RE: OWA Publishing problem for ISA 2006- using SecurID
- From: Brad <Brad@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 19 Oct 2006 11:17:02 -0700
JMS, Did you have any success with this? I'm in the exact same boat. The
rsa utility test works great, I have access to the backend server but when I
try to access it throught the listener I get denied.
--
Thanks,
Brad Loftus
"JMS" wrote:
Update:.
I found out that in ISA2006 you need to copy the sdconf.rec file to
C:\Program Files\Microsoft ISA Server\sdconfig, first off.
But it isn't taking the access code as it should. It's constantly telling
the user their authentication is wrong.
Closer... but I still need help!
"JMS" wrote:
So here is what I am seeing.
Users are connecting to https://myowa.domain.com/exchange
They are getting this when connecting from an ISA Server labeled page:
106: The Web server is busy. Try again later.
They don't even get prompted at all for their SecurID login.
On the ISA server I did test connectivity to the RSA server using their test
tool. It connects and authenticates fine from the ISA server. The file from
the RSA server is copied to system32.
Here is all of what I think should be pertinent. If anyone needs more info,
please let me know and I'll post more details:
ISA 2006 Std server. Connecting to NLB OWA machines. 443 open to/from
these servers and the ISA server (which is in my DMZ). ISA server is not a
domain member.
Firewall policy for this is the first in the list. Details:
From: Anywhere
To: Applies to myowa.domain.com. Original host header is checked. Requests
from ISA server.
Traffic: HTTPS
Listener: Set to use the listener detailed below.
Public Name lists myowa.domain.com
Paths:
<Same as Internal> for /public/*, /Microsoft-Server-ActiveSync/, /Exchweb/*,
/Exchange/*. Also have it resolving / to /exchange so if someone forgets to
add /exchange it will automatically do so.
Authentication Delegation: No delegation, but client may authenticate
directly. I had it set to RSA SecurID but that did no good.
Application Settings: Nothing set on this page of interest, i.e. Customized
forms is unchecked.
Bridging: Web server picked and redirect to 443 checked.
Users: All Auth Users
Link Trans: Apply link translation to this rule is checked.
For the web listener:
Networks: External and Internal
Connections: Enable SSL checked and set to 443
Certificates: Point to the cert I got from my OWA machine. Installed fine.
Authentication: Set to HTML Form Auth and RSA SecurID are picked. Nothing
else on this page. On the advanced properties of this tab nothing is
selected beyond the defaults.
Forms: Nothing selected
SSO: Not enabled.
Sorry for the lengthy message, but I figured the extra detail may help.
- Follow-Ups:
- References:
- Prev by Date: no valid network listener
- Next by Date: RE: OWA Publishing problem for ISA 2006- using SecurID
- Previous by thread: Re: OWA Publishing problem for ISA 2006- using SecurID
- Next by thread: RE: OWA Publishing problem for ISA 2006- using SecurID
- Index(es):
Relevant Pages
|
Loading
