Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Discussion about Publishing Outlook Web Access and Outlook RPC/HTTP with ISA Server 2006 part 4
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about Publishing Outlook Web Access and ... - 24.Sep.2006 12:45:35 AM
|
|
|
blomus
Posts: 12
Joined: 23.Sep.2006
Status: offline
|
Hello!
At first, excuse my English, it's a Swiss interpretation of this language 
I took this Tutorial to configure my installation, Exchange 2003 behind the new ISA 2006. I adapted that to my one Exchange Server Scenario without the Farm Configuration. OWA works, but I try now about 8 hours to figure out the problem with rpc over https. I can't connect with my Outlook Client. I tried everything 399 times, no chance. The resources about ISA 2006 are very sparely, about 3 articles to that. 
So, when I try to test the rpc Configuration with https://localhost/rpc, the login box comes up, what is requested. But there, I can't login to receive the requested 403.2 Error, the box comes up again 3 times and then it breaks with a credential error. So, I think I have a problem there, but I compared everything with a standard rpc installation (without isa) that works, nothing. I tried also with e reinstallation of the rpc Service and the Service Pack 2 of Exchange... no chance.
So, now I'm searching for an answer and I don't know who can help me.... 
If you have an Idea... I'm very receptive to any tip!!!
Thanx and Best Regards,
blomus from Switzerland
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 24.Sep.2006 4:40:55 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Blomus,
Are the certificates name correctly? Download and install the ISA Firewall BPA and see if it finds problems with your certificates.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 24.Sep.2006 8:09:35 PM
|
|
|
blomus
Posts: 12
Joined: 23.Sep.2006
Status: offline
|
Hi Tom,
Thanks for your reply. Yes, the Certificates are ok. I have an official certificate (trustcenter, like Verisign). OWA works without any error. Also the rpc tests are now successful, I made a mistake, I tested it with the guidelines of windows 2003 without SP1... so internal everything seems ok. Only when I try to connect from outside, trough the ISA Server nothing happens. When I try to test from outside with a connection to https://host.ch/rpc, the ISA Login Screen comes up (like OWA). But after sign in, nothing happens, ISA displays the login screen again!
I invested many hours now in this configuration and I can't find the failure!
Marco
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 26.Sep.2006 1:30:51 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Marco,
Have you configure the Outlook client to use Basic authentication? Also, make sure the credentials delegation is set for Basic delegation.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 26.Sep.2006 11:59:58 PM
|
|
|
blomus
Posts: 12
Joined: 23.Sep.2006
Status: offline
|
Hi Tom,
Yes, everything set to Basic authentication. When I run /rpcdiag Switch, I can see, that nothing happens over HTTP. Outlook tries to connect and after a timeout of 20-30 seconds, the request fails with the standard answer that Exchange must be online! Internal everything works fine!
Regards,
Marco
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 27.Sep.2006 1:54:05 PM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Marcos,
What is the common name on the Web site certificate bound to the Web listener?
What is the common name on the Web site certificate bound to the RPC/HTTP proxy machine?
What is the name on the TO tab?
What is the name on the public name tab?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 27.Sep.2006 6:04:16 PM
|
|
|
blomus
Posts: 12
Joined: 23.Sep.2006
Status: offline
|
Hi Tom,
What is the common name on the Web site certificate bound to the Web listener? webmail.insidehost.ch
What is the common name on the Web site certificate bound to the RPC/HTTP proxy machine? webmail.insidehost.ch (exchange server/ i've exported the certificate to a file from this machine and imported it to the isa, which says me that the cert. is correctly installed)
What is the name on the TO tab? webmail.insidehost.ch and the internal name, if the external can't resolved
What is the name on the public name tab? webmail.insidehost.ch
Regards,
Marco
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 26.Oct.2006 2:56:41 PM
|
|
|
baseline
Posts: 1
Joined: 26.Oct.2006
Status: offline
|
Hi,
I've read the article through and trough but I'm still confused on one point.
ISA 2006 Web Farms are exactly what my client wants. He refuses to buy an hardware load-balancer and Windows integrated NLB doesn't work since ISA 2004 is unable to pool the destination IP's/Ports to see if they're alive.
Now, reading the article (as I've understood it) we now can have different certificates on the listener and on the target web servers?...
This is confusing, in ISA 2004 with SSL bridging I had to have the same certificate on the listener and on the target web server(s).
Is this not the case in ISA 2006 with Web Farms?
regards
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 27.Oct.2006 9:03:57 AM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
ORIGINAL: blomus
Hi Tom,
What is the common name on the Web site certificate bound to the Web listener? webmail.insidehost.ch
What is the common name on the Web site certificate bound to the RPC/HTTP proxy machine? webmail.insidehost.ch (exchange server/ i've exported the certificate to a file from this machine and imported it to the isa, which says me that the cert. is correctly installed)
What is the name on the TO tab? webmail.insidehost.ch and the internal name, if the external can't resolved
What is the name on the public name tab? webmail.insidehost.ch
Regards,
Marco
Hi Marco,
OK, all that seems right.
Is the Exchange Server on a DC?
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 24.Jan.2007 9:35:07 AM
|
|
|
tshinder
Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Dan,
Its more simple when its on the DC. All you need to do is install the RPC/HTTP proxy service on the machine. You don't need to fiddle with the ports in the Registry.
Keep in mind that you can't use an FBA enabled listener for RPC/HTTP with the 2004 ISA Firewall.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Discussion about Publishing Outlook Web Access and ... - 27.Feb.2007 3:44:05 AM
|
|
|
blayshing
Posts: 9
Joined: 18.Dec.2006
Status: offline
|
hi guys,
i dunno if this has been asked somewhere but do i really need to create a split DNS for me to access my OWA from external clients? are there any other alternatives?
thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
... help please...
