Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: OWA https problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: OWA https problem - 4.Nov.2003 3:14:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
I only the one IP address on my external card, but if my memeory serves me correctly I had to configure the incoming listeners individually to get the certificate option to appear.
So what I would suggest, is to configure your listeners individually, you would currently have to configure 3 (as you aren't currently using your 4th IP address), if you take note of what incoming authorization, if any, you are currently using.
firstly create a listener using the IP address you use for the isa server itself, and configure it for just incoming port80, with any authentication, then do the same again for the ip address of the in house web site, again port 80 and any authentication.
Then for the owa site, configure another listener, using the IP address for owa and using port 80 and enable ssl, port 443, then select basic authentication and the required certificate.
Hope the above makes sense.
|
|
|
|
RE: OWA https problem - 5.Nov.2003 12:29:00 PM
|
|
|
cele
Posts: 8
Joined: 27.Oct.2003
From: Florence, Italy
Status: offline
|
Hi all!
I worked a lot to make my OWA working correctly using HTTPS, but was sevaral months ago. The main problem I had was for certificates, because if you pass from ISA to reach your published OWA site, your ISA server need to ask (and recognize) the certificate from you internal OWA server:
isa server send his (her ;-) ) cert. to the browser, than pass the SSL req. to the IIS hosting OWA that send the cert to ISA. If isa not recognize (for example for domain names) that certifcation authority, denies request. So you probably have to make the Cert. Auth. that created the OWA cert. trusted to the ISA server.
Tricky, I know...
Bye
Cele
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 12:51:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Hi
I have set my external IP's each with an individual configuration. The ip that requires the certificate has had it added. But due to a pop up on setting I have also gone thru the loop of setting only the OWA with a cert. But sadly this still does not work.
I think I am coming down on the side of the CA is not being recognised or something like that, mainly because even if I set the SSL Listeners on when I do a netstat -na i do not see any (SSL)ports listed as open and listening.
How can i check if the cert. contains the right info and the CA can be found ?. Still new to CA's
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 1:09:00 PM
|
|
|
cele
Posts: 8
Joined: 27.Oct.2003
From: Florence, Italy
Status: offline
|
As said, I made this several months ago.
I'll try to search in my docs and configs, but maybe is not the same for you. I try to explain my config:
I have two different domains (I mean not only windows domain, but TCP/IP domains): internaldomain.it and externaldomain.it.
When you pass all headers, the internal OWA server receive a request for externaldomain.it and not for internaldomain.it. so the Cert. installed on OWA's IIS must be externaldomain.it. Then must create a cert. and import in the certification DB for the ISA server, but because is issued by the internaldomain.it Certification Authority, this must be trusted (i.e. installed in a spefici "folder" in the cert. DB) in that machine.
This i done after correctly apllying of all the rules to publish a server (ssl to ssl, headers an so on)
If your config is different, may be you need some others modification, but I hope this will explain some general rules..
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 1:16:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
Sorry to hear its still not working.
With regards to the certificates are you creating your own certificates?
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 1:21:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Yes, I have created a CA on our Domain and I am using that as the certifcate issuer for the OWA Site.
|
|
|
|
RE: OWA https problem - 5.Nov.2003 1:27:00 PM
|
|
|
cele
Posts: 8
Joined: 27.Oct.2003
From: Florence, Italy
Status: offline
|
Are the machines on the same domain?
Have you installed this certificate properly on the machines (do you see that cert. in the proper panel on IIS console)?
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 1:33:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
Okay, so I assume you have created a certificate for your exchange box, if so, when you created it did you give it the same name as your exchange server or the same name as your FQDN?
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 1:51:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
The machines are on the same domain, to create the cert i used IIS web site properties security tab to install it I used the same tab and installed from there. The Cert Shows up all right it does not appear to have anything wrong with it in IIS.
When I created the Cert I used the FQDN of the owa site.
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 1:55:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
How did you go about exporting the certificate from your exchange server and importing it on the ISA server?
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 2:10:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
Can you confirm that if you use the mmc on the ISA server that the certificate is listed under the personal folder of the computer account?
If the certificate is in the right place, when you configure the ISA incoming listener, are you able to select the correct certificate from the drop down list?
|
|
|
|
RE: OWA https problem - 5.Nov.2003 2:17:00 PM
|
|
|
cele
Posts: 8
Joined: 27.Oct.2003
From: Florence, Italy
Status: offline
|
OK. Be shure that the Cert. issued on the OWA machine have tha name of the ISA server name.
if your external people access you net as
https://www.mydomain.com/exchange, probably your owa machine looks like http://owaserver/exchange.
If you try to connect (from your internal net) as the second way above, you must receive a warning that tells you that the cert. not correpsond to the machine that send the cert. If not, maybe you need to use a cert. to install in your OWA server that is for www.mydomain.com. This if because when you pass the headers from ISA to OWA, headers contains www.mydomain.it, and the server must recognize this. than you must install the same cert on both machines. This worked for me. Be sure that your IIS on OWA is configured to respond to that header properly.
Good luck.
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 3:25:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
I added the cert thru MMC into the local computer, first in personal and then added the CA to the Trusted Certs Folder
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 3:37:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Hi Scott,
I am starting to run out of thing to suggest, you appear to have everything configured ok.
If you try and access owa internally using https://internal_exchange_server_name/exchange do you get any error messages?
|
|
|
|
RE: OWA https problem - 5.Nov.2003 4:20:00 PM
|
|
|
ScottSTC
Posts: 16
Joined: 27.Oct.2003
From: London
Status: offline
|
Thats one of the things thats most annoying about this, if I access the machine https://internal_name/exchange then I get the request to accept the certificate, then I get the login in prompt and then once entered credentials i get in.
Ultimatley i suppose this is why i have put a request for help on here, cause it all appears to be ok and works if used in house. It just wont work from the outside world :-(
Is there anyother way I can do this with out SSL, but still keep it secure ?
|
|
|
|
|
RE: OWA https problem - 5.Nov.2003 4:58:00 PM
|
|
|
pinball
Posts: 188
Joined: 8.Jul.2002
From: Dundee, Scotland
Status: offline
|
Scott,
Since configuring the certificate on the isa server, have you re-booted the isa server?
It sounds daft but I am sure I remeber someone saying that the certificate didn't take effect the server had been rebooted.
|
|
|
|
RE: OWA https problem - 6.Nov.2003 12:15:00 PM
|
|
|
cele
Posts: 8
Joined: 27.Oct.2003
From: Florence, Italy
Status: offline
|
Hi!
I know how is frustrating following articles and see that after applying all still not work.
I red that article, but I followed other steps (I hate wizards), and have all in two different domains.
First, i didn't used an FQDN in the web publishing rule (my ISA is also DNS for our internet domain). If you still receive an host not found, try using IP address of your internal IIS (OWA) server. Than, if you pass original headers, may be that you specified explicitly headers in the default web site in your OWA's IIS.
As last, if you have a sniffer, watch the packets between ISA and OWA...
Good luck!
Cele
|
|
|
|
|
RE: OWA https problem - 6.Nov.2003 12:46:00 PM
|
|
|
Guest
|
Pinball, Yes I had but what with all the things tried since posting on here maybe not, I will have to do it to see what happens, but sadly for me I cant do it untill monday, now :-(
Cele, Thanks for the suggestion, I have considered using a packet sniffer, and will do when i get back to the office
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Big Grin]](/image/smiles/biggrin.gif)
