Re: Front end server OWA redirection

From: Grant (gpsnett_at_hotmail.com)
Date: 03/03/05 

Date: Thu, 3 Mar 2005 10:13:43 -0000

Thanks for that - Ill have a look and let you know how I go (Ive been
derailed with other tasks at the moment).

"Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
in message news:udFVjt0HFHA.276@tk2msftngp13.phx.gbl...
> Here is a list of the permissions I have configured in IIS and Exchange.
> The redirection works fine for me. I put in http://feserver/exchange and
> I get the logon page (Forms-based authentication enabled). When I enter
> in domain\user and password, it proxies the request to the correct BE
> server and the BE server serves up the data.
>
> FE server:
> Default Web Site - make sure that the OWA Logon ISAPI Filter is loaded and
> pointing to the correct location (default of \program
> files\exchsrvr\exchweb\bin\owaauth.dll)
> Exchange vdir - Basic only with Default domain of \ (although Integrated
> shouldn't hurt); SSL enabled and enforced. (I'm also doing things like
> the redirection to the /exchange vdir and redirecting http to https, but
> that doesn't affect the outcome).
> Public vdir - Basic only (same comment as above)
> Exchweb vdir - Anonymous only
> Exchweb\bin vdir - Basic only (Default domain of \ ) - Also, under Virtual
> Directory, Execute permissions are set to Scripts and Executables, and
> Application Pool is set toe ExchangeApplicationPool (shouldn't have to
> worry about Application Name).
> Actual Folders NTFS permissions:
> \program files\exchsrvr\exchweb - Authenticated users have Read access
> (basically all domain user accounts) - having Read and Execute should be
> fine here as well.
> \program files\exchsrvr\exchweb\bin - Authenticated users have Read and
> Execute, List folder contents, Read permissions
>
> BE Server
> Exchange vdir - Basic with Netbios Domain name listed, Integrated.
> Public vdir - same
> ExchWeb vdir - Anonymous only
> Exchweb\bin - Basic and Integrated (Default domain listed as Netbios
> domain name) - Same permissions as above (Scripts and Executables), same
> Application Pool.
> NTFS permissions:
> Exchweb - Read, Read and Execute, List Folder Contents
> Exchweb\bin - same.
>
> If all the above settings are correct, I'd check DNS. Are you positive
> that your internal DNS servers have A records for both Exchange servers?
> Do either of your servers have funky settings like multple IP's or
> multiple NIC's? It also wouldn't be a bad idea to make sure that you have
> a reverse lookup zone for your internal subnet.
>
> Hope this helps.
>
> --
> Ben Winzenz
> Exchange MVP
>
>
> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom> wrote
> in message news:uPmvvD0HFHA.4032@TK2MSFTNGP12.phx.gbl...
>> You might try adding the cert to IE's certificate store on your computer.
>> I'll also pull up my lab environment here and see if there are other
>> specific settings enabled.
>>
>> --
>> Ben Winzenz
>> Exchange MVP
>>
>>
>> "Grant" <gpsnett@hotmail.com> wrote in message
>> news:ezejwyzHFHA.2700@TK2MSFTNGP09.phx.gbl...
>>> FE and BE server are both on the LAN. SSL is configured on the FE server
>>> only.
>>> Going directly to the backend server gets me a login prompt - Entering
>>> domain\username and password, I can see my inbox via OWA.
>>>
>>> I checked those IIS permissions and they are as you suggested.
>>>
>>> Ive got a new front end test server configured with:
>>> SSL
>>> RPC-HTTP working.
>>>
>>> With this new FE server, if I browse to the https://Servername/exchange
>>> Im asked to trust the certificate, then get an 'Cannot find server or
>>> DNS Error'
>>>
>>> With the old test server if I browse to https://Servername/exchange, Im
>>> asked to trust the certificate, then I get the Login page where I can
>>> select a premiums or basic login. When I enter my details with an
>>> incorrect password I get an error saying:
>>>
>>> 'You could not be logged on to Outlook Web Access. Make sure your
>>> domain\user name and password are correct, and then try again.'
>>>
>>> And when I enter the correct details I get the 'Cannot find server or
>>> DNS Error'.
>>>
>>> Im no longer getting the 400 error.... its still going to the
>>> https://servername/exchweb/bin/auth/owaauth.dll
>>>
>>>
>>>
>>> "Ben Winzenz [Exchange MVP]" <ben_winzenz@NOSPAMdotmessageonedotcom>
>>> wrote in message news:O0FoSmzHFHA.580@TK2MSFTNGP15.phx.gbl...
>>>> Where is your FE server? DMZ or internal LAN? Do you have SSL
>>>> configured on both the FE and BE? (you should only need it on the FE).
>>>> Redirection to the appropriate BE server should be done automatically.
>>>>
>>>> What happens if you go directly to the address of the BE server?
>>>>
>>>> Also, check your permissions in IIS. On the FE server, you need to
>>>> make sure you have the following:
>>>>
>>>> Front End:
>>>> Exchweb Vdir - Anonymous
>>>> Exchweb/Bin - Basic
>>>>
>>>> Back End:
>>>> Exchweb Vdir - Anonymous
>>>> Exchweb/Bin - Basic AND Integrated
>>>>
>>>> --
>>>> Ben Winzenz
>>>> Exchange MVP
>>>>
>>>>
>>>> "Grant" <gpsnett@hotmail.com> wrote in message
>>>> news:ObMkSwyHFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> I have configured a front end server to use RPC-HTTP successfully. Ive
>>>>> got the SSL certificate and it all works great.
>>>>> Problem is, Im trying to configure an Outlook web login page, but cant
>>>>> get it to redirect to the backend server. Firstly I wasnt even getting
>>>>> an OWA page until I followed the instructions in the this article:
>>>>>
>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;555053
>>>>>
>>>>> Now I get a login page but as soon as I type in a domain\username and
>>>>> password, I get a 404 page could not be found error. This should be
>>>>> redirecting to my backend server (Where OWA is working fine) but i
>>>>> notice in the address bar it says;
>>>>>
>>>>> https://Servername/exchweb/bin/auth/owaauth.dll
>>>>>
>>>>> So what else am I missing here? How do i get this redirected to my
>>>>> backend server?
>>>>>
>>>>> Any help greatly appreciated!
>>>>>
>>>>> Cheers,
>>>>> Grant
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Relevant Pages

  • Re: Virtual Directory - Permission Denied with fso CopyFile
    ... TestUser (normal user account with same credentials on all machines). ... I created a share on a remote server. ... reviewing it's sharing permissions and security tab permissions "everyone" ... "directory security" tab on the vdir and selecting, edit, edit and manually ...
    (microsoft.public.inetserver.iis)
  • Re: Front end server OWA redirection
    ... > Here is a list of the permissions I have configured in IIS and Exchange. ... > server and the BE server serves up the data. ... > Exchweb vdir - Anonymous only ...
    (microsoft.public.exchange.admin)
  • Re: Front end server OWA redirection
    ... > Here is a list of the permissions I have configured in IIS and Exchange. ... > server and the BE server serves up the data. ... > Exchweb vdir - Anonymous only ...
    (microsoft.public.exchange2000.connectivity)
  • Re: Front end server OWA redirection
    ... > Here is a list of the permissions I have configured in IIS and Exchange. ... > server and the BE server serves up the data. ... > Exchweb vdir - Anonymous only ...
    (microsoft.public.exchange2000.admin)
  • RE: How to query exchange on sbs2003 for outlook delegates
    ... Exchange 2003 Server to get the Outlook delegates list in SBS 2003 network. ... Check both "Check permissions on default folders" and "Extract ... Microsoft is providing this information as a convenience to you. ...
    (microsoft.public.windows.server.sbs)
Loading