Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion of Publishing OWA 2003 article
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 9:45:00 AM
|
|
|
TaN
Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
|
Well... I tried to do whatever the article says but when I'm trying to access the OWA via a Laptop connected to Internet I can't connect! I read the ISA Logs (IPPDxxxxxx.log) and it shows me this:
"8/26/2003, 10:51:27, 212.205.255.184, <Ext Int on ISA>, Tcp, 1267, 443, -, BLOCKED, Dialout, -, -"
I also notice that at the Event Viewer of ISA tells me that "The Web Proxy service failed to bind its socket to "externalip" port 443".
By typing netstat I saw that 0.0.0.0 uses port 443.
What Can I do?? ![[Confused]](/image/smiles/confused.gif)
[ August 26, 2003, 01:34 PM: Message edited by: TaN ]
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 1:48:00 PM
|
|
|
TaN
Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
|
Fortunatelly, everything works althought nobody answer to my questions :-/
port 443 was being used by IIS on ISA Server.
Now it's ok.
Thanks anyway.
[ August 26, 2003, 04:21 PM: Message edited by: TaN ]
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 6:31:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by TaN:
Hello!
I've read your article ans I think that it is very good! I haven't started materialize it yet but I'm going to!
Well,
I have an Exchange 5.5 server running in a Win2000 Server and an ISA server running in Win2000 Server, too. Both of them are members of a 2003 Domain.
I want to publish my Exchange server on the Internet using Exchange OWA and SSL in order to my clients have access at their mails via internet.
I don't have an OWA site, just an Exchange Server.
Can these articles work in my case?
Hi TaN,
Not sure. I've never worked with Exchange 5.5 and publishing its OWA site with ISA.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 26.Aug.2003 6:33:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by TaN:
Fortunatelly, everything works althought nobody answer to my questions :-/
port 443 was being used by IIS on ISA Server.
Now it's ok.
Thanks anyway.
Hi TaN,
Yes, *always* disable Web services on the firewall!
Good to hear you got it working and thanks for the followup!
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 27.Aug.2003 12:34:00 PM
|
|
|
TaN
Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
|
Thank you Tom!
Something last.. Do I have to disable SMTP SERVICE on ISA, too?
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 30.Aug.2003 8:03:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi TaN,
If you want to publish the SMTP service on the internal Exchange Server, then you need to disable the SMTP service on the firewall.
HTH,
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 24.Sep.2003 5:12:00 AM
|
|
|
Thudd
Posts: 5
Joined: 10.Sep.2003
Status: offline
|
I'm currently running through the 5-part article that Tom wrote regarding publishing OWA (http://isaserver.org/tutorials/pubowa2003part4.html) and I'm unsure about step 9 in part 4. That is, configuring the incoming listener to use the previously created certificate.
Point 3 says: "Select the IP address you want the listener to listen on. Make sure this address resolves to the IP address used by the FQDN listened in the common name on the certificate. This is also the FQDN the external users will use to access the OWA Web site from external network locations"
All I get at this point is a list of the *internal* addresses (ie 192.168.x.x & 127.0.0.1) and not the external address (203.x.x.x) that our fqdn mail.myserver.com.au resolves to. So my questions are:
Should I be able to select 203.x.x.x from the list? And if so, why isn't it there?
Should I be able to type *any* address in? And if so, why can't I?
If 'no' to the above, which internal address should I use? The internal nic address of the ISA pc?
I'm using SBS 2000 (dc/isa/exch 2000, all on same box). Any help appreciated!
(p.s. mods: I originally posted this in the web publishing forum before remembering to come here; feel free to delete it and run with this one, thanks)
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 24.Sep.2003 4:45:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Rowan:
Hi there,
I posted this in the wrong thread earlier ... ![[Embarrassed]](/image/smiles/redface.gif)
I've run through the article but I've got a problem logging into the site externally.
Exchange 2003 is on a Windows Server 2003 box behind the ISA box (also on Server 2003). I can access OWA internally (via SSL) and I can trace a route to the site via the Internet (the IP is correct and everything, an ISP is hosting the DNS for us).
However, when I try to access the site from outside, or even from an internal client using our internet connection, it seems that ISA isn't passing the authentication through to the OWA Exchange box. I try to log in three times, then it kicks me out.
It is Exchange 2003 eval version, but since I can access OWA internally, I don't think the issue is there.
Any help, please?
Hi Rowen,
Check out the authentiation config on the OWA directories on the Exchange Server. This most common cause for the problem you're seeing is that you haven't forced basic authentication.
HTH,
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 24.Sep.2003 4:47:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Brian K:
I'm currently running through the 5-part article that Tom wrote regarding publishing OWA (http://isaserver.org/tutorials/pubowa2003part4.html) and I'm unsure about step 9 in part 4. That is, configuring the incoming listener to use the previously created certificate.
Point 3 says: "Select the IP address you want the listener to listen on. Make sure this address resolves to the IP address used by the FQDN listened in the common name on the certificate. This is also the FQDN the external users will use to access the OWA Web site from external network locations"
All I get at this point is a list of the *internal* addresses (ie 192.168.x.x & 127.0.0.1) and not the external address (203.x.x.x) that our fqdn mail.myserver.com.au resolves to. So my questions are:
Should I be able to select 203.x.x.x from the list? And if so, why isn't it there?
Should I be able to type *any* address in? And if so, why can't I?
If 'no' to the above, which internal address should I use? The internal nic address of the ISA pc?
I'm using SBS 2000 (dc/isa/exch 2000, all on same box). Any help appreciated!
(p.s. mods: I originally posted this in the web publishing forum before remembering to come here; feel free to delete it and run with this one, thanks)
Hi Brian,
Two things come to mind:
1. You're looking at the outgoing web requests listener and not the incoming
or
2. Your LAT is misconfigured
HTH,
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 5.Oct.2003 5:53:00 PM
|
|
|
bblock
Posts: 7
Joined: 8.Mar.2003
Status: offline
|
Hi, Tom. This may be slightly off-topic, but only slightly, since the first article mentions it. I wonder if you could enlighten me as to the security ramifications of making ISA a domain member. I see it lets you authenticate at the ISA server, but what about the risks of access to the domain in light of an ISA security breach?
Do the benefits of ISA domain membership outweigh the risks, or am I overstating the risks?
Thank you for your wonderful articles and knowledge!
Bryan
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 5:11:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bryan,
At this time I would say that the benefits of domain membership for outweight the risks. However, it depends on your environment. If you're a high profile target like the defense department or the NSA, I would not recommend it. But almost everyone else is good with this setup. No ISA firewall that's been properly configured has been compromised, so that's good enough for me!
HTH,
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 10:33:00 PM
|
|
|
dmolley
Posts: 45
Joined: 12.Aug.2003
Status: offline
|
I have followed the instructions in the article, but must have made a mistake somewhere OR I don't understand how to use OWA..
I have not performed the last part of the article - installing and configuring URL scan..
However when I type 'www.domain.net/exchange' I get 403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)
This occurs whether I am on my external client or internal. ( I have verified that the DNS is working properly for internal routing of the www.domain.net by verifying that nslookup returns the internal IP of my web/exchange system).
What could be wrong?
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 10:41:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi D,
You have to use
https://
to connect to the secure site.
HTH,
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 11:24:00 PM
|
|
|
dmolley
Posts: 45
Joined: 12.Aug.2003
Status: offline
|
I followed the 5 part article instructions with the exception of installing URLScan..
I am unable to get OWA to work however...
When I type 'www.domain.net/exchange' in the address bar of either an internal or external client I get the following; 403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)
Is there something I must do to the client machine to use SSL? I thought we forced it to use SSL?
What am I doing wrong?
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 6.Oct.2003 11:37:00 PM
|
|
|
dmolley
Posts: 45
Joined: 12.Aug.2003
Status: offline
|
oops - sorry about the double post.. couldnt see my original post..
Thanks - I am now able to get further since using https: (duh!)..
Now I get tje following error:
12206 - proxy chain loop
This occurs on both external and internal clients.
What could this be?
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 1:46:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi D,
Proxy chain loops in this situation are usually do to a name resolution issue.
Did you create a split DNS or a HOSTS file entry?
thanks!
Tom
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 7:35:00 PM
|
|
|
dmolley
Posts: 45
Joined: 12.Aug.2003
Status: offline
|
why am I unable to see my recent posts in this thread? I have posted 2 messages and when I posted the second message yesterday, there was an answer (thanks Mr. Shinder) that I was able to view. Today, I am unable to see any of those messages.
Whats the deal?
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 7:41:00 PM
|
|
|
dmolley
Posts: 45
Joined: 12.Aug.2003
Status: offline
|
Update - after I post a new message, I am able to view the recent posts..
It's like a cache somewhere is not being updated..
How do I view the replies without posting a reply?
Thanks for responding Mr. Shinder.
Yes I have (I think) a split DNS arrangement..
this is my configuration:
The DC/WebServer/DHCP/Exchange server (yes it is a bit overloaded) also has my internal DNS setup on it. All clients are directed here for DNS. This server forwards to the ISA server which has a caching only DNS server on it. The ISA caching only DNS server forwards to my ISP's DNS.
On a separate server located outside of my ISA network (directly on the internet) is my external DNS server.
Have I screwed up here?
[ October 07, 2003, 07:42 PM: Message edited by: dmolley ]
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 7:46:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by dmolley:
why am I unable to see my recent posts in this thread? I have posted 2 messages and when I posted the second message yesterday, there was an answer (thanks Mr. Shinder) that I was able to view. Today, I am unable to see any of those messages.
Whats the deal?
Hi D,
Not sure. Did I reply to any of them?
Thanks!
Tom
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
