RE: ISA 2004 and OWA once again
- From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 3 Feb 2005 11:59:57 -0500
For starters the major differences in the Microsoft way are:
1) they don't use 128bit encryption on the /exchange / public /exchweb
2) they don't enable "the requests appear to come from the original
client" in the OWA publish rule
3) they don't create a publishing web enrollment rule (still don't see
the point of having this)
4) they enable anonymous access on the /exchweb and turned off all other
authentication
5) they enable caching
You know Tom I published OWA on ISA 2004 word for word in your chapter
10, I even printed out all 52 pages of chapter 10 out and put in my
three ring binder so I could follow it more closely. After I was done it
would not work on my LAN nor would it work properly on my WAN until Tim
Jordan in Exchangelist replicated the first problem, here is his message
to me:
---snip---
Andrew,
I think I've duplicated your problem. I'm now getting a 404 error when
connecting to my OWA server.
I went through over my settings for Authentication of Exchweb, Exchange,
and Exadmin.
I have plain text selected on Exchange and Exadmin with no Anonymous
users access. Then I noticed it was different for Exchweb so I disabled
the Anonymous user access and I started getting the 404 error.
So try enabling anonymous access on Exchweb and then let me know and
I'll test again.
Tim
---snip---
As soon as I enabled the anonymous access on /exchweb I was able to
successfully connect to OWA SSL via the LAN, however on the WAN side it
would only let me go as far as the OWA login screen, which before I
couldn't get it was only letting get to it after I enabled the anonymous
access.
So finally when I came across the Microsoft GUIDE on HOW-TO do it, I
nuked all your rules out of ISA, applied, even restarted ISA so there
was nothing of Tom's stuff in my box! (hehe) When I followed Microsoft's
rules word for word everything worked, to my amazement during the
configuration of my Exchange site the MS rules also pointed out that
/exchweb should have been anonymous access enabled.
I think you should really sit down and test your notes again. This time
do it were Exchange is not installed on a DC, but installed on a
Standalone server, with a separate DC and Certs machine. You can argue
all you want on this but I am sure as your guides point out that
installing everything on one box also plays a rule in this mess. I set
my machines up the Microsoft way. Small Business Server doesn't count
though I can't see why there shouldn't be an SBS how-to publish OWA SSL
over ISA 2004. :-)
I have away for doing it with EVS so if you want my advice great, if not
leave me alone and let me offer other suggestions to people who may find
that doing it your way isn't the correct way for them and their
companies. I will not bash you when I make my suggestions, but merely
offer it as another avenue for them to explore.
Andrew
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, February 03, 2005 11:25 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: ISA 2004 and OWA once again
Hi Andrew,
So, what do you recommend that is different than the guidance I've
provided?
What is your interpretation of the MS way?
How does Mats current implementation deviate from the MS way?
Thanks!
Tom
Other related posts:
