Re: OWA Form Resetting
- From: "ZVR" <no_spam_ever@xxxxxx>
- Date: Wed, 15 Mar 2006 14:08:54 -0500
Depends on the client browsers... integrated is better but not all browsers
support it. IE and Firefox do.
Basic authentication forwards the user and pass in clear-text, so that's why
you should not use it... unless you're using HTTPS for the client connection
to ISA, in which case that's protected by the SSL layer already so no need
to worry. That's what I usually do... basic authentication on the ISA
listener coupled with SSL encryption.
Virgil
"Wow" <Fan@O&A.XM> wrote in message
news:uV%23JPoFSGHA.4452@xxxxxxxxxxxxxxxxxxxxxxx
Listener - Authentication on the ISA 2004 Server. That is.
"Wow" <Fan@O&A.XM> wrote in message
news:uYEDqgFSGHA.6084@xxxxxxxxxxxxxxxxxxxxxxx
If I want FBA on the Exchange server what setting do I set for the
Listener - Authentication (Basic, Integrated...?)
Thanks,
Marty
"ZVR" <no_spam_ever@xxxxxx> wrote in message
news:44184cd0$0$5733$9a6e19ea@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Are you using Exchange 2003? If yes, do you have FBA (forms based
authentication) enabled on both your ISA and Exchange servers? That can
be your issue - only one of them can be active at a time. If you prefer
FBA for external connections rather than internal ones, you need to
enable FBA for the web listener in ISA, and disable it in Exchange
System Manager. See the following article (the "note" under the
"Forms-Based Authentication" section):
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.mspx
2. The reason why you are getting alerts regarding the certificate being
issues by a company you don't trust, is that you don't have the
Certification Authority's (CA) own certificate in the list of trusted
certification authorities. You need to import the CA certificate (for a
root CA, usually a self-signed certificate) into the "Trusted Root
Certification Authorities" container of the "Local Computer" account, on
both the ISA server computer (very important!) as well as the external
client computers. This step is optional for the external clients; not
having that CA certificate in the list of trusted providers should not
prevent them for connecting to the published server, but you will
continue to get that alert if you don't perform this step. Obviously
your laptop already has the CA certificate in the list.
See the following article for tips regarding import and export of
certificates:
http://technet2.microsoft.com/WindowsServer/en/Library/2746cc74-5401-443b-898f-5dc53b1cbcb01033.mspx
3. What kind of connection are you using between the external clients
and ISA, and between ISA and the internal Exchange server? In other
words, how are you bridging requests: HTTPS to HTTPS (SSL bridging),
HTTPS to HTTP (encryption is only used on the external client side), or
HTTP to HTTPS (encryption only used on the LAN side... note that you
should never user this because of the security implications).
4. Finally a link to a very good article by Tom Shinder about publishing
OWA using a commercial certificate:
http://www.isaserver.org/tutorials/Using-Commercial-Web-Site-Certificate-Publish-Outlook-Web-Access-Part1.html
Virgil
"Wow" <Fan@O&A.XM> wrote in message
news:OsDBzEESGHA.4792@xxxxxxxxxxxxxxxxxxxxxxx
Help desperately need!
I have read through countless articles from ISAServer.org &
Microsoft.com but my OWA still doesn't work. Saturday, I installed a
new Win2003 server as my new ISA 2004 server. This server replaced my
Win2000 / ISA 2000 server. I have an Exchange server loaded on a
Win2000 server. These servers and a two others are part of our Win2000
domain. I have purchased a Certificate two years ago that was installed
on the ISA2000 server.
Today, I was able to get the OWA to work on our internal network using
https://servername/exchange. The SSL cert it is using is one I
purchased two years ago. Internally, I can view the cert and the certs
associated with it (the cert path). When I logon externally, I get a
Security Alert that the cert is issued by a company I don't trust. When
I view the cert I get - This cert cannot be verified up to a trusted
cert authority. If I click "Yes" to proceed I get the OWA logon form.
When I type in my username & password the form just resets. I get no
error.
On my laptop I was able to get to the OWA logon form with no Cert
problems. The cert was good but the OWA logon form just resets
everytime I try to logon.
Any thoughts?
-Marty
.
- Follow-Ups:
- Re: OWA Form Resetting
- From: Wow
- Re: OWA Form Resetting
- References:
- OWA Form Resetting
- From: Wow
- Re: OWA Form Resetting
- From: ZVR
- Re: OWA Form Resetting
- From: Wow
- Re: OWA Form Resetting
- From: Wow
- OWA Form Resetting
- Prev by Date: Re: Port 8080 allocation error in web proxy filter
- Next by Date: Re: Port 8080 allocation error in web proxy filter
- Previous by thread: Re: OWA Form Resetting
- Next by thread: Re: OWA Form Resetting
- Index(es):
Relevant Pages
|
