Re: Accessing Parent companys OWA from within SBS2003

Tech-Archive recommends: Speed Up your PC by fixing your registry

Congratulations on the family :-).

I haven't yet had a response from the ISA person I asked about this, I'll try again.

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"Ross Scott" <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:383931E3-517B-43A7-B7DF-61E504C33706@xxxxxxxxxxxxxxxx
Hi Les

Apologies for late reply as my wife and I have just had our first child :-)

Ok tried it on the SBS console and it does the same as if from a client.

Thanks
Ross

"Les Connor [SBS MVP]" wrote:

Ross,

From your SBS server console, can you access the external OWA site?

--
Les Connor [SBS MVP]
________________________
Get the SBS BPA here:
http://support.microsoft.com/kb/940439/en-us


"Ross Scott" <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE584D19-4BBA-4A7F-8076-46342EF19C49@xxxxxxxxxxxxxxxx
> Anyone else able to shed some light on this ?
>
> Any help appreciated
>
> Thanks
> Ross
>
> "Ross Scott" wrote:
>
>> No there is no SSL redirection. Yes we use the domain\username format >> as
>> you
>> can see in the screen shot i provided.
>>
>> Im not an expert on ISA unfortunately so if you could help me a bit >> here
>> that would be great ...as far as I am aware there is an allow all rule
>> ...should i be looking at Site and Content Rules or Protocol Rules ?
>>
>> Thanks Les
>> Ross
>>
>> "Les Connor [SBS MVP]" wrote:
>>
>> > How about the rest of the questions?
>> >
>> > -- >> > Les Connor [SBS MVP]
>> > ________________________
>> > Get the SBS BPA here:
>> > http://support.microsoft.com/kb/940439/en-us
>> >
>> >
>> > "Ross Scott" <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> > news:F2DC17C8-A365-42EC-9921-126A440F6AEA@xxxxxxxxxxxxxxxx
>> > > Morning Les
>> > >
>> > > No it does not have the pretty OWA logon form it just has the >> > > login
>> > > dialog
>> > > box. My brother in laws does have the form but as soon as you log >> > > in
>> > > you
>> > > get
>> > > 403 forbidden.
>> > >
>> > > Here is as far as I can get wiht the HO OWA (screenshot)
>> > >
>> > > www.rsphoto.nildram.co.uk/owa.jpg
>> > >
>> > > Hope this helps
>> > >
>> > > Ta
>> > > Ross
>> > >
>> > > "Les Connor [SBS MVP]" wrote:
>> > >
>> > >> Does the HO site have the pretty OWA logon form, or do you just >> > >> get
>> > >> the
>> > >> windows credential challenge? (small box with username and
>> > >> password)
>> > >>
>> > >> Does the HO have any SSL redirection? i.e. I notice the url isn't
>> > >> https,
>> > >> does the HO OWA re-direct to SSL after you access it? If so, do >> > >> you
>> > >> if
>> > >> the
>> > >> SSL port is *other* than 443? If so, ISA will block this unless >> > >> you
>> > >> specifically define the port/protocol and allow it.
>> > >>
>> > >> When you login to the OWA, do you use domain\username format for >> > >> the
>> > >> user
>> > >> name - where the domain is the HO domain, and username is the HO
>> > >> username
>> > >> assigned to you?
>> > >>
>> > >> Do you have any custom rules in ISA?
>> > >> Do you have an allow all/all/all rule in ISA?
>> > >>
>> > >>
>> > >> I think i have known in the past what is causing this, but can't
>> > >> remember
>> > >> the details. I'm thinking .... tick boxes in ISA ..... IE not
>> > >> passing
>> > >> credentials, http 1.1 enabled, gzip corruption. If it rings a >> > >> bell
>> > >> with
>> > >> anyone - please jump in.
>> > >>
>> > >> -- >> > >> Les Connor [SBS MVP]
>> > >> ________________________
>> > >> Get the SBS BPA here:
>> > >> http://support.microsoft.com/kb/940439/en-us
>> > >>
>> > >>
>> > >> "Ross Scott" <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in >> > >> message
>> > >> news:83D4E65F-69C9-40E0-BB2F-460D85EA9D3C@xxxxxxxxxxxxxxxx
>> > >> > Hi Les
>> > >> >
>> > >> > the address is http://bppwebmail.removeme.bpp.com/exchange take
>> > >> > out the
>> > >> > removeme
>> > >> >
>> > >> > I can access the page ok but I just cant log in...it almost
>> > >> > displays it
>> > >> > but
>> > >> > just keeps coming up with the login credentials and when I >> > >> > click
>> > >> > the
>> > >> > new
>> > >> > message icon within OWA I get a forbidden 403 error.
>> > >> >
>> > >> > Also I can Access my brother in laws login page but as soon as >> > >> > you
>> > >> > login
>> > >> > in
>> > >> > it says 403 forbidden. As I mentioned in early emails I plugged >> > >> > a
>> > >> > laptop
>> > >> > straight into my router bypassing the SBS network and voila >> > >> > both
>> > >> > work
>> > >> > so
>> > >> > its
>> > >> > something on the sbs network preventing this and no 1 culprit >> > >> > is
>> > >> > more
>> > >> > than
>> > >> > likely ISA
>> > >> >
>> > >> > Thanks again Les and let me know how you get on
>> > >> >
>> > >> > Cheers
>> > >> > Ross
>> > >> >
>> > >> > "Les Connor [SBS MVP]" wrote:
>> > >> >
>> > >> >> Can you post the URL for the HO OWA? If so, I can try it from
>> > >> >> here. I
>> > >> >> don't
>> > >> >> need any credentials, I just want to see if the login comes up >> > >> >> or
>> > >> >> not,
>> > >> >> and
>> > >> >> what error is produced. I have both ISA and non-ISA here to >> > >> >> test
>> > >> >> from.
>> > >> >>
>> > >> >> Forbidden generally means the destination is configured with >> > >> >> some
>> > >> >> IP
>> > >> >> restrictions.
>> > >> >>
>> > >> >> You can also try my OWA if you like, its
>> > >> >> https://sbs.cfive.removethis.ca/exchange. Take out the
>> > >> >> removethis, and
>> > >> >> see
>> > >> >> if you get a login.
>> > >> >>
>> > >> >> -- >> > >> >> Les Connor [SBS MVP]
>> > >> >> ________________________
>> > >> >> Get the SBS BPA here:
>> > >> >> http://support.microsoft.com/kb/940439/en-us
>> > >> >>
>> > >> >>
>> > >> >> "Ross Scott" <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> > >> >> message
>> > >> >> news:977B3D11-28CE-4D68-A0A5-061BEB2E1EB1@xxxxxxxxxxxxxxxx
>> > >> >> > Hi Les
>> > >> >> >
>> > >> >> > Thank you for taking the time out to help here.
>> > >> >> >
>> > >> >> > Ok I have managed to get access to my brother in laws OWA >> > >> >> > and
>> > >> >> > as I
>> > >> >> > suspected
>> > >> >> > it does not allow me in to that also ...giving the error
>> > >> >> > message
>> > >> >> > ...403
>> > >> >> > FORBIDDEN !
>> > >> >> >
>> > >> >> > So it seems any OWA externally I cant access. Any ideas on
>> > >> >> > where to
>> > >> >> > look
>> > >> >> > in
>> > >> >> > ISA to what will be stopping this ?
>> > >> >> >
>> > >> >> > Not sure if this makes a difference but we dont use exchange
>> > >> >> > server
>> > >> >> > here.
>> > >> >> >
>> > >> >> > Thanks
>> > >> >> > Ross
>> > >> >> >
>> > >> >> > "Les Connor [SBS MVP]" wrote:
>> > >> >> >
>> > >> >> >> Perhaps trying to find someone else's OWA to access, if >> > >> >> >> that's
>> > >> >> >> possible,
>> > >> >> >> in
>> > >> >> >> case it's something unique to the HO OWA configuration.
>> > >> >> >>
>> > >> >> >> I've not seen an issue with accessing other OWA sites from
>> > >> >> >> behind
>> > >> >> >> SBS/ISA,
>> > >> >> >> but admittedly the remote sites are all SBS also - some >> > >> >> >> behind
>> > >> >> >> ISA,
>> > >> >> >> some
>> > >> >> >> not.
>> > >> >> >>
>> > >> >> >> It is possible you're getting some bad cached pages from >> > >> >> >> ISA,
>> > >> >> >> but
>> > >> >> >> I'm
>> > >> >> >> not
>> > >> >> >> sure that would cause the repeated credential request. You >> > >> >> >> can
>> > >> >> >> delete
>> > >> >> >> your
>> > >> >> >> ISA cache as a test.
>> > >> >> >>
>> > >> >> >> In the old days, not having HTTP 1.1 enabled in IE options
>> > >> >> >> might
>> > >> >> >> cause
>> > >> >> >> this,
>> > >> >> >> but I think that's enabled by default now.
>> > >> >> >>
>> > >> >> >> -- >> > >> >> >> Les Connor [SBS MVP]
>> > >> >> >> ________________________
>> > >> >> >> Get the SBS BPA here:
>> > >> >> >> http://support.microsoft.com/kb/940439/en-us
>> > >> >> >>
>> > >> >> >>
>> > >> >> >> "Ross Scott" <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> > >> >> >> message
>> > >> >> >> news:6F7D0E90-728D-42A7-B4AC-CC42F9C1A949@xxxxxxxxxxxxxxxx
>> > >> >> >> > Hi All
>> > >> >> >> >
>> > >> >> >> > Anyone else able to shed some light on this one ??
>> > >> >> >> >
>> > >> >> >> > As Lanwench said im leaning more towards this being an >> > >> >> >> > ISA
>> > >> >> >> > Server
>> > >> >> >> > issue.
>> > >> >> >> >
>> > >> >> >> > Any help much appreciated.
>> > >> >> >> >
>> > >> >> >> > Thanks
>> > >> >> >> > Ross
>> > >> >> >> >
>> > >> >> >> > "Lanwench [MVP - Exchange]" wrote:
>> > >> >> >> >
>> > >> >> >> >> Ross Scott <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>> > >> >> >> >> > Hi There
>> > >> >> >> >> >
>> > >> >> >> >> > The parent domain name is bpp.com and yes we are using
>> > >> >> >> >> > isa....our
>> > >> >> >> >> > local domain name is eql.local. I have tried disabling
>> > >> >> >> >> > the ISA
>> > >> >> >> >> > firewall client on the pcs and also added the address
>> > >> >> >> >> > bppwebmail.bpp.com into IE as a trusted site...still >> > >> >> >> >> > no
>> > >> >> >> >> > joy
>> > >> >> >> >> >
>> > >> >> >> >> > client machines are xp with sp2 and running ie7 but >> > >> >> >> >> > does
>> > >> >> >> >> > this
>> > >> >> >> >> > with
>> > >> >> >> >> > ie6 also
>> > >> >> >> >> >
>> > >> >> >> >> > hope this helps
>> > >> >> >> >> >
>> > >> >> >> >> > Thnanks
>> > >> >> >> >> > Ross
>> > >> >> >> >>
>> > >> >> >> >> As it can't be a name resolution issue, it's evidently >> > >> >> >> >> an
>> > >> >> >> >> ISA
>> > >> >> >> >> one.
>> > >> >> >> >> Check
>> > >> >> >> >> to
>> > >> >> >> >> see if you can get to OWA login pages successfully to >> > >> >> >> >> other
>> > >> >> >> >> external
>> > >> >> >> >> Exchange servers, if you know any. I'm not an ISA person >> > >> >> >> >> so
>> > >> >> >> >> I
>> > >> >> >> >> can't
>> > >> >> >> >> say
>> > >> >> >> >> more, sorry.
>> > >> >> >> >> >
>> > >> >> >> >> >
>> > >> >> >> >> >
>> > >> >> >> >> > "Lanwench [MVP - Exchange]" wrote:
>> > >> >> >> >> >
>> > >> >> >> >> >> Ross Scott <RossScott@xxxxxxxxxxxxxxxxxxxxxxxxx> >> > >> >> >> >> >> wrote:
>> > >> >> >> >> >>> Hi All
>> > >> >> >> >> >>>
>> > >> >> >> >> >>> I would be grateful if someone could help me on >> > >> >> >> >> >>> this.
>> > >> >> >> >> >>>
>> > >> >> >> >> >>> When trying to access our parent companys OWA from
>> > >> >> >> >> >>> within
>> > >> >> >> >> >>> the
>> > >> >> >> >> >>> SBS
>> > >> >> >> >> >>> 2003 domain we cant seem to get in.
>> > >> >> >> >> >>> We can reach the login page and it displays some
>> > >> >> >> >> >>> folders in

.

Relevant Pages