RE: OWA Publishing problem for ISA 2006- using SecurID

That helped me with some minor setting changes but I'm still getting the same
problem where I'm unable to actually log in successfully. Not sure what is
going on for sure.
--
Thanks,

Brad Loftus




"JMS" wrote:

So here is what I am seeing.

Users are connecting to https://myowa.domain.com/exchange

They are getting this when connecting from an ISA Server labeled page:
106: The Web server is busy. Try again later.

They don't even get prompted at all for their SecurID login.

On the ISA server I did test connectivity to the RSA server using their test
tool. It connects and authenticates fine from the ISA server. The file from
the RSA server is copied to system32.

Here is all of what I think should be pertinent. If anyone needs more info,
please let me know and I'll post more details:

ISA 2006 Std server. Connecting to NLB OWA machines. 443 open to/from
these servers and the ISA server (which is in my DMZ). ISA server is not a
domain member.

Firewall policy for this is the first in the list. Details:
From: Anywhere
To: Applies to myowa.domain.com. Original host header is checked. Requests
from ISA server.
Traffic: HTTPS
Listener: Set to use the listener detailed below.
Public Name lists myowa.domain.com
Paths:
<Same as Internal> for /public/*, /Microsoft-Server-ActiveSync/, /Exchweb/*,
/Exchange/*. Also have it resolving / to /exchange so if someone forgets to
add /exchange it will automatically do so.
Authentication Delegation: No delegation, but client may authenticate
directly. I had it set to RSA SecurID but that did no good.
Application Settings: Nothing set on this page of interest, i.e. Customized
forms is unchecked.
Bridging: Web server picked and redirect to 443 checked.
Users: All Auth Users
Link Trans: Apply link translation to this rule is checked.

For the web listener:
Networks: External and Internal
Connections: Enable SSL checked and set to 443
Certificates: Point to the cert I got from my OWA machine. Installed fine.
Authentication: Set to HTML Form Auth and RSA SecurID are picked. Nothing
else on this page. On the advanced properties of this tab nothing is
selected beyond the defaults.
Forms: Nothing selected
SSO: Not enabled.

Sorry for the lengthy message, but I figured the extra detail may help.

.

Relevant Pages

  • Branch Office VPN Options
    ... for connecting one of my customer's main office SBS2000 ... The branch office PC's ... WinXP PPTP VPN client. ... the domain) for Exchange email and ISA Server filtering. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: port 389 on SBS 2003 ISA 2004
    ... The ISA server is installed since the beginning. ... I have a problem in connecting with an external server thru the port ... Winsock: Connecting to ca.cetrel.lu:389 ...
    (microsoft.public.windows.server.sbs)
  • Re: Connecting ISA
    ... >> Connecting the ISA server to the router will I need a crossover cable? ... >>> One NIC, the one to the internal network, should be assigned an ...
    (microsoft.public.isa.configuration)
  • Re: 21171 VPN connection attempt could not be established.
    ... Are the connecting users Domain users / local Windows users / RADIUS users? ... Verify there is connectivity between the ISA server and the domain controller / RADIUS server where the users are defined. ... Check that the client is not a Firewall client on the Internal network. ... Did you go to the System Event log on the ISA Server machine and check ...
    (microsoft.public.isa.vpn)
  • RE: OWA Publishing problem for ISA 2006- using SecurID
    ... They are getting this when connecting from an ISA Server labeled page: ... On the ISA server I did test connectivity to the RSA server using their test ... Authentication Delegation: No delegation, but client may authenticate ...
    (microsoft.public.isa.publishing)