Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion of Publishing OWA 2003 article
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion of Publishing OWA 2003 article - 10.Feb.2004 1:59:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Rynoster,
What are the details of your Web Publishing Rule and Incoming Web Requests listener config?
Thanks!
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 10.Feb.2004 3:09:00 PM
|
|
|
Guest
|
Hi Tom
Thanx for the reply.
I set up the web publ. rule with the feature pack 1 owa role.
The scenario is this. We've got a webserver, which also has the ISA server loaded. It's Windows 2000, SP3, running IIS.
Then I've got a mail server, which also has IIS installed, for OWA obviously.
When plugged into the network I can surf www.domain.com/exchange, but not from external. I did notice something strange though, when I connect from the outside, after a while it change the www.domain.com to 192.168.1.2 and comes back with a error 504, gateway timeout.
Any ideas?
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 10.Feb.2004 3:15:00 PM
|
|
|
Guest
|
Sorry, forgot to give you the configs.
Set up my web pub rules just like the document says, but the filtering rules are different than yours. I can't create certificates on my mail server, doesn't give the option to send it directly to a certificate server.
There is already a certificate there for the existing website.
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 25.Feb.2004 9:31:00 PM
|
|
|
Dirky
Posts: 36
Joined: 30.Apr.2002
Status: offline
|
Hi Tom, thanks for the article!
I've run in to one problem in section 4.
When I import the certificate in to ISA, it
does not show in the TRusted Cert list?! Viewing
the certificate on the ISA machine shows the red
cross and says it cannot be trusted.
One thing which I think may be casusing it, my ISA server is in its own domain with a one way trust from the domain with the IIS/Exchange server box.
Trying to access the http://server/exchange gives:
403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)
Internet Security and Acceleration Server
Which looks good? However going to https://server/exchange shows:
500 Internal Server Error - The certificate chain was issued by an authority that is not trusted. (-2146893019)
Internet Security and Acceleration Server
Any clues or pointers most welcome, oh yes I did try deleting the certificate and re-exporting and importing but to no avail.
Regards
Mike
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 25.Feb.2004 9:34:00 PM
|
|
|
Dirky
Posts: 36
Joined: 30.Apr.2002
Status: offline
|
Ahh, just got a bit further!
I imported the certificate direct in to the Trusted Cert list, it looks ok in there, however now I see:
500 Internal Server Error - The target principal name is incorrect. (-2146893022)
Internet Security and Acceleration Server
Hmm?
Mike
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 25.Feb.2004 10:57:00 PM
|
|
|
Dirky
Posts: 36
Joined: 30.Apr.2002
Status: offline
|
Aghhhhh, sorted it! It was the old split dns problem! Fixed it by setting a HOSTS file entry
for my external facing hostname on ISA to point to the internal IIS server which actually hosts
the website!
Info which helped me here:-
http://www.isaserver.org/tutorials/error505.html
Thanks Tom!
Mike
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 5.Mar.2004 1:26:00 AM
|
|
|
dbotto
Posts: 1
Joined: 5.Mar.2004
From: Portugal
Status: offline
|
Hi Tom!
I'm having the same problem as murph123 have/had when I try to access OWA from external networks it loads all the objects from the OWA page but it hangs on "loading..." in every folders from the mailbox.
When I do it from internal network it works just fine.
Did you already know how to solve this problem?
I have the Destination Set with the FQDN, not the IP.
Thanks in advance!
Yours sincerely,
Diogo Botto
The Problem is solved already. We had a Web
filter configured on our ISA Server that was blocking this kind of traffic. It's working now!
Thanks anyway!
[ March 06, 2004, 11:33 AM: Message edited by: dbotto ]
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 19.Mar.2004 5:41:00 PM
|
|
|
Guest
|
I am trying to follow the directions in your series of articles. I have gotten up to Part 4, Step 9, and I have a couple of problems/questions.
I have an Exchange 2003 front end server, and 2 clustered Exchange 2003 back-end servers. Prior to starting this process, I was able to use OWA.
The first problem that I have is that I can no longer connect to OWA internally. I am assuming this has to do with the certificate installed. I used the FQDN that external clients would be using when I created the certificate, but the internal name is different. I thought that you could possibly create multiple certificates (one for each name) on the server, but I cannot see a way to that--I can only modify or delete the certificate. Surely this can be accomplished, right?
The second problem is that Part 4, Step 9, substep 3, tells me that the IP address I choose must be the address that the FQDN resolves to. Well, this NIC is sitting in a DMZ, and the address to which it is configured will not be the same as the FQDN (it is NATed). Is there any way to make this work, or does the public interface of the ISA server *have* to be sitting directly on the internet? Perhaps something to do with the using a hosts file?
I appreciate the article, and I appreciate any assistance offered.
Bill Mayo
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 19.Mar.2004 8:53:00 PM
|
|
|
bemayo
Posts: 5
Joined: 7.Oct.2002
Status: offline
|
As a follow up to this, we have more than one domain name. Is it possible to publish to make this work with more than one domain name? If so, what further steps would need to be taken?
quote:
Originally posted by <bemayo>:
I am trying to follow the directions in your series of articles. I have gotten up to Part 4, Step 9, and I have a couple of problems/questions.
I have an Exchange 2003 front end server, and 2 clustered Exchange 2003 back-end servers. Prior to starting this process, I was able to use OWA.
The first problem that I have is that I can no longer connect to OWA internally. I am assuming this has to do with the certificate installed. I used the FQDN that external clients would be using when I created the certificate, but the internal name is different. I thought that you could possibly create multiple certificates (one for each name) on the server, but I cannot see a way to that--I can only modify or delete the certificate. Surely this can be accomplished, right?
The second problem is that Part 4, Step 9, substep 3, tells me that the IP address I choose must be the address that the FQDN resolves to. Well, this NIC is sitting in a DMZ, and the address to which it is configured will not be the same as the FQDN (it is NATed). Is there any way to make this work, or does the public interface of the ISA server *have* to be sitting directly on the internet? Perhaps something to do with the using a hosts file?
I appreciate the article, and I appreciate any assistance offered.
Bill Mayo
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 30.Mar.2004 1:49:00 AM
|
|
|
ninjakid
Posts: 7
Joined: 30.Mar.2004
From: New York
Status: offline
|
I followed all 5 steps and I can access OWA from all internal machines but can not get it to work from an external system. Any ideas of what can be causing the problem?
My system is as followed:
2003 server with exchange 2003
2003 server with ISA 2000
Mail server name is schickmail
Internet domain is webmail.schicktech.com
I created the security certificates as webmail.schicktech.com and used this name for all entries where the FQDN was asked for.
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 30.Mar.2004 7:25:00 PM
|
|
|
ninjakid
Posts: 7
Joined: 30.Mar.2004
From: New York
Status: offline
|
DonĘt bother to answer my problem I got it fixed, I came to the conclusion that the problem is that my router was blocking the ssl port so after going into my cisco config I was able to confirm this so I made the change to allow the ssl port and all is working fine.
[ March 31, 2004, 12:06 AM: Message edited by: Jay Gellman ]
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 1.Apr.2004 6:59:00 PM
|
|
|
Guest
|
I've followed the instructions in Dr. Shinder's 5-part "Publishing Exchange 2003 Outlook Web Access (OWA) with ISA Server 2000" articles - to the letter - but I can't access OWA from outside. The OWA server is working fine, including SSL, as I can access my mailbox from within the network with no problem. I can also access it from the ISA server with no problem, even by using the public URL (which is in the HOSTS file on the ISA server).
The ISA server is sitting in our DMZ, behind a Cisco PIX. Port 443 to the ISA server has been opened, but all attempts to connect result in timeouts.
Everything on the ISA server, configuration-wise, looks OK (to me), but I'm at a loss as to how to troubleshoot this problem. I have NO experience with ISA Server prior to this project, and this is its only use, so I'm free to modify the configuration to get this working.
Any tips or assistance would be greatly appreciated. ![[Confused]](/image/smiles/confused.gif)
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 1.Apr.2004 9:02:00 PM
|
|
|
billmontu
Posts: 1
Joined: 1.Apr.2004
Status: offline
|
My questions after doing all steps from 1-5 how do i send pepole to a differnt webserver? I have 3 servers, 1 ISA 1 Domain 1 Webserver and no one can get to the website anymore. the ISA sends you to the Domain server with exchange and not the webserver. Computer 1 bill@computer1.us or montu@bis.midco.net
I would like some help from anyone that has run into this.
[ April 04, 2004, 02:20 AM: Message edited by: billmontu ]
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 26.Apr.2004 11:27:00 AM
|
|
|
avfcmark
Posts: 17
Joined: 26.Apr.2004
Status: offline
|
Hi, I was just wondering if anyone could help me on a problem I am having with OWA. I have set ISA up as in the guides but when I put my FQDN in internet explorer I get an `under construction` page, does anyone have any ideas?
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 26.Apr.2004 3:24:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi AV,
Remove the WWW service, or disable it, on the ISA firewall machine.
HTH,
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 28.Apr.2004 8:47:00 PM
|
|
|
sharmas
Posts: 4
Joined: 28.Apr.2004
Status: offline
|
quote:
Originally posted by Kippler:
Dr. Shinder,
Thanks for the great series of articles on ISA and OWA, they were instrumental in getting our system functioning correctly.
I did have one question for you in regard to file attachments through OWA. File attachments can be done fine internally through the OWA, but when done externally only attachments of 100k or less will work. If an attachment >100k is attempted, the attachment window simply goes white, and doesn't attach anything. Everything else in OWA is working fine except this.
Our setup is SBS 2003, with ISA Server 2000 SP1 and the feature pack installed as well.
Any help or ideas you would be able to provide would be appreciated.
Thanks for your time,
Kipp
Hi Tom,
Firstly I would like to say a real BIG Thank YOU for your great articles and books!
Unfortunately I am having exactly the same issue as Kippler. When users add an attachment that is bigger than 100KB, they get a blank web page.
Our setup is slightly different in that we don't use SBS. We have ISA Server 2000 (latest SP and FP), Exchange 2003, Windows 2003.
Searched MS site and got nothing! Any help you can give will be greatly appreciated.
Best Regards,
SunDude ;-)
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 29.Apr.2004 1:28:00 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Sundude,
Thanks!
Is URLScan installed on the OWA site or the ISA firewall?
Thanks!
Tom
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 29.Apr.2004 1:40:00 PM
|
|
|
sharmas
Posts: 4
Joined: 28.Apr.2004
Status: offline
|
Hi Tom,
Thanks for getting back to me!
I am pretty sure that we have not put URLSCAN on any of the boxes...but I will double check when I can VPN back into my client's server!
Regards,
SunDude ;-)
|
|
|
|
|
RE: Discussion of Publishing OWA 2003 article - 29.Apr.2004 10:11:00 PM
|
|
|
dirickson
Posts: 9
Joined: 21.Jun.2003
From: Itapecerica da Serra, SP, Brazil
Status: offline
|
Great Article.
But I get two problems when I implement this:
1. Testing inside my network, some users can't login OWA, others can (probably security issues...);
2. Testing outside, I got this message from our ISA server: "12206 - proxy chain loop" rigth after the user log in;
Can you help me with this?
Regards,
Luiz
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
RE: Discussion of Publishing OWA 2003 article - 