Re: Urgent! OWA /Exchange redirect problem

Another observation, it looks like the redirect rule is still missing
something.

When I entered https://owa.internal.org/exchange, URL will be translated to
https://email.coweeuclab.org/CookieAuth.dll?GetLogonWrapper?url=%2Fexchange&reason=0

When I entered https://owa.internal.org/, URL will be translated to
https://email.coweeuclab.org/CookieAuth.dll?GetLogonWrapper?url=%2F&reason=0

Note there is no 2FExchange in the second URL which is the "/Exchange"
portion.

Does that ring any bells?


"andy" wrote:

Yes, FBA at ISA, no FBA at front-end.

Just a bit more info, since the test lab is all mine. I joined the test ISA
to the domain and below is the result:

1. Openhttps://owa.internal.org and enter correct logon credential

404 File not Found is displayed

2. But when I typed https://owa.internal.org/exchange, it show the inbox
without logon form. So the authentication process was completed at step #1,
it just failed to show the inbox...

Before join to the domain, both https://owa.internal.org and
https://owa.internal.org/exchange will show "404 File not found" when "force
authentication" is enabled on the OWA listener.

Thanks







"Binh Duong" wrote:

Andy,
are you using OWA Forms-based authentication?

"andy" <andy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CCA04380-EBE6-427C-98B1-56DFC1B785F9@xxxxxxxxxxxxxxxx
I am getting very close... I can see the logon page from
https://email.external.oreg if I force authentication on the OWA Listener
or
allow only "Authenticated Users" to use the rule, but the authentication
process still fail with below error even when the correct logon credential
is
entered:

"You could not be logged on to Outlook Web Access. Make sure your
domain\user name and password are correct, and then try again."

The ISA server is a unihome setup as a standalone server, not member of
the
internal domain due to "security constrain" of the organization. If this
is
the cause of the problem, is there a work-around?

thanks



"Daniel Mauser" wrote:

Andy,
If you specify in your request https://email.external.org/exchange are
you
able to reach OWA page?
Daniel Mauser.


"andy" <andy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F9894DE4-901F-4C34-A5C4-988101124109@xxxxxxxxxxxxxxxx
Hi Daniel, thanks for your reply. Yes, I changed the front-end CN to
match
the public name, then add the host entry to ISA server to resolve the
public
name to the internal front-end instead of itself. That solved the 505
error
but now I get 404 Page Not Found error when I enter
https://email.external.org. So the redirection is still not working.
Any
more hint?

The redirection rule is supposed to re-route /* to /Exchange\

thanks

"andy" wrote:

Hi, I like to redirect OWA users to the correct path when http is used
or
when /exchange is missing. HTTP->HTTPS is easy to solve with
WebDirect
but I
have problem with the /Exchange redirect, hopefully someone can give
me
some
hints:

Configuration Info
internal server name: internalserver
public URL: https://email.external.org/exchange
certificate CN: https://email.external.org/exchange
Public DNS: email.external.org = IP of ISA

I get "Error Code: 500 Internal Server Error. The target principal
name
is
incorrect" When I setup the OWA and Redirect Absent Path rules as
described
in
http://www.isaserver.org/tutorials/Redirecting-OWA-Users-Part2.html

When there is only OWA rule without the "redirect absent path" rule.
I
get
"HTTP 404 - File not found" error if I add "/Exchange\" as internal
path.

If I add "/Exchange" without the back-slash, the form-based logon page
will
show but it will stuck at the logon page after logon credential is
entered.

Thanks






.

Relevant Pages

  • Re: Fixing URL redirect exploit at /exchweb/bin/auth/owaauth.dll
    ... can be fixed by hard-coding the redirect to your server external IP/domain ... logon.asp) and can be accessed directly from the internet of an OWA server. ... PCI is virtually impossible. ...
    (microsoft.public.windows.server.sbs)
  • Re: Fixing URL redirect exploit at /exchweb/bin/auth/owaauth.dll
    ... When you say that using FBA resolves the ... can be fixed by hard-coding the redirect to your server external IP/domain ... Using FBA does resolve the issue but the way OWA uses cookies to manage ...
    (microsoft.public.windows.server.sbs)
  • Re: problem with OWA redirection Exch 2k7
    ... This is loaded on Win2k3 server and I allow SSL ... through the firewall to this exchange 2007 server for OWA, ... The problem is when I implement the first proceedure listed, the redirect ...
    (microsoft.public.exchange.admin)
  • Re: Urgent! OWA /Exchange redirect problem
    ... are you using OWA Forms-based authentication? ... The ISA server is a unihome setup as a standalone server, ... internal server name: internalserver ...
    (microsoft.public.isa.configuration)
  • Re: OWA could not access email after moving mailbox
    ... IIS doesn't redirect persay - it accesses DS on 5.5 Server A via RPC calls ... > access through OWA. ... > OWA giges the message "unable to get in Mailbox". ...
    (microsoft.public.exchange.admin)
Loading