[ExchangeList] Re: ISA 2004 as OWA FE and multiple domains

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "Mathieu CHATEAU" <gollum123@xxxxxxx>
  • Date: Sat, 1 Jul 2006 22:28:58 -0700

Using webmail.domain.tld & webmail2.domain.tld requires separate certs unless 
you go with a wildcard *.domain.tld cert.
 
You'll have to use a RADIUS server per listener; this way, you can separate 
them to each domain.

________________________________

From: Mathieu CHATEAU [mailto:gollum123@xxxxxxx]
Sent: Sat 7/1/2006 2:13 PM
To: Jim Harrison
Cc: exchangelist@xxxxxxxxxxxxx
Subject: Re: [ExchangeList] Re: ISA 2004 as OWA FE and multiple domains



Hello Jim,
                *
thanks for your answer !

i have many ip but the cert is just for one FQDN...

Do you mean that radius will find in which AD the user exist and then
redirect him to the good exchange ?

cheers,
Mathieu CHATEAU
               
Saturday, July 1, 2006, 5:10:45 PM, you wrote:

JH> http://www.msexchange.org <http://www.msexchange.org/> 
JH> -------------------------------------------------------How many
JH> external IPs do you have to work with?
JH> If you have more than one, the multiple cert idea will work.
JH> Otherwise, you're going to have to use a wildcard cert on the ISA itself.

JH> Regarding the use auth, all you need to do is use RADIUS for the 
non-trusted AD.
JH> FBA can resolve accounts with RADIUS jes' fine, jes' fine...

JH> Make sure you have SP2 and the 916106 rollup installed and take a read here:
JH> http://support.microsoft.com/kb/884560

JH> -------------------------------------------------------
JH>    Jim Harrison
JH>    MCP(NT4, W2K), A+, Network+, PCG
JH>    http://isaserver.org/Jim_Harrison/
JH>    http://isatools.org <http://isatools.org/> 
JH>    Read the help / books / articles!
JH> -------------------------------------------------------
JH> 

JH> -----Original Message-----
JH> From: exchangelist-bounce@xxxxxxxxxxxxx
JH> [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mathieu CHATEAU
JH> Sent: Saturday, July 01, 2006 04:07
JH> To: exchangelist@xxxxxxxxxxxxx
JH> Subject: [ExchangeList] ISA 2004 as OWA FE and multiple domains

JH> http://www.msexchange.org <http://www.msexchange.org/> 
JH> -------------------------------------------------------Hello exchangelist,


JH> I am looking for a temporary solution.
JH> Here is the setup:
JH> One ISA 2004 acting as reverse proxy.
JH> One AD with exchange 2003
JH> One AD with exchange 2003.

JH> I must provide OWA & ActiveSync access to users in both domain from the ISA 
2004.
JH> There isn't domain trust between domains up to now.

JH> I am thinking about doing something like:
JH> webmail.XXX.com/Exchange/
JH> webmail.XXX.com/Exchange2/

JH> or:
JH> webmail.XXX.com/Exxchange/
JH> webmail2.XXX.com/Exchange/

JH> The second looks much easier, but i only have one SSL
JH> certificate, so would have to self generate for webmail2.


JH> I need a temporary workaround, all users will be in one AD in a month.

JH> I am using formbased on ISA.

JH> Thanks in advance !
JH> Mathieu CHATEAU
JH> http://lordoftheping.blogspot.com <http://lordoftheping.blogspot.com/> 



JH> -------------------------------------------------------
JH> List Archives: http://www.freelists.org/archives/exchangelist/
JH> MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
JH> MSExchange Articles and Tutorials:
JH> http://www.msexchange.org/articles_tutorials/
JH> MSExchange Blogs: http://blogs.msexchange.org/
JH> -------------------------------------------------------
JH> Visit TechGenix.com for more information about our other sites:
JH> http://www.techgenix.com <http://www.techgenix.com/> 
JH> -------------------------------------------------------
JH> To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
JH> Report abuse to listadmin@xxxxxxxxxxxxxx


JH> All mail to and from this domain is GFI-scanned.

JH> -------------------------------------------------------
JH> List Archives: http://www.freelists.org/archives/exchangelist/ 
JH> MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
JH> MSExchange Articles and Tutorials:
JH> http://www.msexchange.org/articles_tutorials/
JH> MSExchange Blogs: http://blogs.msexchange.org/
JH> -------------------------------------------------------
JH> Visit TechGenix.com for more information about our other sites:
JH> http://www.techgenix.com <http://www.techgenix.com/> 
JH> -------------------------------------------------------
JH> To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
JH> Report abuse to listadmin@xxxxxxxxxxxxxx




--
Best regards,
 Mathieu                            mailto:gollum123@xxxxxxx




All mail to and from this domain is GFI-scanned.

Other related posts: