• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion of Publishing OWA 2003 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  3 4 5 [6] 7   next >   >>
Login
Message << Older Topic   Newer Topic >>
RE: Discussion of Publishing OWA 2003 article - 24.May2004 10:30:00 PM   
sharmas

 

Posts: 4
Joined: 28.Apr.2004
Status: offline
Hi Tom,

I got a workaround courtesy of MS Support. They have told us to terminate SSL at the ISA Server and use standard HTTP to talk to backend server.

Not ideal - but does give us some breathing space.

No idea why the SSL between the FE and BE was timing out...

Cheers,

The SunDude ;-)

(in reply to tshinder)
Post #: 101
RE: Discussion of Publishing OWA 2003 article - 23.Jun.2004 6:10:00 PM   
Guest
quote:
Originally posted by tshinder:
This thread is for discussing the publishing OWA 2003 articles. Part 1 is at http://www.msexchange.org/tutorials/pubowa2003part1.html.

HTH,
Tom

Hi Tom,

Thanks for your article. great stuff. I went through step by step in order to make my owa working.
The trouble is, i have problems with SSL, message error 440 login time out. Works fine with http.
the difference is I have a SBS 2003 premium edition, so all servers on one machine, and this might be some different handling the ssl tunnel.

any Idea how to get that fixed?
[Roll Eyes]

t.nowoitnick@crtpdl.com

(in reply to tshinder)
  Post #: 102
RE: Discussion of Publishing OWA 2003 article - 26.Jun.2004 4:43:00 AM   
eschaton

 

Posts: 2
Joined: 26.Jun.2004
From: Chicago
Status: offline
External OWA Connection Partially Loads on Default SBS2003 Configuration.

Hi Tom,

I've read through all your steps for publishing OWA and I'm pretty sure I've verified everything. I'm able to login via https, but the when the mailbox loads, IE starts returning errors. Line 14 object expected. Everything works great internally. I can login using the FQDN and presto. DNS is setup correctly to the extent that my FQDN is accessible internally and externally. The only thing I see different in my default configuration is my certificate is published by publishing.mydomain.com instead of FQDN.mydomain.com.

remote desktop works great through ISA, BTW.

(in reply to tshinder)
Post #: 103
RE: Discussion of Publishing OWA 2003 article - 27.Jun.2004 7:40:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by sundude:
Hi Tom,

Thanks for getting back to me!

I am pretty sure that we have not put URLSCAN on any of the boxes...but I will double check when I can VPN back into my client's server!

Regards,

SunDude ;-)

Hi SunDude,

Great! Looking forward to the result.

Thanks!
Tom

(in reply to tshinder)
Post #: 104
RE: Discussion of Publishing OWA 2003 article - 27.Jun.2004 7:41:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by Luiz H Dirickson:
Great Article.
But I get two problems when I implement this:
1. Testing inside my network, some users can't login OWA, others can (probably security issues...);
2. Testing outside, I got this message from our ISA server: "12206 - proxy chain loop" rigth after the user log in;
Can you help me with this?
Regards,
Luiz

Hi Luiz,

These problems indicate that you have not configured a split DNS. Make sure you have configured a split DNS and all will be fine.

HTH,
Tom

(in reply to tshinder)
Post #: 105
RE: Discussion of Publishing OWA 2003 article - 27.Jun.2004 7:42:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by sundude:
Hi Tom,

Just had it double checked and we do not have URLSCAN installed on any of the boxes!

Been doing a lot of research and this is the only thing I have found:
http://www.experts-exchange.com/Web/Web_Languages/ASP/Q_20810397.html

So my current plan of action is to a) re-apply SP1 then if no joy
b) follow this Q article - http://support.microsoft.com/default.aspx?kbid=305835

Other than that I am totally stuck! Kippler if you are out there have you solved this problem?

Thanks,

The SunDude ;-)

Hi SunDude,

ISA 2000 doesn't not support HTTP 1.1 from remote client to the ISA firewall. Could that be the problem?

Thanks!
Tom

(in reply to tshinder)
Post #: 106
RE: Discussion of Publishing OWA 2003 article - 27.Jun.2004 7:44:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by sundude:
Hi Tom,

I got a workaround courtesy of MS Support. They have told us to terminate SSL at the ISA Server and use standard HTTP to talk to backend server.

Not ideal - but does give us some breathing space.

No idea why the SSL between the FE and BE was timing out...

Cheers,

The SunDude ;-)

Hi SunDude,

SSL from the FE to the BE Exchange Server is not supported.

However, there are no problems with SSL from the client to the ISA firewall's external interface and SSL form the ISA firewall's Internal interface to the FE server.

HTH,
Tom

(in reply to tshinder)
Post #: 107
RE: Discussion of Publishing OWA 2003 article - 27.Jun.2004 7:45:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by <thies>:
quote:
Originally posted by tshinder:
This thread is for discussing the publishing OWA 2003 articles. Part 1 is at http://www.msexchange.org/tutorials/pubowa2003part1.html.

HTH,
Tom

Hi Tom,

Thanks for your article. great stuff. I went through step by step in order to make my owa working.
The trouble is, i have problems with SSL, message error 440 login time out. Works fine with http.
the difference is I have a SBS 2003 premium edition, so all servers on one machine, and this might be some different handling the ssl tunnel.

any Idea how to get that fixed?
[Roll Eyes]

t.nowoitnick@crtpdl.com

Hi Thies,

This config will definitely NOT work when Exchange is installed on the firewall.

HTH,
Tom

(in reply to tshinder)
Post #: 108
RE: Discussion of Publishing OWA 2003 article - 23.Sep.2004 6:10:00 PM   
aceistheplace

 

Posts: 2
Joined: 23.Sep.2004
Status: offline
Tom,

Great articles, just what I needed to lead me throught the Exchange 2003 OWA and ISA 2000 setup! What would ISA administrators do without you?

I'm almost there with OWA- one remaining problem. When outside users click on the link, SSL shoots right through the ISA server to the Exchange server and starts to load the OWA logon page. The User Name and Password boxes appear, but then everything grinds to a halt. The graphics do not come up and the page never finishes loading. You can see the phenomena at:

https://webmail.orchardview.org/exchange

If I go to any internal network machine except the ISA server and type in the Exchange server's internal address (and "/exchange"), the logon page comes up just fine. If I try this on the ISA server, I get the same bad logon page load that a request from the outside would get.

So, it seems that it is something with ISA, where it just quits loading the page. I can't come up with the solution, I'm hoping that you can.

cheers,
Ace

(in reply to tshinder)
Post #: 109
RE: Discussion of Publishing OWA 2003 article - 24.Sep.2004 2:41:00 PM   
aceistheplace

 

Posts: 2
Joined: 23.Sep.2004
Status: offline
Regards my previous post, I kept picking at the problem and found 'a' solution, don't know if it's the correct solution, but it does work.

In IIS on the Exchange server, the instructions are to set Authentication to Basic Authentication only on the three Exchange folders. As an experiment, I expanded the ExchWeb folder to see the subfolders, such as controls, images, etc. On these subfolders, I changed the authentication to Anonymous Access only. The ExchWebfolder remained at Basic Authentication. Once I restarted the IIS service, I was able to come in from outside the network and get the logon page to display correctly.

I don't believe this will compromise security, but if anyone believes otherwise, please let me know.

cheers

(in reply to tshinder)
Post #: 110
RE: Discussion of Publishing OWA 2003 article - 1.Dec.2004 8:07:00 PM   
LogosAdmin

 

Posts: 1
Joined: 1.Dec.2004
From: NW WA
Status: offline
I went through the steps and have one issue. Internally OWA works great (however that doesn't deal with ISA of course). However when I attempt to use it from an external machine I get the following error: "500 Internal Server Error - The target principal name is incorrect. (-2146893022)". I don't know if it's possible, but I would like to allow the user to type in "mail.logos.com" and have it automatically redirect them. However is this not working. Any ideas?

-Gabriel

(in reply to tshinder)
Post #: 111
RE: Discussion of Publishing OWA 2003 article - 6.Jan.2005 12:31:00 AM   
tom_lively

 

Posts: 2
Joined: 6.Jan.2005
Status: offline
Hi,

I am having some difficulty making OWA2k3 available for external use. I am running ISA Server 2000 on a Windows 2000 server, Exchange 2003 is running on a Windows Server 2003 machine. I have followed the steps in the series of articles and internally it works fine. Externally I am receiving a "Page cannot be displayed" error.

I have configured an A record externally, which maps "owa.mydomain.com" to an external ip address on the ISA machine. I do not believe it is a DNS issue because all NSLOOKUPS resolve fine and if I enter "http://owa.mydomain.com/exchange" (not secure) it sends back an error saying that a secure connection is required.

My internal DNS servers are set up to forward external requests to my ISP. I have placed an entry for the FQDN in the Hosts file.

Any idea what I could be doing wrong?

Any help is appreciated,

Tom Lively

(in reply to tshinder)
Post #: 112
RE: Discussion of Publishing OWA 2003 article - 23.Feb.2005 2:36:00 PM   
weinstein_josh

 

Posts: 92
Joined: 15.Nov.2002
From: Toledo
Status: offline
Tom,
Thank you for publishing these great articles. I used all five last night to implement my new w2k3 exch2k3 machine behind ISA.

I was trying to add the URL redirection so you don't have to type the "https:", you would get forwarded automatically. I tried the two suggestions on page 1 of this thread thinking it would work, but for some reason it doesn't. I get the following error:
403 Forbidden - The page must be viewed over a secure (that is, Secure Sockets Layer (SSL)) channel. Contact the server administrator. (12211)

I experimented with a few things and then remembered the setting "Redirect HTTP requests as". I decided to change it to SSL requests hoping that ISA would perform the redirection for me, but that didn't work either. Any help would be appreciated.

Thanks,
Josh

(in reply to tshinder)
Post #: 113
RE: Discussion of Publishing OWA 2003 article - 23.Mar.2005 10:26:00 AM   
jamesquintin

 

Posts: 14
Joined: 6.Feb.2004
From: uk
Status: offline
Hi Tom

great guide to publishing the OWA, but i can't get it to work!

I followed your guide to the letter, but whenever i try to access my server externaly i get a:

HTTP Error 404 - File or directory not found.
Internet Information Services (IIS)

my set up is as follows:

ISA server running on windows 2003 DC
Exchange 2003 runnign on W2K DC

If i go to my website (no /exchange) i get the under contruction page which is fine.

I have read through some of the replies on this forum and it was suggested to stop the WWW service on the isa server, which i did but this makes the entire website unavailable.

any idea what i have done wrong? i assume its something to do with the redirect on my ISA server, but can't find aything wrong!

Cheers for you help

James Q

(in reply to tshinder)
Post #: 114
RE: Discussion of Publishing OWA 2003 article - 17.May2005 8:25:00 AM   
TaN

 

Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
Hello,
I've done whatever the article says but i have a problem.. At the client computers Internet explorer I get the following error:
"Cannot find server or DNS Error."

AD domain controller+CA server (Win2003 srv)
ISA server (Win2000 Srv)
Exchange server 2003 Ent. Edt.(Win2003 srv)

Internally everything works ok, meaning that i can see the OWA site.
I tried to make an external connection to isa (via telnet to port 443)and it connects.

Any idea.. ?

Thank you in advance

(in reply to tshinder)
Post #: 115
RE: Discussion of Publishing OWA 2003 article - 17.May2005 10:35:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Tan,

Sounds like the public DNS isn't in place yet.

HTH,
Tom

(in reply to tshinder)
Post #: 116
RE: Discussion of Publishing OWA 2003 article - 18.May2005 5:14:00 AM   
TaN

 

Posts: 27
Joined: 26.Feb.2003
From: Greece
Status: offline
hello!
Well..eventually,it was the client pc's problem:)
Everything works ok!
But may i ask you something?
In my old exchange 5.5 OWA site, I used to give the account credentials twice, that is, the 1st time in order to connect to the ISA ext. interface (right?) and the 2nd one after the Mailbox credentials part.
Now I'm only being asked once.. is this right??

thank you

(in reply to tshinder)
Post #: 117
RE: Discussion of Publishing OWA 2003 article - 22.Aug.2005 3:09:00 PM   
Guest
quote:
Originally posted by dbotto:
Hi Tom!

I'm having the same problem as murph123 have/had when I try to access OWA from external networks it loads all the objects from the OWA page but it hangs on "loading..." in every folders from the mailbox.
When I do it from internal network it works just fine.

Did you already know how to solve this problem?
I have the Destination Set with the FQDN, not the IP.

Thanks in advance!
Yours sincerely,
Diogo Botto

The Problem is solved already. We had a Web
filter configured on our ISA Server that was blocking this kind of traffic. It's working now!

Thanks anyway!

I too am having this issue. Most of the site comes up but where you should see the folder or message contents you only get "Loading...". Do you know what I am blocking so I can find it. Since I can see most of the site I have assumed that the publishing is working. I must be blocking something somewhere I just not sure what. The system is a complex back to back isa 2000 system.

Outer firewall = ISA 2000 SP1 FP1
Inner firewall = ISA 2000 SP1 (Is FP1 required for this to work? It would be a pain to install on this production system.)

Outer firewall uses Server Publishing and so just passes the SSL traffic into the inner firewall without inspection.

Inner firewall uses Web Publishing with FQDN in the Destination sets. SSL to SSL bridging is in place and working. Again I can see most of the site.

Since I do not have any Web Filters and do not have FP1 installed I do not think it can be a web filter.

Thank you for your site and writings! They have been invaluable to me since ISA 2000's release
-Mark from Buffalo NY

(in reply to tshinder)
  Post #: 118
RE: Discussion of Publishing OWA 2003 article - 22.Aug.2005 9:44:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mark,

Do you see this on all clients, or just some of them?

Thanks!
Tom

(in reply to tshinder)
Post #: 119
RE: Discussion of Publishing OWA 2003 article - 2.Sep.2005 5:14:00 PM   
avileshj

 

Posts: 1
Joined: 2.Sep.2005
From: PR
Status: offline
My agency is going to re do all the servers from scratch with new servers to install windows 2003, exchange 2003 ans isa 2004.

Can you explain all this parts publish owa but with isa 2004?

It will be great is you explain how to do it with the Edge Firewall and Back-to-Back template.

att,
Rams

(in reply to tshinder)
Post #: 120

Page:   <<   < prev  3 4 5 [6] 7   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> RE: Discussion of Publishing OWA 2003 article Page: <<   < prev  3 4 5 [6] 7   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts