For starters the major differences in the Microsoft way are: 1) they don't use 128bit encryption on the /exchange / public /exchweb 2) they don't enable "the requests appear to come from the original client" in the OWA publish rule 3) they don't create a publishing web enrollment rule (still don't see the point of having this) 4) they enable anonymous access on the /exchweb and turned off all other authentication 5) they enable caching You know Tom I published OWA on ISA 2004 word for word in your chapter 10, I even printed out all 52 pages of chapter 10 out and put in my three ring binder so I could follow it more closely. After I was done it would not work on my LAN nor would it work properly on my WAN until Tim Jordan in Exchangelist replicated the first problem, here is his message to me: ---snip--- Andrew, I think I've duplicated your problem. I'm now getting a 404 error when connecting to my OWA server. I went through over my settings for Authentication of Exchweb, Exchange, and Exadmin. I have plain text selected on Exchange and Exadmin with no Anonymous users access. Then I noticed it was different for Exchweb so I disabled the Anonymous user access and I started getting the 404 error. So try enabling anonymous access on Exchweb and then let me know and I'll test again. Tim ---snip--- As soon as I enabled the anonymous access on /exchweb I was able to successfully connect to OWA SSL via the LAN, however on the WAN side it would only let me go as far as the OWA login screen, which before I couldn't get it was only letting get to it after I enabled the anonymous access. So finally when I came across the Microsoft GUIDE on HOW-TO do it, I nuked all your rules out of ISA, applied, even restarted ISA so there was nothing of Tom's stuff in my box! (hehe) When I followed Microsoft's rules word for word everything worked, to my amazement during the configuration of my Exchange site the MS rules also pointed out that /exchweb should have been anonymous access enabled. I think you should really sit down and test your notes again. This time do it were Exchange is not installed on a DC, but installed on a Standalone server, with a separate DC and Certs machine. You can argue all you want on this but I am sure as your guides point out that installing everything on one box also plays a rule in this mess. I set my machines up the Microsoft way. Small Business Server doesn't count though I can't see why there shouldn't be an SBS how-to publish OWA SSL over ISA 2004. :-) I have away for doing it with EVS so if you want my advice great, if not leave me alone and let me offer other suggestions to people who may find that doing it your way isn't the correct way for them and their companies. I will not bash you when I make my suggestions, but merely offer it as another avenue for them to explore. Andrew ________________________________ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, February 03, 2005 11:25 AM To: [ISAserver.org Discussion List] Subject: RE: [isalist] RE: ISA 2004 and OWA once again Hi Andrew, So, what do you recommend that is different than the guidance I've provided? What is your interpretation of the MS way? How does Mats current implementation deviate from the MS way? Thanks! Tom