• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion about Publishing an OWA Site in a Back to Ba... - 26.Jul.2005 11:02:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the Publishing an OWA Site in a Back to Back ISA Firewall Configuration (Part 1) article at http://www.isaserver.org/tutorials/Publishing-OWA-Site-Back-to-Back-ISA-Firewall-Pa rt1.html and part 2 at http://isaserver.org/tutorials/Publishing-OWA-Site-Back-to-Back-ISA-Firewall-Part2.html

Thanks!
Tom

[ August 02, 2005, 09:53 AM: Message edited by: tshinder ]
Post #: 1
RE: Discussion about Publishing an OWA Site in a Back t... - 5.Aug.2005 9:36:00 PM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline
I have done every thing you told in the article, but it seems it will work ONLY for exchange Server 2k3... right?, 'cause as far as i know exchange server 2000 does not support form based authentication.

I was hopping isa server 2004 to "Implements" a form based authentication by it self.

Well, i can reach the /certsrv/* path from the internet using username, password and domain, but when i call the http://owa.mydomain.com/exchange i get a "403 Forbidden" error, if i call the https://owa.mydomain.com/exchange/ i get this error...

Technical Information (for support personnel)

Error code: 12206
Background: The page you requested could not be reached.

Keep in mind that i had done the same way u told me to do in the article, but i get this nasty errors... [Frown]

Ne idea, suggestion, help or anything that can help me get OWA up and running?

(in reply to tshinder)
Post #: 2
RE: Discussion about Publishing an OWA Site in a Back t... - 6.Aug.2005 8:54:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi TBS,

You do NOT need Exchange 2003 for this to work, since the ISA firewall generates the form.

The article doesn't use a path:

owa.mydomain.com

What are the ACTUAL names you are using on the certificates? What are the ACTUAL names used on the To tab and Public Name tabs?

This is where people tend to miss the config.

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion about Publishing an OWA Site in a Back t... - 8.Aug.2005 10:09:00 AM   
theblacksmith

 

Posts: 46
Joined: 24.Jun.2002
Status: offline
Cool...! done it, but i have problems with the "gifs" and if i click on any e-mail front-end isa server asks for auth. again, is this normal?, what about the gifs?. Funny, but the gifs works like a charm using the Admiinistrator account, but when using a normal user account i have this problem... [Razz] .

At the internal network the gifs works fine for administrator but not for normal users and keep asking username/password (via system popup)... then what should be happening?

[ August 08, 2005, 12:02 PM: Message edited by: TheBlackSmith ]

(in reply to tshinder)
Post #: 4
RE: Discussion about Publishing an OWA Site in a Back t... - 29.Aug.2005 4:13:00 PM   
barky81

 

Posts: 15
Joined: 29.Apr.2002
Status: offline
These articles definitely did not work for me. (Similarly, MS's guide to publishing Sharepoint ALSO didn't work for me.)

However, I was able to back-to-back "Sever Publish" my OWA through SSL in about 5 minutes (which is how I had it setup for ISA 2000, as well.

One of the things I seem to see at points in trying to follow the articles is that the authentication is taking a stop through "localhost" instead of directly to the internal interface...

Equally important, it is not practical to utilize an "all open" access policy (so why even use it in the article?). Are there simply too many things to open--or does no one know what specifically needs to be allowed?

(Unfortunately, I cannot "Server Publish" Sharepoint, due to the URLs it serves up...so if you cannot web publish it, you can't publish it at all, apparently.) Of course, just to be clear, I have been able to Server Publish our Sharepoint with SSL, but many graphic links don't show, etc...so it isn't usable.

What I don't understand, is WHY (if I can SSL-serverpublish) CAN'T I webpublish? Why does one work and the other doesn't?

(in reply to tshinder)
Post #: 5
RE: Discussion about Publishing an OWA Site in a Back t... - 6.Sep.2005 10:43:00 AM   
barky81

 

Posts: 15
Joined: 29.Apr.2002
Status: offline
bump?

(in reply to tshinder)
Post #: 6
RE: Discussion about Publishing an OWA Site in a Back t... - 7.Sep.2005 10:34:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by TheBlackSmith:
Cool...! done it, but i have problems with the "gifs" and if i click on any e-mail front-end isa server asks for auth. again, is this normal?, what about the gifs?. Funny, but the gifs works like a charm using the Admiinistrator account, but when using a normal user account i have this problem... [Razz] .

At the internal network the gifs works fine for administrator but not for normal users and keep asking username/password (via system popup)... then what should be happening?

Hi TBS,

The clue here is the internal network. The ISA firewall shouldn't be handling connections to the OWA site from internal network clients, so it probably isn't an ISA firewall problem. Internal hosts should use Direct Access to reach the OWA site.

HTH,
Tom

(in reply to tshinder)
Post #: 7
RE: Discussion about Publishing an OWA Site in a Back t... - 7.Sep.2005 10:36:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by barky81:
These articles definitely did not work for me. (Similarly, MS's guide to publishing Sharepoint ALSO didn't work for me.)

However, I was able to back-to-back "Sever Publish" my OWA through SSL in about 5 minutes (which is how I had it setup for ISA 2000, as well.

One of the things I seem to see at points in trying to follow the articles is that the authentication is taking a stop through "localhost" instead of directly to the internal interface...

Equally important, it is not practical to utilize an "all open" access policy (so why even use it in the article?). Are there simply too many things to open--or does no one know what specifically needs to be allowed?

(Unfortunately, I cannot "Server Publish" Sharepoint, due to the URLs it serves up...so if you cannot web publish it, you can't publish it at all, apparently.) Of course, just to be clear, I have been able to Server Publish our Sharepoint with SSL, but many graphic links don't show, etc...so it isn't usable.

What I don't understand, is WHY (if I can SSL-serverpublish) CAN'T I webpublish? Why does one work and the other doesn't?

Hi Barky,

The All Open rule is used because everyone's firewall policy is going to be different. There's no reason to promote a specific firewall policy since everyone's is going to be different.

What is failing in your Web Publishing Rules?

Thanks!
Tom

(in reply to tshinder)
Post #: 8
RE: Discussion about Publishing an OWA Site in a Back t... - 22.Jun.2007 9:15:57 PM   
jbalconi

 

Posts: 1
Joined: 22.Jun.2007
Status: offline
Hi Tom;
I have attemped to publish owa in a site back you back with ISA 2006 and exchange 2007 approximately the 2 months and I'vnt obtained. I followed diverse tutorial and also this published for you and I dind't success. I also tried to publish placing the third net card that to bind front isa with exchange for do not have another firewall in the way, but the error is the same. I receive the screen of OWA but they don't accept the user and password. What can I do ? regardsJeri

(in reply to tshinder)
Post #: 9
RE: Discussion about Publishing an OWA Site in a Back t... - 4.Mar.2008 7:54:26 AM   
Snowfresh

 

Posts: 31
Joined: 18.Feb.2005
Status: offline
Hi,
 
Is there anybody who did this with ISA 2006 and Exchange 2007, successfully?
Pre authentication seems to be the key ...
@Tom what do are your ideas on this?
Regards
 
 

(in reply to jbalconi)
Post #: 10
RE: Discussion about Publishing an OWA Site in a Back t... - 29.Mar.2008 10:27:50 AM   
vjekohaker

 

Posts: 2
Joined: 29.Mar.2008
Status: offline
I have attemped to publish owa in a site back to back with ISA 2006 and exchange 2003, I followed Your tutorial  and I dind't success.I receive the screen of OWA but they don't accept the user and password. What can I do ?
BTW on back ISA everything works fine.
Do I need RADIUS for auth on Front ISA ?

(in reply to Snowfresh)
Post #: 11
RE: Discussion about Publishing an OWA Site in a Back t... - 12.Feb.2009 2:24:05 AM   
antonb

 

Posts: 1
Joined: 12.Feb.2009
Status: offline
Good day,
I hope you can give me some clarity on my problem.
Scenario : We are running ISA 2000 that publish to a OWA 2003 server on our domain. We have a ISA 2006 server that handles all other incoming traffic.Currently we are experiencing problems on the ISA 2000 server.

Can I configure OWA traffic to be published from both ISA servers in order to prevent downtime while we are busy with the change? I need to have some testing time without downtime. That is why I need to run it from both ISA servers.

What I plan to do is create a new DNS entry : test.owa.mydomain.com on the ISA 2006 server.

Hope you can assist me with this.

(in reply to tshinder)
Post #: 12
RE: Discussion about Publishing an OWA Site in a Back t... - 26.Feb.2009 11:41:02 AM   
jordi.lopez

 

Posts: 2
Joined: 25.Feb.2009
Status: offline
I followed this articles and when I tried to connect externally by owa appears the page to put the user and password but I put it and nothing.

In the Front-End Firewall i can see a Denied Connection for HTTPS from External to Local Host, any ida?

It seems like the forwarding from the Front-End FW to the Back-End FW is not working

Thank you very much


Jordi

(in reply to tshinder)
Post #: 13
RE: Discussion about Publishing an OWA Site in a Back t... - 20.Sep.2011 5:42:07 PM   
schmidlap

 

Posts: 13
Joined: 8.Jul.2010
Status: offline
Part 2 Page 2 states: "In addition, the front-end ISA firewall must be able to resolve the name of the OWA Web site to the IP address on the external interface of the back-end ISA firewall that is listening for incoming requests to the OWA Web site on the default Internal network behind the back-end ISA firewall."

That IP address would be 10.0.1.2 in this scenario.

On Page 6 or Part 2 we have: "You can use either a split DNS or a HOSTS file entry on the front-end ISA Server 2004 firewall machine to resolve this name to the IP address used by the Exchange Server on the internal network. In the current example, we have used a HOSTS file"

In this scenario, the IP address used by the Exchange Server on the internal network is 10.0.0.2.

So which is it? Should the front end ISA resolve owa.msfirewall.org to 10.0.0.2 or 10.0.1.2?

(in reply to tshinder)
Post #: 14
RE: Discussion about Publishing an OWA Site in a Back t... - 25.Nov.2011 8:04:31 AM   
seegrem

 

Posts: 13
Joined: 27.Oct.2011
Status: offline
hello
Thanks for provide me information about this topic this will help me.because this will help me.
Thanks
Regards
seegrem

(in reply to tshinder)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> Discussion about Publishing an OWA Site in a Back to Back ISA Firewall Configuration Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts