ISA2004 denying HTTPS to OWA

From: Marc Meltzer (mmeltzer_at_REMOVETHISezracompany.com)
Date: 06/17/04 

Date: Thu, 17 Jun 2004 12:43:40 -0400

I was able to set up ISA2004 to allow standard HTTP access to my OWA server.

Now I'm trying to set up SSL access, but ISA is constantly denying access
with the error 0xc0040017 which apparently is
FWX_E_TCP_NOT_SYN_PACKET_DROPPED.

What does that mean, and how does it affect my situation?

The configuration is as follows:

ISA: External (209.193.204.75/26)
Internal (192.168.101.62/24)

Exch: Internal (192.168.101.61/24)

I've created a rule called HTTPS which is set for the following:

From: Anywhere
Users: All

To: ez1.company.tld (192.168.101.61)
(send original host header; requests appear from client)

Traffic: HTTPS (default options)

Public Name: email.company.tld
ez1.company.tld

>From the client, both names resolve to 209.193.204.75, which is the external
interface of the ISA server. I am allowing both because I wasn't sure if the
problem was a certificate issue.

Bridging: Set to redirect to port 443, which I assume is the default
configuration. No other options are checked.

Listener:
- External Network, although I think I tried All.
- Enable SSL
- Forms-based authentication

I created 2 certificates, both issued by EZ1:
- ez1.company.tld
- email.company.tld

I want to use email.company.tld for my users, but because of the problems
I'm having, I tried creating a certificate with the actual name of the
server.

When the client tries connecting, I am given the certificate warning about
the untrusted certificate. If I try connecting to OWA from an internal
computer, everything works fine. Do I need to remove the certificate from
the OWA server itself?

Thanks.
Marc

Relevant Pages

  • Re: Secure Web Server publishing.
    ... When you use https on is you must export the certificate from your webserver and import it to the isa. ... How do i go about this as I have no control over the Unix server itself, ...
    (microsoft.public.isa.configuration)
  • Re: ISA & External Web access to default website and RWW
    ... First, I have not tried to access with HTTPS, only through http. ... I think I have my certificate all foobared. ... > ISA uses destination sets for its web publishing rules, ... > has to match the destination set for ISA to allow the traffic. ...
    (microsoft.public.windows.server.sbs)
  • Re: SSL connecting on OWA 2003
    ... You need a certificate for any connection that is over HTTPS. ... have one for the connection from ISA Server to the OWA server. ... certificate as the one on the OWA server, but it doesn't seem too likely. ...
    (microsoft.public.isa.publishing)
  • Can publish SSL OWA with ISA 2004
    ... I have an OWA server that use https, It have its own certificate. ... Prev by Date: ...
    (microsoft.public.isa)
  • Re: RPC Over HTPPS on FE Server with OWA
    ... publish OWA and ROH through ISA 2006. ... I have a front end owa server configured as a OWA server using SSL ... (with a custom made certificate). ...
    (microsoft.public.exchange.admin)