Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion about article on Outlook Access from Anywhere
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about article on Outlook Access from Any... - 11.Oct.2005 12:27:00 PM
|
|
|
idyllicsys
Posts: 1
Joined: 11.Oct.2005
Status: offline
|
I followed the instructions and I have had everything running for about two months. All of the sudden, it stopped working. I can see that the request is being made to the ISA server, but then nothing happens. What do I do next?
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 23.Oct.2005 5:24:00 PM
|
|
|
imfruity
Posts: 8
Joined: 16.Jul.2005
From: Lenexa
Status: offline
|
ISA Guru's
This may have been addressed before but I have not seen this particular issue out their. I have enabled RPC over HTTP and it works like a champ. We have plans of using company wide to cut down on active VPN connections. The problem is this: If I enable RPC over HTTP on a client they are asked for a password in order to get email from inside the firewall. While on the road these ôexecutivesö are fine with supplying their password but in the office they want it to be the same has it was before. I have tried the KB article from MS with regards to account credentials. KB 820281
I am setup using basic authentication.
tim
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 24.Oct.2005 5:03:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Tim,
It sounds like they might be using RPC/HTTP internally, instead of MAPI/RPC. Fix the clients so that they use MAPI connections first on fast networks.
HTH,
Tom
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 24.Oct.2005 5:45:00 AM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Tom,
How do you accomplish that unless you use multiple Outlook profiles?
The point is that in Outlook a fast connection is assumed whenever an interface speed greater than 128 Kbps is reported by the OS. So, for any practical implementation without a real dial-up connection, that will be always the case.
Thanks,
Stefaan
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 24.Oct.2005 7:13:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Stefaan,
Just *do not* put checkmark in the:
* On fast networks, connect using HTTP first, then connect using TCP/IP
(BTW -- I wonder who came up with the stupid term 'TCP/IP' to refer to MAPI RPC?)
Leave the default setting: "On slow networks, connect using HTTP first, then connect using TCP/IP" enabled.
With this configuration, the OL2003 client will default to MAPI RPC and if that fails, then uses RPC/HTTP.
Make sense?
Thanks!
Tom
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 24.Oct.2005 11:00:00 PM
|
|
|
imfruity
Posts: 8
Joined: 16.Jul.2005
From: Lenexa
Status: offline
|
Tom,
I have tried the setting that you spoke of to no avail. I have thought about dual profiles that spouseele talked about and also was instructed to build to rules in ISA to allow for the two diffrent types of authitcation. Have you been succseful with the RPC over HTTP inside the firewall?
tim
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 25.Oct.2005 5:21:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by imfruity:
Tom,
I have tried the setting that you spoke of to no avail. I have thought about dual profiles that spouseele talked about and also was instructed to build to rules in ISA to allow for the two diffrent types of authitcation. Have you been succseful with the RPC over HTTP inside the firewall?
tim
Hi Tim,
It works inside the ISA firewall, but remember to not bounce back through the ISA firewall. Make sure your DNS is configured so that internal clients connect directly to the RPC proxy, not the ISA firewall.
HTH,
Tom
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 4.Nov.2005 1:01:00 PM
|
|
|
lsunder
Posts: 4
Joined: 4.Nov.2005
From: Spokane WA
Status: offline
|
I would like to publish the Exchange Server RPC to a protected network from my ISA 2004 Server, but I cannot seem to make it work.
To explain; I am going to isolate some lab networks behind an ISA 2004 Server and I need to provide the engineers Web access via proxy and full Outlook functionality from the lab networks.
The book says that Servers Publishing rules can be published to the default External network, or to Protected networks.
And I can make the Exchange Server RPC work when published to the default External network, but I can't make it work when I publish to a protected network, such as an alternate Internal, a Perimeter, or alternate External. I've tried defining my lab networks using all three approaches.
And the problem I run into if I just use the default External to define my lab networks, I cannot provide Web proxy services to them.
My question; is it really possible to publish Server Publishing Rules to other than the default External network, and if so, how is it down?
Any help or direction would be greatly appreciated. Even it's to say the what I want to can't be done, so I can stop beating my head against the wall! :-)
Thank you
Larry
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 7.Nov.2005 4:21:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Larry,
Yes, it is possible and I'm doing it now from a laptop in my wireless DMZ. You might want to check the DNS configuration information in included in my article series on how to configure server publishing for this scenario.
Remember, hosts on the DMZ segment need to resolve the name of the server to the IP address used in the Server Publishing Rule listener, not the actual IP address of the published server.
HTH,
Tom
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 9.Nov.2005 1:35:00 PM
|
|
|
lsunder
Posts: 4
Joined: 4.Nov.2005
From: Spokane WA
Status: offline
|
Sorry for the double post on this question. I did not see my post or the reply.
I don't think it's a DNS issue. When the Outlook client comming from the Protected network, the ISA log shows the the RPC requests from the client to the ISA Server address, the one being used in the rule, as being denied. It's like the ISA 2004 server is not listening on the protected network for the Exchange RPC requests, even though the rule is in place.
Larry
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 10.Nov.2005 6:50:12 PM
|
|
|
lsunder
Posts: 4
Joined: 4.Nov.2005
From: Spokane WA
Status: offline
|
Tom,
My problem has been resolved and I now have Exchange RPC publishing working on my protected lab network.
I had a network NAT rule from the lab network to the internal network. But I needed to make it bi-directional. One of my European co-workers was able to help me with this.
Thank you for providing the basic instructions to server publishing and for trying to help me with this.
Larry
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 20.Nov.2005 10:53:58 AM
|
|
|
Snowfresh
Posts: 31
Joined: 18.Feb.2005
Status: offline
|
Hi,
I am experiencing the following name resolution problem.
My internal exchange fqdn = exchange.ds.local
Over the internet I am using mail.domain.net
For OWA its works just fine. (https)
I have set up a spit dns were mail.domain.net internally points to the exchange server, and externally to the ISA server external NIC.
Why I am configure the Outlook 2003 clients to use mail.domain.net it keeps changing the name back to exchange.ds.local
So from the outside it does not work.
What am I missing? Why does outlook change the name?
PTR record perhaps?
Thanks in advance
Remy
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 20.Nov.2005 4:40:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Remy,
This will work fine for RPC/HTTP. However, you'll need a true split DNS (not a bolt on like what you're doing now, where you have added a zone). A true split DNS is required by secure Exchange RPC publishing.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 20.Nov.2005 8:08:10 PM
|
|
|
Snowfresh
Posts: 31
Joined: 18.Feb.2005
Status: offline
|
Hi Tom,
I am not quite sure if I understand you correctly, so may I ask you to explain it a little bit further.
mail.domain.net exists on a DNS server on the inside (AD DNS) and on the outside (ISP DNS).
This is a spilt DNS isn't it?
AD domain = ds.local
What do I have to change to get this working?
Thanks in advance.
Remy
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 20.Nov.2005 8:10:33 PM
|
|
|
Snowfresh
Posts: 31
Joined: 18.Feb.2005
Status: offline
|
and yes a read your article over split dns :-)
Remy
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 21.Nov.2005 12:08:04 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Snow,
What I mean is that the name of the Exchange Server must be server.domain.com, internally.
If the name is .local (a horrible thing to do, anda major design SNAFU by the SBS team) then you can't have a true split DNS infratructure, since you're using different names internally and externally.
However, at this point, I'm not sure if there is your problem, since I don't have all the details of your configuring, what you're tring to accomplish, what protocols you want to publish, and what clients need access.
HTH,
Tom
< Message edited by tshinder -- 21.Nov.2005 12:09:13 AM >
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about article on Outlook Access from Any... - 21.Nov.2005 4:51:44 PM
|
|
|
Snowfresh
Posts: 31
Joined: 18.Feb.2005
Status: offline
|
Hi Tom,
My network contains no DMZ.
1 ISA FW 2004
2 DC (DNS)
1 Exchange 2003 server
As said the FQDN from the exchange server is exrw01.ds.local
I have DNS servers on the inside and outside for companydomain.net
I would like to use the full outlook client when away from the office.
At the moment I have OWA (SSL) inplace.
When I configue outlook to use mail.companydomain.net the client changes it back to exrw01.ds.local
So on the outside the server cannot be found.
Would it be possible to use the rpc filter or am I better off with RPC over HTTP?
Thanks
Remy
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Wink]](/image/smiles/wink.gif)
![[Big Grin]](/image/smiles/biggrin.gif)
