The cert names in the VL are different. But thanks, I'll try it as soon as I get to the machine. Are you up 24/7 or what? You must be the one posting most to this list. Well, have a nice day and thanks again. I'll let you know if it works out. _____________________________________ Mats Hellman @ mats.hellman@xxxxxxxxxxxxx -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: 1. helmikuuta 2005 6:13 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org The certs NEED to be exactly the same..won't work otherwise. The machine can be called what you like, but the cert mane and the website name HAVE to be the same. S -----Original Message----- From: Mats Hellman [mailto:mats.hellman@xxxxxxxxxxxxx] Sent: Monday, January 31, 2005 10:43 PM To: ISA Mailing List Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org The ISA cert is webmail.mydomain.com, which is fqdm but the local IIS cert is not. If you checkout Microsoft's virtual lab on ISA OWA publishing they use the same. The machine is called something totally different in the local network. _____________________________________ Mats Hellman @ mats.hellman@xxxxxxxxxxxxx -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: 31. tammikuuta 2005 22:58 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org The dns record has to be the same as the cert fqdn... As in mine....mail.optimum.bm....that's the fqdn for ext and int dns....that's what the certs published to....that's the host header on the iis server and that's where ISA redirects all web requests to. S -----Original Message----- From: Mats Hellman [mailto:mats.hellman@xxxxxxxxxxxxx] Sent: Monday, January 31, 2005 4:48 PM To: ISA Mailing List Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org The local server is called owa so I have a host record pointing to 10.10.0.2 wich is the owa.mydomain.com. There is a HTTPS listner on the ISA and the cert is installed on it. The wizard takes care of the routing so yes it should be ok. But for some reason ISA still falls back to deny all. Could the installation have gone wrong or something? The page shown to clients is the default one for IE when a page is not found. Mats Hellman -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: 31. tammikuuta 2005 20:59 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org You've installed the cert in IIS and on the ISA server? You've created an ssl listener on the ISA server? You've published the OWA server on the ISA using the SSL listener and routed it to the webserver? S -----Original Message----- From: Mats Hellman [mailto:mats.hellman@xxxxxxxxxxxxx] Sent: Monday, January 31, 2005 2:52 PM To: ISA Mailing List Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org Some more info. ISA is now one of the firewalls protecting the internal network 10.10.0.1-10.10.0.126 255.255.255.128 from the external. External now has 5 Static IP:s. I'm not going to list them here other than the end, 170,171,172,173,174. Webmail.mydomain.com is the external address a client will use to access OWA, it points to the IP 172 and I've made the certificate (webmail.mydomain.com) with the OWA servers CA. I also installed the OWA servers certificate and it replies nicely in the local network for OWA access. I've tried this from the external net using my laptop and GPRS. The client (IE) just says it can't find the website and the ISA server live log shows ISA falls back to the last default rule to deny all traffic. The OWA publishing has been done with the ISA 2004 servers wizard to publish a mail server, in this case an OWA client. Any ideas? Mats Hellman -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: 31. tammikuuta 2005 16:31 To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org And whether your trying to test this from a pc external to your USA or from behind ISA. S -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Monday, January 31, 2005 10:23 AM To: ISA Mailing List Subject: [isalist] RE: ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org "doesn't work" and "by the book" doesn't give us anything to work with. Q1 - what is the error seen at the client? Q2 - EXACTLY who is the publishing rule configured? Q3 - what is the EXACT URL entered in the browser address bar? Jim -----Original Message----- From: Mats Hellman [mailto:mats.hellman@xxxxxxxxxxxxx] Sent: Sunday, January 30, 2005 10:47 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA 2004 and Exchange 2k3 OWA http://www.ISAserver.org Hello list. I'm having some problems publishing my OWA. I've done everything by the book and this still does not work. I've been trough the Virtual Labs at Microsoft and I've read trough a whole lot of documents. I'm trying to set up a secure-secure connection between the ISA and Exchange OWA server. I've tried it a few times and for some reason, even with the publish rule there, ISA always falls back to the default, deny all rule. For troubleshooting I opened ICMP ports on the external interfaces and ISA replies to ping, but if I try to relay the ping to another local network server ISA blocks it by the default rule again. What am I doing wrong here? Does anyone have a clue? Could this be an installation or an interface configuration problem or where should I start looking? Mats Hellman ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mats.hellman@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mats.hellman@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mats.hellman@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mats.hellman@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx