• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of Publishing OWA 2003 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  2 3 [4] 5 6   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 7:47:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by dmolley:
Update - after I post a new message, I am able to view the recent posts..
It's like a cache somewhere is not being updated..
How do I view the replies without posting a reply?

Thanks for responding Mr. Shinder.
Yes I have (I think) a split DNS arrangement..
this is my configuration:
The DC/WebServer/DHCP/Exchange server (yes it is a bit overloaded) also has my internal DNS setup on it. All clients are directed here for DNS. This server forwards to the ISA server which has a caching only DNS server on it. The ISA caching only DNS server forwards to my ISP's DNS.
On a separate server located outside of my ISA network (directly on the internet) is my external DNS server.
Have I screwed up here?

Hi D,

You can't have a split DNS with a single DNS server, so you'll need to create the HOSTS file entry.

HTH,
Tom

(in reply to tshinder)
Post #: 61
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 9:04:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
Ok - I have implemented the hosts file entry on the ISA server.. I still recieve the proxy chaining error. But I recieve it also on my external clients (which go right thru ISA and have nothing to do with the hosts/internal dns?).

Also - even before adding the hosts file entry, I verified (using nslookup) that my requests for www.domain.net from my internal client were being resolved to my internal webserver. I have set up my HTTP redirector to used direct access as your article pointed out.

(in reply to tshinder)
Post #: 62
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 9:13:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi D,

Do NOT test from an internal client. Internal clients must directly connect to internal resources. Think of it like this. If you need to go into the kitchen, you don't walk out the front door, go around the house to get into the back yard, come in through the back door, and walk into the kitchen. Instead, you walk directly to the kitchen.

So, make sure you test from an external client.

HTH,
Tom

(in reply to tshinder)
Post #: 63
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 10:41:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
GOT IT!

I just needed to restart the ISA system after modifing the HOSTS file.
Everything works as advertised!

Thanks again Tom

(in reply to tshinder)
Post #: 64
RE: Discussion of Publishing OWA 2003 article - 7.Oct.2003 10:43:00 PM   
dmolley

 

Posts: 45
Joined: 12.Aug.2003
Status: offline
I still don't know what was wrong with the viewing of posts earlier, but I am having no problems now..

(in reply to tshinder)
Post #: 65
RE: Discussion of Publishing OWA 2003 article - 21.Nov.2003 12:22:00 AM   
Money Penney

 

Posts: 132
Joined: 18.Sep.2002
From: Melbourne
Status: offline
Nice articles Tom. I have helped many a people do this stuff with some documentation I put together (mainly for SBS users), so I know that this is a hot topic.

One Suggestion I have is never leave a setting or switch unexplained if it is crucial or specific to the setup. For example the "Allow Delegation of basic authentication credentials". I did not have this set until I just read your articles, but it was working and am unsure what effect this switch will have. Otherwise the articles are looking good!

I do a lot of work for Small organisations, often they have SBS or a similar setup with a single machine doing everything but answer the phones.

I have many Exchange 2000 OWA sites running around the place all secured with ISA and this has been very successful to date. If anyone wants help with doing all this with SBS let me know (maybe I can help you create an adition to your articles Tom?)

With the Exchange 2003 OWA sites I have running at the moment I set them up some time ago before seeing your documents, based on my experience with 2000, and they work pretty well but for one strange thing...

Every now and then when accessing the site externally some of the frames will appear with an error message about encryption being required. Right clicking and selecting refresh often causes the page to load correctly.

I bridge SSL to HTTP (terminate SSL at ISA) as being on the same machine there is no real need to encrypt between ISA and IIS.

Any thoughts?

(in reply to tshinder)
Post #: 66
RE: Discussion of Publishing OWA 2003 article - 21.Nov.2003 12:26:00 AM   
Money Penney

 

Posts: 132
Joined: 18.Sep.2002
From: Melbourne
Status: offline
I should say that I used to see this with ISA and Exchange 2000 before SP1... required the AddFrontEndHttpsHeader registry entry. But this should not be an issue in this case as SP1 has to be installed for ISA to work on Win2K3.

Oh another thing I do not have URL Scan enabled as of yet... I am going to read your articles on this first as I had problems with it initially.

HTTP is blocked anyway so only vulnerable to HTTPS exploits which cuts down the potential hacks considerably

I get hold of ISA 2004 beta today... should be interesting!

(in reply to tshinder)
Post #: 67
RE: Discussion of Publishing OWA 2003 article - 23.Dec.2003 5:18:00 PM   
Guest
Hi, I hope someone can help me on this one.

We use SBS 2000 which has all the goodies installed (exchange/isa/iis). I have set up a web publishing rule to publish a web server on the internal network. This works fine, I also need to publish the SBS box as we use antivirus software with web interfaces (Trend). This was working for a while, but now I keep getting a 12206 - proxy chain loop.

Any ideas on how to fix this?

I have checked the binding order of the NICs etc, but they are fine.

Any help would be greatly appreciated!

(in reply to tshinder)
  Post #: 68
RE: Discussion of Publishing OWA 2003 article - 27.Dec.2003 12:42:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Money Penney:
Nice articles Tom. I have helped many a people do this stuff with some documentation I put together (mainly for SBS users), so I know that this is a hot topic.

One Suggestion I have is never leave a setting or switch unexplained if it is crucial or specific to the setup. For example the "Allow Delegation of basic authentication credentials". I did not have this set until I just read your articles, but it was working and am unsure what effect this switch will have. Otherwise the articles are looking good!

I do a lot of work for Small organisations, often they have SBS or a similar setup with a single machine doing everything but answer the phones.

I have many Exchange 2000 OWA sites running around the place all secured with ISA and this has been very successful to date. If anyone wants help with doing all this with SBS let me know (maybe I can help you create an adition to your articles Tom?)

With the Exchange 2003 OWA sites I have running at the moment I set them up some time ago before seeing your documents, based on my experience with 2000, and they work pretty well but for one strange thing...

Every now and then when accessing the site externally some of the frames will appear with an error message about encryption being required. Right clicking and selecting refresh often causes the page to load correctly.

I bridge SSL to HTTP (terminate SSL at ISA) as being on the same machine there is no real need to encrypt between ISA and IIS.

Any thoughts?

Hi MP,

I updated the information in this series in the docs in the ISA Server 2000 Exchange 2000/2003 Deployment Kits.

There is information in ISA Server and Beyond on how to publish an OWA site located on the ISA firewall, and I do use SSL to SSL bridging, which works quite nicely [Smile] Not required, but gets around the need to perform a registry hack (although the hack is not required if you use FP1 and the OWA Wizard).

HTH,
Tom

(in reply to tshinder)
Post #: 69
RE: Discussion of Publishing OWA 2003 article - 27.Dec.2003 12:43:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by dmolley:
GOT IT!

I just needed to restart the ISA system after modifing the HOSTS file.
Everything works as advertised!

Thanks again Tom

Hi D,

Great! Good to hear you got it working and thanks for the follow up!

Tom

(in reply to tshinder)
Post #: 70
RE: Discussion of Publishing OWA 2003 article - 2.Jan.2004 9:43:00 PM   
Guest
Hi

I've been going through your tutorial. I've installed certificate services, but when I try and add a certificate I don't have an Organisation or Organisational Unit.

Thanks in Advance.

Marc ZA

(in reply to tshinder)
  Post #: 71
RE: Discussion of Publishing OWA 2003 article - 3.Jan.2004 2:36:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Marc,

That's OK, you can enter a fictitious one.

HTH,
Tom

(in reply to tshinder)
Post #: 72
RE: Discussion of Publishing OWA 2003 article - 3.Jan.2004 4:42:00 PM   
Guest
Hi

When trying to request a certificate, there are two drop down boxes for organasation and organisational Unit. These dropdown boxes are both empty. My question is (sorry it's off topic and I should probably know this) but how do I populate those boxes. I've looked around in AD and I can't seem to find anywhere that you can specify this.

Regards

Marc ZA

(in reply to tshinder)
  Post #: 73
RE: Discussion of Publishing OWA 2003 article - 5.Jan.2004 4:15:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Marc,

Just fill the boxes in with bogus entries. The drop downs fill up after the first time you use it.

HTH,
Tom

(in reply to tshinder)
Post #: 74
RE: Discussion of Publishing OWA 2003 article - 5.Jan.2004 6:01:00 PM   
MarcoAdmin

 

Posts: 2
Joined: 5.Jan.2004
From: NJ
Status: offline
HELP!

Background: Windows 2000 domain, running exchange 2000, ISA 2000 as firewall. Front end server and 2 back end servers(One in each of 2 sites connected by a VPN) OWA works fine under our old scenario.

We upgraded the front end server to Exchange 2003, then upgraded the back end servers to exchange 2003. We then tested OWA at this point and we had no problems connecting.

We then upgraded the server running exchange 2003 (back end server and forest root) to Windows 2003.(All other dc's and member servers are still running Windows 2000 Advanced Server)
At this point we lost connectivity using OWA. All email works correctly in and out, but when we try to access owa either by fqdn or ip we get the following error:

403 Forbidden - The ISA Server denies the specified Uniform Resource Locator (URL). (12202)

I have gone through all the steps outlined in your 5 part OWA docs, to no avail. We simply cannot access the email through OWA anymore. What in windows 2003 caused this error, and how can we get this working? Also what impact will upgrading our ISA box to Windows 20003 have on this?

This is critical to the operation of our business, and is a very pressing issue at this time. Please help if you can, and I thank you in advance for your time.

(in reply to tshinder)
Post #: 75
RE: Discussion of Publishing OWA 2003 article - 5.Jan.2004 6:11:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Marco,

Are you seeing this from an internal or external network client? If its an ISA firewall problem, it would indicate a problem with the Destination Set. Are the users asked to authenticate before seeing this error?

Thanks!
Tom

(in reply to tshinder)
Post #: 76
RE: Discussion of Publishing OWA 2003 article - 5.Jan.2004 9:29:00 PM   
MarcoAdmin

 

Posts: 2
Joined: 5.Jan.2004
From: NJ
Status: offline
we never get a logon screen. Just this error.
I ran some tests to try and determine if it is IIS or ISA causing this issue, and with a new simple one page web site set up on our win2k3 server(the one hosting exchange) the web site is inaccessable even set on anonymous access or with basic or windows integrated authentication.
This leads me to believe that the error is in IIS not with ISA, but please correct me if I am mistaken. I am wondering if the IIS lockdown tool could help me or maybe causing the error. I have been a Network Engineer for several years now, but this is really my first foray into exchange and OWA, and I am a bit lost as to where to go next.

These errors do occur both from internal clients and from internet clients.

I did check into the destination sets and from what I can figure they seem to be correct.

I again thank you for your time on this matter.

(in reply to tshinder)
Post #: 77
RE: Discussion of Publishing OWA 2003 article - 16.Jan.2004 9:05:00 PM   
Kippler

 

Posts: 1
Joined: 16.Jan.2004
Status: offline
Dr. Shinder,
Thanks for the great series of articles on ISA and OWA, they were instrumental in getting our system functioning correctly.

I did have one question for you in regard to file attachments through OWA. File attachments can be done fine internally through the OWA, but when done externally only attachments of 100k or less will work. If an attachment >100k is attempted, the attachment window simply goes white, and doesn't attach anything. Everything else in OWA is working fine except this.

Our setup is SBS 2003, with ISA Server 2000 SP1 and the feature pack installed as well.

Any help or ideas you would be able to provide would be appreciated.

Thanks for your time,
Kipp

(in reply to tshinder)
Post #: 78
RE: Discussion of Publishing OWA 2003 article - 19.Jan.2004 1:45:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by MarcoAdmin:
we never get a logon screen. Just this error.
I ran some tests to try and determine if it is IIS or ISA causing this issue, and with a new simple one page web site set up on our win2k3 server(the one hosting exchange) the web site is inaccessable even set on anonymous access or with basic or windows integrated authentication.
This leads me to believe that the error is in IIS not with ISA, but please correct me if I am mistaken. I am wondering if the IIS lockdown tool could help me or maybe causing the error. I have been a Network Engineer for several years now, but this is really my first foray into exchange and OWA, and I am a bit lost as to where to go next.

These errors do occur both from internal clients and from internet clients.

I did check into the destination sets and from what I can figure they seem to be correct.

I again thank you for your time on this matter.

Hi Marco,

It could be a problem with the IIS machine. If you have the same problems connecting from internal network hosts, it suggests a problem with the IIS machine, rather than with the ISA setup and configuration.

HTH,
Tom

(in reply to tshinder)
Post #: 79
RE: Discussion of Publishing OWA 2003 article - 10.Feb.2004 12:55:00 PM   
Guest
Hi there

I'm having trouble publishing my OWA for external users. Internally works fine.

Please help.

(in reply to tshinder)
  Post #: 80

Page:   <<   < prev  2 3 [4] 5 6   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  2 3 [4] 5 6   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts