Steve, Unfortunately under Microsoft tech notes you must enable the cache on ISA 2004. I mean come on Steve you know that Microsoft knows what's best, they were the ones who made Exchange 2003 Server in the first place! ;) Andrew ________________________________ From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Wednesday, February 02, 2005 11:22 AM To: [ExchangeList] Subject: [exchangelist] Re: OWA with SSL issues http://www.MSExchange.org/ To the cache....if you have to do that then something else is waaaaay wrong. S ________________________________ From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, February 02, 2005 12:12 PM To: [ExchangeList] Subject: [exchangelist] Re: OWA with SSL issues http://www.MSExchange.org/ Hey Tom, Thus far what has made the difference for me is adding http://mail.maildomain.com/exchange/* and /echange/img/* to the cache on ISA server. Before when I didn't have this feature turned on I would get either "page can not be found" or "forbidden access" when connecting from a remote machine. Also when I enabled anonymous access on /exchweb and clear text security (??) I was able to https from the local LAN which showed that yes indeed it works from inside the network. The main issue right now for me is my setup I am doing on a different setup than what most would do. I use virtual HTTP sites as suppose to using the default site. So I am hitting a wall when it comes figuring out my latest feat with un-graying the SSL port on the virtual HTTP sites. Oh and figuring how to get HTTP to HTTPS redirection working. Andrew ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Wednesday, February 02, 2005 10:29 AM To: [ExchangeList] Subject: [exchangelist] Re: OWA with SSL issues http://www.MSExchange.org/ Hi Andrew, Inline... ________________________________ From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, February 02, 2005 8:53 AM To: [ExchangeList] Subject: RE: [exchangelist] Re: OWA with SSL issues Jumping to conclusions to protect your reputation will not cut it Tom. As it turns out I was able to add your steps to the Microsoft way which didn't change a thing except for making things load up a little slower (I am typing this on a clients machine..off site). [Thomas W Shinder] I'm not trying to protect my reputation or bolster my meager ego, I just want to understand what made the difference for you. Also, as far as you know, I was the one who wrote the "MS way" (not saying that I did). The only thing I don't agree with is your OWA client notes were the client has to add the IP address of the External nic to their host file along with the mail server name, the reason this is a problem is simply because what if the client wants to access his or her mail via a Internet cafe in Ireland? (ref. chapter 10, page 49) [Thomas W Shinder] Read them again. I use the HOSTS file on the client only for testing the scenario. I made it extremely clear in all my OWA publishing docs that a split DNS is the best practice, and that we're using HOSTS files only to bypass the instructions on split DNS, which is discussed in other areas of the docs or in the book. I never use HOSTS files in my production networks for the clients (only on the ISA firewalls until the split DNS is in place). Once the split DNS is in place, you never have to use a HOSTS file anywhere, and that's made clear in all my stuff. Also, MS itself continues to use HOSTS file entries on the ISA firewall's themselves for their world-wide deployment, which is good enough for me. The purpose of OWA SSL is for security and to allow people to get their mail anywhere. If you told your clients, oh btw you have to make sure the machine you are on has this setting they would probably freak out and dump your services for someone else who doesn't require such nonsense. [Thomas W Shinder] Sort of.SSL is actually a privacy method, not a "security" method, but that gets into a security wankers debate :) I've never had problems with clients and split DNS once I explain the massive benefits obtained from it, and the overall improvement in the end user expereince because of the complete location indepence and transparency it provides. This forum and the ISA one has been a great help to me. Even your documentation has been a help though it's only a piece of the bigger puzzle! :) [Thomas W Shinder] I appreciate the ack! :) I still would like to know what made the difference for you, so the next guy doesn't have to go through what you did. Thanks! Tom Andrew ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: ExchangeMailingList@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: andrew@xxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx