Re: odd owa issue

Hello Customer,

Thank you for your reply.

First, please let me know that: Does the CEICW create the "SBS web
listener" in your ISA server 2004?

Since you access the OWA from external thru
https://mail.domain.com/exchange, I suggest we try to run the CEICW again
thru the steps:

a. On the SBS 2003 Server open the Server Management console. Go to
Standard Management\To Do List.

b. Click the "Connect to the Internet" link.

c. When navigating to the Firewall page, select "Enable firewall" and click
Next.

d. On the "Services Configuration" page, select all the items and then
click Next.

e. On the "Web Services Configuration" page, you can select "Allow access
to the entire Web site from the Internet". If you select "Allow access to
only the following Web site services from the Internet", make sure all item
in the list are selected. Click Next.

f. On the "Web Server Certificate" page, choose to create a new Web server
certificate and then type the public FQDN "mail.domain.com" that you will
use to access OWA.

g. Go through the remaining steps.

Then, try to access the OWA from external thru
https://mail.domain.com/exchange, do you success?

If you still get certificate error, please perform the following steps:

a. Please open the ISA management console,

b. Navigate to Firewall Policy, on the right pane, click Toolbox->Network
Objects->Web Listeners,

c. Double click the "SBS Web Listener" . Go to the Preferences tab, ensure
the Certificate for the SSL is the certificate you create before thru the
CEICW. If no, please click Select button to select the new created
certificate.

d. Click OK. Then please click Apply to save the settings.

If we cannot resolve the issue after we perform the above steps, please
kindly help me collect some information for further investigation:

1. Do you get any error when you run CEICW?

2. Can you access the OMA from external thru https://mail.domain.com/oma?

3. Can you access the sharepoint from external thru
https://mail.domain.com:444?

4. What error do you get when you access the OWA from external? Please
capture screenshots on the error page and send the pictures to me at
v-terliu@xxxxxxxxxxxxx

5. Please help to gather the ISA Info:

1) Download the file from the following URL:

http://www.isatools.org/tools/isainfo.zip

2) Extract all files to a folder on ISA server.

3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.

4) Please send these files to me at v-terliu@xxxxxxxxxxxxx

6. Please also help to gather the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that I
can filter the data.

Hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| NNTP-Posting-Date: Thu, 02 Aug 2007 04:51:01 -0500
| From: "dl" <d@xxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| References: <MPednbCELZGFMzHbnZ2dnUVZ_oOnnZ2d@xxxxxxxxxxxxx>
<n5M58Yo0HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<X7GdnbWsoIs_HDPbnZ2dnUVZ_rCtnZ2d@xxxxxxxxxxxxx>
<uktcgL20HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
<nOidndWKJ81dIzLbnZ2dnUVZ_rOpnZ2d@xxxxxxxxxxxxx>
<LcJ#xMC1HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: odd owa issue
| Date: Thu, 2 Aug 2007 05:50:51 -0400
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| X-RFC2646: Format=Flowed; Original
| Message-ID: <-_2dnSvG7ceYNCzbnZ2dnUVZ_tSknZ2d@xxxxxxxxxxxxx>
| Lines: 187
| X-Usenet-Provider: http://www.giganews.com
| NNTP-Posting-Host: 64.81.203.167
| X-Trace:
sv3-2113ZfyNagDHa1TznkGIRxSop0KSVoklEsbZ1VLdJdeLNhhnOElNiMSewFQhh3h5P4lElD8g
AQePkuH!GpZBLqmItFKn1Lwj6DWjo/xKd9GCD+ieS+GxhAUCVNzWacNIK29ugmT4mzbgxfgHg3Dj
lsufs9ki!a13kM5fTS4QkyMm8VhGjZwnjiyfMDBE=
| X-Complaints-To: abuse@xxxxxxxxxxxxx
| X-DMCA-Complaints-To: abuse@xxxxxxxxxxxxx
| X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
complaint properly
| X-Postfilter: 1.3.35
| Bytes: 8736
| X-Original-Bytes: 8693
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
0.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca
..giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.com!nntp.speakeasy
..net!news.speakeasy.net.POSTED!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:53927
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
|
| "Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:LcJ%23xMC1HHA.4200@xxxxxxxxxxxxxxxxxxxxxxxxx
| > Hello Customer,
| >
| > Thank you for kind update.
| >
| > Since there is no "SBS web listener" in your ISA server 2004, we have to
| > run the CEICW first. The CEICW will create the web listener
automatically.
| >
| > Go through the follow KB and Rerun CEICW again carefully.
| >
| > How to configure Internet access in Windows Small Business Server 2003
| > http://support.microsoft.com/kb/825763/en-us
| >
| > Detailed steps for your reference:
| >
| > a. On the SBS 2003 Server open the Server Management console. Go to
| > Standard Management\To Do List.
| >
| > b. Click the "Connect to the Internet" link.
| >
| > c. When navigating to the Firewall page, select "Enable firewall" and
| > click
| > Next.
| >
| > d. On the "Services Configuration" page, select all the items and then
| > click Next.
| >
| > e. On the "Web Services Configuration" page, you can select "Allow
access
| > to the entire Web site from the Internet". If you select "Allow access
to
| > only the following Web site services from the Internet", make sure
| > "Outlook
| > Web Access" item in the list is selected. Click Next.
| >
| > f. On the "Web Server Certificate" page, choose to create a new Web
server
| > certificate and then type the public FQDN (your public DNS name) that
you
| > will use to access OWA (for example, if your public FQDN that you use to
| > access the sites is www.xyz.com, you should type www.xyz.com as the new
| > certificate name).
| >
| > g. Go through the remaining steps.
| >
| > Then, uncheck the FBA in ISA 2004:
| > Please open the ISA management console, navigate to Firewall Policy, on
| > the
| > right pane, click Toolbox->Network Objects->Web Listeners, double click
| > the
| > "SBS Web Listener" for OWA publishing. Go to the Preferences tab, click
| > Authentication, make sure the OWA Forms-Based option is unchecked and
| > Integrated is checked. Click OK twice. Then please click Apply to save
the
| > settings.
| >
| > If we cannot resolve the issue after we perform the above steps, please
| > kindly help me collect some information for further investigation:
| >
| > 1. Does the CEICW create the "SBS web listener" in your ISA server 2004?
| >
| > 2. Does the authentication issue only happen on external users or
happen
| > on
| > both external and internal users?
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| > --------------------
| > | NNTP-Posting-Date: Tue, 31 Jul 2007 17:59:12 -0500
| > | From: "dl" <d@xxxxx>
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | References: <MPednbCELZGFMzHbnZ2dnUVZ_oOnnZ2d@xxxxxxxxxxxxx>
| > <n5M58Yo0HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
| > <X7GdnbWsoIs_HDPbnZ2dnUVZ_rCtnZ2d@xxxxxxxxxxxxx>
| > <uktcgL20HHA.5204@xxxxxxxxxxxxxxxxxxxxxx>
| > | Subject: Re: odd owa issue
| > | Date: Tue, 31 Jul 2007 18:59:05 -0400
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
| > | X-RFC2646: Format=Flowed; Original
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
| > | Message-ID: <nOidndWKJ81dIzLbnZ2dnUVZ_rOpnZ2d@xxxxxxxxxxxxx>
| > | Lines: 30
| > | X-Usenet-Provider: http://www.giganews.com
| > | NNTP-Posting-Host: 64.81.203.167
| > | X-Trace:
| >
sv3-qFHYdVBOPUYLeQbXAaLIwNw3XlxkrcwoCS8kTzBrsJIX24qVMbyoIy60eOYnQW7DovqmoHlc
| >
luqRr9D!UXX97jF42mEqCoxf8wGpvuFJTrJfubc5yIVGaOtiVv3WJMEEx9ukaC4nhDct1FBlly2j
| > BL9hNMdo!vxh7yfHDnE3ZDlSePVE20bj9KpvigwY=
| > | X-Complaints-To: abuse@xxxxxxxxxxxxx
| > | X-DMCA-Complaints-To: abuse@xxxxxxxxxxxxx
| > | X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
| > | X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
| > complaint properly
| > | X-Postfilter: 1.3.35
| > | Bytes: 2438
| > | Path:
| >
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!news-out.
| >
cwix.com!newsfeed.cwix.com!newscon02.news.prodigy.net!prodigy.net!border1.nn
| >
tp.dca.giganews.com!nntp.giganews.com!local01.nntp.dca.giganews.com!nntp.spe
| > akeasy.net!news.speakeasy.net.POSTED!not-for-mail
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:53611
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | b
| > | "Terence Liu [MSFT]" <v-terliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
| > | news:uktcgL20HHA.5204@xxxxxxxxxxxxxxxxxxxxxxxxx
| > | > Hello Customer,
| > | >
| > | > Thank you for kind update.
| > | >
| > | > I. If you this issue only happen on external access, the internal
| > access
| > | > is
| > | > good, this is a ISA publish issue:
| > | >
| > | > Based on my further research, we could not enable FBA on ISA 2004
and
| > | > Exchange server at same time. I suggest we try the following steps
to
| > see
| > | > if we can resolve this issue:
| > | >
| > | > 1. Uncheck the FBA in ISA 2004:
| > | > Please open the ISA management console, navigate to Firewall
Policy,
| > on
| > | > the
| > | > right pane, click Toolbox->Network Objects->Web Listeners, double
| > click
| > | > the
| > | > "SBS Web Listener" for OWA publishing. Go to the Preferences tab,
| > click
| > | > Authentication, make sure the OWA Forms-Based option is unchecked
and
| > | > Integrated is checked. Click OK twice. Then please click Apply to
save
| > the
| > | > settings.
| > |
| > | Before I go further, I wanted to tell you that in ISA I do not have an
| > SBS
| > | web listent for OWA publishing. Should I go to the next step or do
| > something
| > | in ISA?
| > |
|
| It appears to be working from the lan - just not from the outside world.
if
| i go to http://mail.domain.com/exchange - it autoforwards to SSL, finds a
| bad certificate (the old one, not the new one I created before in ICW)
and
| page cannot be displayed.
|
|
|
|
|

.