in reply to tshinder)
Post #: 54
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 11:24:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
I followed the 5 part article instructions with the exception of installing URLScan..
I am unable to get OWA to work however...
When I type 'www.domain.net/exchange' in the address bar of either an internal or external client I get the following; 403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)

Is there something I must do to the client machine to use SSL? I thought we forced it to use SSL?
What am I doing wrong?

(in reply to tshinder)
Post #: 55
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 11:37:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
oops - sorry about the double post.. couldnt see my original post..

Thanks - I am now able to get further since using https: (duh!)..
Now I get tje following error:
12206 - proxy chain loop
This occurs on both external and internal clients.
What could this be?

(in reply to tshinder)
Post #: 56
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 1:46:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi D,

Proxy chain loops in this situation are usually do to a name resolution issue.

Did you create a split DNS or a HOSTS file entry?

thanks!
Tom

(in reply to tshinder)
Post #: 57
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 7:35:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
why am I unable to see my recent posts in this thread? I have posted 2 messages and when I posted the second message yesterday, there was an answer (thanks Mr. Shinder) that I was able to view. Today, I am unable to see any of those messages.
Whats the deal?

(in reply to tshinder)
Post #: 58
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 7:41:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
Update - after I post a new message, I am able to view the recent posts..
It's like a cache somewhere is not being updated..
How do I view the replies without posting a reply?

Thanks for responding Mr. Shinder.
Yes I have (I think) a split DNS arrangement..
this is my configuration:
The DC/WebServer/DHCP/Exchange server (yes it is a bit overloaded) also has my internal DNS setup on it. All clients are directed here for DNS. This server forwards to the ISA server which has a caching only DNS server on it. The ISA caching only DNS server forwards to my ISP's DNS.
On a separate server located outside of my ISA network (directly on the internet) is my external DNS server.
Have I screwed up here?

[ October 07, 2003, 07:42 PM: Message edited by: dmolley ]

(in reply to tshinder)
Post #: 59
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 7:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by dmolley:
why am I unable to see my recent posts in this thread? I have posted 2 messages and when I posted the second message yesterday, there was an answer (thanks Mr. Shinder) that I was able to view. Today, I am unable to see any of those messages.
Whats the deal?

Hi D,

Not sure. Did I reply to any of them?

Thanks!
Tom

(in reply to tshinder)
Post #: 60

Page:   <<   < prev  1 2 [3] 4 5   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  1 2 [3] 4 5   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts