Re: OWA Form Resetting

Listener - Authentication on the ISA 2004 Server. That is.


"Wow" <Fan@O&A.XM> wrote in message
news:uYEDqgFSGHA.6084@xxxxxxxxxxxxxxxxxxxxxxx
If I want FBA on the Exchange server what setting do I set for the
Listener - Authentication (Basic, Integrated...?)

Thanks,
Marty


"ZVR" <no_spam_ever@xxxxxx> wrote in message
news:44184cd0$0$5733$9a6e19ea@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Are you using Exchange 2003? If yes, do you have FBA (forms based
authentication) enabled on both your ISA and Exchange servers? That can
be your issue - only one of them can be active at a time. If you prefer
FBA for external connections rather than internal ones, you need to
enable FBA for the web listener in ISA, and disable it in Exchange System
Manager. See the following article (the "note" under the "Forms-Based
Authentication" section):
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.mspx


2. The reason why you are getting alerts regarding the certificate being
issues by a company you don't trust, is that you don't have the
Certification Authority's (CA) own certificate in the list of trusted
certification authorities. You need to import the CA certificate (for a
root CA, usually a self-signed certificate) into the "Trusted Root
Certification Authorities" container of the "Local Computer" account, on
both the ISA server computer (very important!) as well as the external
client computers. This step is optional for the external clients; not
having that CA certificate in the list of trusted providers should not
prevent them for connecting to the published server, but you will
continue to get that alert if you don't perform this step. Obviously your
laptop already has the CA certificate in the list.

See the following article for tips regarding import and export of
certificates:
http://technet2.microsoft.com/WindowsServer/en/Library/2746cc74-5401-443b-898f-5dc53b1cbcb01033.mspx


3. What kind of connection are you using between the external clients and
ISA, and between ISA and the internal Exchange server? In other words,
how are you bridging requests: HTTPS to HTTPS (SSL bridging), HTTPS to
HTTP (encryption is only used on the external client side), or HTTP to
HTTPS (encryption only used on the LAN side... note that you should never
user this because of the security implications).


4. Finally a link to a very good article by Tom Shinder about publishing
OWA using a commercial certificate:
http://www.isaserver.org/tutorials/Using-Commercial-Web-Site-Certificate-Publish-Outlook-Web-Access-Part1.html


Virgil




"Wow" <Fan@O&A.XM> wrote in message
news:OsDBzEESGHA.4792@xxxxxxxxxxxxxxxxxxxxxxx
Help desperately need!

I have read through countless articles from ISAServer.org &
Microsoft.com but my OWA still doesn't work. Saturday, I installed a new
Win2003 server as my new ISA 2004 server. This server replaced my
Win2000 / ISA 2000 server. I have an Exchange server loaded on a Win2000
server. These servers and a two others are part of our Win2000 domain. I
have purchased a Certificate two years ago that was installed on the
ISA2000 server.

Today, I was able to get the OWA to work on our internal network using
https://servername/exchange. The SSL cert it is using is one I purchased
two years ago. Internally, I can view the cert and the certs associated
with it (the cert path). When I logon externally, I get a Security Alert
that the cert is issued by a company I don't trust. When I view the cert
I get - This cert cannot be verified up to a trusted cert authority. If
I click "Yes" to proceed I get the OWA logon form. When I type in my
username & password the form just resets. I get no error.

On my laptop I was able to get to the OWA logon form with no Cert
problems. The cert was good but the OWA logon form just resets everytime
I try to logon.

Any thoughts?
-Marty







.

Relevant Pages

  • Re: SharePoint 3.0: problems with external access
    ... Here are the steps to publish a WSS 3.0 application behind ISA Server. ... Let's assume that you created a new WSS 3.0 application, that listens to port 80, and the host header is 'Intranet'. ... Go to IIS Manager and make sure that the IP address of the site is set to the IP address of the server. ... Run the wizard to create a new SSL certificate for the site. ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... We are making this a virtual server (someone is going on-site on Thursday to install VMWare (which will kill everything on this box) and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... If the Exchange 2007 box is hosting mailboxes, it won't work as a front-end equivalent. ... We are making this a virtual server and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)
  • Re: CEICW after loading third party certificate
    ... After revoking the old certificate that had a mismatched ... pick a name that you wish to access your server by. ... way that ISA 2004 is setup. ... Choose a name for the server and get a cert with that name. ...
    (microsoft.public.windows.server.sbs)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)