Apologies if this has been asked before.
I have OWA working through ISA using only basic authentication using Web Publishing rules. I'm using ISA FP1, the excahnge server is 2000 SP3 sitting on a DC.
I'm trying to terminate the SSL connection at the ISA server and forward as HTTP, but whenever I go to https://mail.internetdomain.com/exchange I get a DNS error. If i uncheck Require SSL on the publishing rule then I can successfully access OWA via HTTP externally.
Sometimes when you redirect divergent protocols, you'll see this kind of problem. There are a couple of ways you can deal with it. The hard way is to use link translation The easy way is to make a registry entry:
*Nature of the certificate bound to the listener *Did you use the procedures described in ISA Server and Beyond (I know those work) *What is the EXACT config of your Web Publishing Rule? *Have you tried briding SSL as SSL? (the only recommended config)
I have just been through the procedure in the book (again), but still no joy.
I got the SSL for my Exchange server, then successfully exported/imported it into the machine personal certificates section on ISA. I am able to select the certificate when configuring the listener for that IP.
I have followed the proc in your book, but skipping the Password bit.
My web publishing rule is;
1. Destination set = mail.internetdomain.com /exchange*, /public*, /exchweb
2. redirect request to IP of OWA, send original host header, allow delegation of basic....
3. Redirect HTTP and SSL as HTTP. Require SSL
4. Applies to any request
If I bridge SSL as SSL then I've got to require SSL on OWA server yes? I'll go try that!
Right, (it's working)
I found an event from webproxy - when started it was unable to bind port 443 to the external NIC. I solved this by first stopping the default website (perhaps i should've mentioned I was running an intranet on the ISA server!) then restarting the web proxy. After checking the 443 on the external NIC was listening (and no error on event log) I restarted default website successfully. I suspect I'll have to do this every time ISA server restarts?
OWA now works fine using SSL, although has taken a performance hit. Is there anything I can do about this? - perhaps going back to terminating SSL at ISA?
Anyway many thanks for your help Tom, you're a gentleman.