RE: OWA Publishing problem for ISA 2006- using SecurID

Update:

I found out that in ISA2006 you need to copy the sdconf.rec file to
C:\Program Files\Microsoft ISA Server\sdconfig, first off.

But it isn't taking the access code as it should. It's constantly telling
the user their authentication is wrong.

Closer... but I still need help!

"JMS" wrote:

So here is what I am seeing.

Users are connecting to https://myowa.domain.com/exchange

They are getting this when connecting from an ISA Server labeled page:
106: The Web server is busy. Try again later.

They don't even get prompted at all for their SecurID login.

On the ISA server I did test connectivity to the RSA server using their test
tool. It connects and authenticates fine from the ISA server. The file from
the RSA server is copied to system32.

Here is all of what I think should be pertinent. If anyone needs more info,
please let me know and I'll post more details:

ISA 2006 Std server. Connecting to NLB OWA machines. 443 open to/from
these servers and the ISA server (which is in my DMZ). ISA server is not a
domain member.

Firewall policy for this is the first in the list. Details:
From: Anywhere
To: Applies to myowa.domain.com. Original host header is checked. Requests
from ISA server.
Traffic: HTTPS
Listener: Set to use the listener detailed below.
Public Name lists myowa.domain.com
Paths:
<Same as Internal> for /public/*, /Microsoft-Server-ActiveSync/, /Exchweb/*,
/Exchange/*. Also have it resolving / to /exchange so if someone forgets to
add /exchange it will automatically do so.
Authentication Delegation: No delegation, but client may authenticate
directly. I had it set to RSA SecurID but that did no good.
Application Settings: Nothing set on this page of interest, i.e. Customized
forms is unchecked.
Bridging: Web server picked and redirect to 443 checked.
Users: All Auth Users
Link Trans: Apply link translation to this rule is checked.

For the web listener:
Networks: External and Internal
Connections: Enable SSL checked and set to 443
Certificates: Point to the cert I got from my OWA machine. Installed fine.
Authentication: Set to HTML Form Auth and RSA SecurID are picked. Nothing
else on this page. On the advanced properties of this tab nothing is
selected beyond the defaults.
Forms: Nothing selected
SSO: Not enabled.

Sorry for the lengthy message, but I figured the extra detail may help.

.

Relevant Pages

  • Re: RSA with OWA and FBA
    ... This might indicate that Microsoft might not be that happy about RSA SecurID ... Troubleshooting Unsupported Configurations in ISA Server 2004 ... SecurID authentication on ISA Server: ...
    (microsoft.public.isa)
  • Re: REPOST: Firewall Client Disconnects
    ... -> Define Connection Limits ... Subject: Firewall Client disconnects? ... reported it was unable to connect to the ISA server. ... The Firewall Client is for ISA 2004. ...
    (microsoft.public.windows.server.sbs)
  • REPOST: Firewall Client Disconnects
    ... Subject: Firewall Client disconnects? ... reported it was unable to connect to the ISA server. ... The Firewall Client is for ISA 2004. ... This posting is provided "AS IS" with no warranties, ...
    (microsoft.public.windows.server.sbs)
  • Re: REPOST: Firewall Client Disconnects
    ... >> Subject: Firewall Client disconnects? ... >> reported it was unable to connect to the ISA server. ... >> Thank you for posting to the SBS Newsgroup. ...
    (microsoft.public.windows.server.sbs)
  • Re: REPOST: Firewall Client Disconnects
    ... >> Subject: Firewall Client disconnects? ... >> reported it was unable to connect to the ISA server. ... >> Thank you for posting to the SBS Newsgroup. ...
    (microsoft.public.windows.server.sbs)