RE: ISA 2004 and Exchange 2003 Publishing

  • From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "Exchange Weblist" <exchangelist@xxxxxxxxxxxxx>
  • Date: Sun, 12 Sep 2004 15:04:48 +0100

the certificate has to be for the url that you access eg
https://testdomain.net 

S 

-----Original Message-----
From: Mustafa Cicek [mailto:mbcicek@xxxxxxxxx] 
Sent: Sunday, September 12, 2004 9:29 AM
To: Exchange Weblist
Subject: [exchangelist] ISA 2004 and Exchange 2003 Publishing

http://www.MSExchange.org/

Hi!

Fisrt of all, I'm sorry for my bad English. I hope I can describe my
problem correctly.

I am very new in ISA infrastructure. My aim is to use ISA 2004 and to
publish the services of Exchange Server 2003 which has a
front-end/back-end infrastructure.

Unfortunately I have big problems in my test enviorement. My test
anvironment is like that:

INTERNET <> NETSCREEN FIREWALL 1 <> ISA 2004 <> NETSCREEN FIREWALL 2 <>
INTERNAL NETWORK with Font-End/Back-End/Global Catalog Server.

INTERNAL NETWORK:
- All server are installed on Windows 2003 Server
- Windows 2003 Active Directory is deployed for internal server only. It
means that ISA 2004 is not a domain member server. It has own workgroup.
DC/GC Server: 10.10.4.3
Front-End-Exchange: 10.10.4.1
Back-End-Exchange: 10.10.4.2


ISA:
- ISA 2004 has two interfaces and is configured as a router (not as
proxy) internal IP address: 213.183.4.118 external IP address:
213.183.4.125
- I published OWA and SMTP/IMAP4/POP3 with publish mail server wizard.

NETSCREEN FIREWALLs:
- Netscreen Firewall 1 routes the packets from/to Internet
- Netscreen Firewall 2 is configured as NAT for internal network and
Front-End-Exchange has a NAT address 213.183.4.116.
- All inbound (incoming) connections for OWA/OMA/ActiveSync/RPC over
HTTP/SMTP/POP3/IMAP4 are addressed to external IP address of ISA 2004.

CERTIFICATES:
- DC/Global Catalog Server is also my Certificate Authority.
- Front-End-Exchange has its own certificate from CA. This certificate
is also copied to ISA 2004.
- The published services record in external DNS (for example OWA) has
the same Common Name like the certificates has: owa.testdomain.net.
 
DNS:
- I have an external and internal DNS server. The internal DNS is
responsible for the internal server (FE/BE/GC), and the external DNS is
located in INTERNET.
- If the internal DNS doesn't know the address in its database, it
forwards DNS requests to the external DNS.
internal DNS: 10.10.4.3
external DNS: 213.183.0.1

Hier is some DNS records of external DNS:
MX record >>> 213.183.4.125 (external IP of ISA) Host record >>>
owa.testdomain.net (external IP of ISA)



What is not functioning in my environment:
OWA/OMA:
If I access OWA (Front-End) with https://owa.testdomain.net/exchange,
fisrt, I have the certifcate warning (accept the certificate or not). I
accept the certificate, thenn, I have the error page principal name is
not found!
If I access OWA with the internal address,
https://frontend.testdomain.net, I cann access the OWA pages without any
problem.

SMTP/POP3/IMAP4:
I use the external IP address of ISA (213.183.4.125) as SMTP/POP3/IMAP4
server address. I cannot access SMTP/POP3/IMAP4. There is always an
error that indicates that the server is not found.

My QUESTIONS:
1) Is it correct that I configured/installed the ISA Server as Router
not as Webproxy? If I must configure it as Webproxy, I cannot use the
full function of ISA for SMTP/POP3/IMAP4?!
2) Can it be a DNS problem?
3) Perhaps a certificate problem?
4) Any other error sources?

Please help me...!
THANKS for responses!!!

Best Regards
Mustafa

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

This E-Mail is confidential. It is not intended to be read, copied, disclosed 
or used by any person other than the recipient named above. 


Unauthorised use, disclosure, or copying is strictly prohibited and may be 
unlawful. Optimum IT Solutions disclaims any liability for any action taken in 
connection of this E-Mail. The comments or statements expressed in this E-Mail 
are not necessarily those of Optimum IT Solutions or its subsidiaries or 
affiliates.

administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx 




Other related posts: