I have done every thing you told in the article, but it seems it will work ONLY for exchange Server 2k3... right?, 'cause as far as i know exchange server 2000 does not support form based authentication.
I was hopping isa server 2004 to "Implements" a form based authentication by it self.
Cool...! done it, but i have problems with the "gifs" and if i click on any e-mail front-end isa server asks for auth. again, is this normal?, what about the gifs?. Funny, but the gifs works like a charm using the Admiinistrator account, but when using a normal user account i have this problem... .
At the internal network the gifs works fine for administrator but not for normal users and keep asking username/password (via system popup)... then what should be happening?
These articles definitely did not work for me. (Similarly, MS's guide to publishing Sharepoint ALSO didn't work for me.)
However, I was able to back-to-back "Sever Publish" my OWA through SSL in about 5 minutes (which is how I had it setup for ISA 2000, as well.
One of the things I seem to see at points in trying to follow the articles is that the authentication is taking a stop through "localhost" instead of directly to the internal interface...
Equally important, it is not practical to utilize an "all open" access policy (so why even use it in the article?). Are there simply too many things to open--or does no one know what specifically needs to be allowed?
(Unfortunately, I cannot "Server Publish" Sharepoint, due to the URLs it serves up...so if you cannot web publish it, you can't publish it at all, apparently.) Of course, just to be clear, I have been able to Server Publish our Sharepoint with SSL, but many graphic links don't show, etc...so it isn't usable.
What I don't understand, is WHY (if I can SSL-serverpublish) CAN'T I webpublish? Why does one work and the other doesn't?
quote:Originally posted by TheBlackSmith: Cool...! done it, but i have problems with the "gifs" and if i click on any e-mail front-end isa server asks for auth. again, is this normal?, what about the gifs?. Funny, but the gifs works like a charm using the Admiinistrator account, but when using a normal user account i have this problem... .
At the internal network the gifs works fine for administrator but not for normal users and keep asking username/password (via system popup)... then what should be happening?
Hi TBS,
The clue here is the internal network. The ISA firewall shouldn't be handling connections to the OWA site from internal network clients, so it probably isn't an ISA firewall problem. Internal hosts should use Direct Access to reach the OWA site.
quote:Originally posted by barky81: These articles definitely did not work for me. (Similarly, MS's guide to publishing Sharepoint ALSO didn't work for me.)
However, I was able to back-to-back "Sever Publish" my OWA through SSL in about 5 minutes (which is how I had it setup for ISA 2000, as well.
One of the things I seem to see at points in trying to follow the articles is that the authentication is taking a stop through "localhost" instead of directly to the internal interface...
Equally important, it is not practical to utilize an "all open" access policy (so why even use it in the article?). Are there simply too many things to open--or does no one know what specifically needs to be allowed?
(Unfortunately, I cannot "Server Publish" Sharepoint, due to the URLs it serves up...so if you cannot web publish it, you can't publish it at all, apparently.) Of course, just to be clear, I have been able to Server Publish our Sharepoint with SSL, but many graphic links don't show, etc...so it isn't usable.
What I don't understand, is WHY (if I can SSL-serverpublish) CAN'T I webpublish? Why does one work and the other doesn't?
Hi Barky,
The All Open rule is used because everyone's firewall policy is going to be different. There's no reason to promote a specific firewall policy since everyone's is going to be different.
Hi Tom; I have attemped to publish owa in a site back you back with ISA 2006 and exchange 2007 approximately the 2 months and I'vnt obtained. I followed diverse tutorial and also this published for you and I dind't success. I also tried to publish placing the third net card that to bind front isa with exchange for do not have another firewall in the way, but the error is the same. I receive the screen of OWA but they don't accept the user and password. What can I do ? regardsJeri
Is there anybody who did this with ISA 2006 and Exchange 2007, successfully? Pre authentication seems to be the key ... @Tom what do are your ideas on this? Regards
I have attemped to publish owa in a site back to back with ISA 2006 and exchange 2003, I followed Your tutorial and I dind't success.I receive the screen of OWA but they don't accept the user and password. What can I do ? BTW on back ISA everything works fine. Do I need RADIUS for auth on Front ISA ?
Good day, I hope you can give me some clarity on my problem. Scenario : We are running ISA 2000 that publish to a OWA 2003 server on our domain. We have a ISA 2006 server that handles all other incoming traffic.Currently we are experiencing problems on the ISA 2000 server.
Can I configure OWA traffic to be published from both ISA servers in order to prevent downtime while we are busy with the change? I need to have some testing time without downtime. That is why I need to run it from both ISA servers.
What I plan to do is create a new DNS entry : test.owa.mydomain.com on the ISA 2006 server.
Part 2 Page 2 states: "In addition, the front-end ISA firewall must be able to resolve the name of the OWA Web site to the IP address on the external interface of the back-end ISA firewall that is listening for incoming requests to the OWA Web site on the default Internal network behind the back-end ISA firewall."
That IP address would be 10.0.1.2 in this scenario.
On Page 6 or Part 2 we have: "You can use either a split DNS or a HOSTS file entry on the front-end ISA Server 2004 firewall machine to resolve this name to the IP address used by the Exchange Server on the internal network. In the current example, we have used a HOSTS file"
In this scenario, the IP address used by the Exchange Server on the internal network is 10.0.0.2.
So which is it? Should the front end ISA resolve owa.msfirewall.org to 10.0.0.2 or 10.0.1.2?