On 8/22/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote:
OK, Is FBA enabled on the listener you're using?
Authentication on the listener - only "Basic" is checked on. I think that is what you mean?
Is the client setup correctly?
I believe so:
Exchange server: Public FQDN Username: johndoe
Proxy settings: http://i86.photobucket.com/albums/k114/presidentbusch/exchproxy.jpg
Is the RPC proxy installed on the published server?
Yes, it appears because when I run a test from IE: https://email.example.org/rpc according this this KB http://support.microsoft.com/kb/884506/en-us all is well.
Thanks, for your help.
http://www.isaserver.org/articles_tutorials/> -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny > Sent: Tuesday, August 22, 2006 8:47 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Outlook RPC via HTTPS - Unable to > connect after one authentication prompt > > http://www.ISAserver.org > ------------------------------------------------------- > > On 8/21/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > > Remove that rule, you don't need it. > > Done. > > > Run the ISA firewall BPA to make sure your certificates are > in order. > > Problems: > > 1) The certificate used by the server specified in a Web publishing > rule cannot be validated > > To correct this warning, do one or both of the following > Add an access rule that allows HTTPS traffic from the Local Host > network to the network where the Web server resides. > > Check your network layout and connections. > > 2) Same error > > 3) Enabled PMTUDiscovery Reg key to 1 > > > Make sure you're delegating basic authentication > > Done. (Under the Users tab of this policy). > > > Make sure the ISA firewall is a domain member > > It was and is. > > Thanks, Tom. > > ...D > > On 8/21/06, Thomas W Shinder <tshinder@xxxxxxxxxxx> wrote: > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > Remove that rule, you don't need it. > > > > Run the ISA firewall BPA to make sure your certificates are > in order. > > > > Make sure you're delegating basic authentication > > > > Make sure the ISA firewall is a domain member > > > > HTH, > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: isalist-bounce@xxxxxxxxxxxxx > > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Danny > > > Sent: Monday, August 21, 2006 1:45 PM > > > To: isalist@xxxxxxxxxxxxx > > > Subject: [isalist] Outlook RPC via HTTPS - Unable to connect > > > after one authentication prompt > > > > > > http://www.ISAserver.org > > > ------------------------------------------------------- > > > > > > Systems: Exchange 2003 SP2, Outlook 2003 SP2, ISA 2004 SP2. OWA > > > already setup and works. > > > > > > Testing Outlook RPC over HTTPS. MAPI profile created with Proxy > > > details, open Outlook prompted for domain\username and password, > > > Outlook times out with an error that it cannot connect to > the Exchange > > > server. > > > > > > Internally https://FQDN/rpc works as per the troubleshooting > > > section here: > > > http://support.microsoft.com/kb/884506/en-us > > > > > > I also created: "A rule that allows SSL from the > Localhost object to > > > the Internal network." > > > > > > Any assistance would be much appreciated. > > > > > > Here are some ISA logs specific to the Client IP (public IP) the > > > client is accessing from. > > > > > > Original Client IP Client Agent Authenticated Client > > > Service Server > > > Name Referring Server Destination Host Name > > > Transport MIME Type Object > > > Source Source Proxy Destination Proxy > > > Bidirectional Client Host > > > Name Filter Information Network Interface Raw IP > > > Header Raw > > > Payload Source Port Processing Time Bytes Sent > > > Bytes Received Result > > > Code HTTP Status Code Cache Information Error > > > Information Log Record > > > Type Log Time Destination IP Destination > > > Port Protocol Action Rule Client IP Client > > > Username Source > > > Network Destination Network HTTP Method URL > > > 0.0.0.0 MSRPC No Reverse > > > Proxy GATEWAY email.acmemigdets.com TCP > > > - - - - - > > > - 0 1 2264 281 12202 > > > The ISA Server denied the specified Uniform Resource > Locator (URL). > > > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:43 > > > PM 192.168.11.4 443 https Denied Connection > Default > > > rule 123.123.123.123 anonymous External > > > RPC_IN_DATA > > > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > > > s.com:6004 > > > 0.0.0.0 MSRPC No Reverse > > > Proxy GATEWAY email.acmemigdets.com TCP > > > - - - - - > > > - 0 1 2264 282 12202 > > > The ISA Server denied the specified Uniform Resource > Locator (URL). > > > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:43 > > > PM 192.168.11.4 443 https Denied Connection > Default > > > rule 123.123.123.123 anonymous External > > > RPC_OUT_DATA > > > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > > > s.com:6004 > > > 0.0.0.0 MSRPC No Reverse > > > Proxy GATEWAY email.acmemigdets.com TCP > > > - - - - - > > > - 0 1 2264 280 12202 > > > The ISA Server denied the specified Uniform Resource > Locator (URL). > > > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:44 > > > PM 192.168.11.4 443 https Denied Connection > Default > > > rule 123.123.123.123 anonymous External > > > RPC_IN_DATA > > > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > > > s.com:593 > > > 0.0.0.0 MSRPC No Reverse > > > Proxy GATEWAY email.acmemigdets.com TCP > > > - - - - - > > > - 0 1 2264 281 12202 > > > The ISA Server denied the specified Uniform Resource > Locator (URL). > > > 0x8 0x200 Web Proxy Filter 21/08/2006 2:07:44 > > > PM 192.168.11.4 443 https Denied Connection > Default > > > rule 123.123.123.123 anonymous External > > > RPC_OUT_DATA > > > http://email.acmemigdets.com/rpc/rpcproxy.dll?email.acmemigdet > > > s.com:593 > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 1238 0 0 0 0x0 > > > 0x0 0x0 Firewall 21/08/2006 2:07:44 > > > PM 192.168.11.4 443 HTTPS Initiated > > > Connection 123.123.123.123 External > > > Local Host - - > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 14090 0 0 0 0x0 > > > 0x0 0x0 Firewall 21/08/2006 2:07:44 > > > PM 192.168.11.4 443 HTTPS Initiated > > > Connection 123.123.123.123 External > > > Local Host - - > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 1238 0 1054 3701 > > > 0x80074e21 > > > 0x0 0x0 Firewall 21/08/2006 > > > 2:07:44 PM 192.168.11.4 443 HTTPS Closed > > > Connection 123.123.123.123 External > > > Local Host - - > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 14090 0 1015 3741 > > > 0x80074e20 > > > 0x0 0x0 Firewall 21/08/2006 > > > 2:07:44 PM 192.168.11.4 443 HTTPS Closed > > > Connection 123.123.123.123 External > > > Local Host - - > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 1239 0 0 0 0x0 > > > 0x0 0x0 Firewall 21/08/2006 2:07:44 > > > PM 192.168.11.4 443 HTTPS Initiated > > > Connection 123.123.123.123 External > > > Local Host - - > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 14091 0 0 0 0x0 > > > 0x0 0x0 Firewall 21/08/2006 2:07:44 > > > PM 192.168.11.4 443 HTTPS Initiated > > > Connection 123.123.123.123 External > > > Local Host - - > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 14091 2000 1054 3741 > > > 0x80074e20 > > > 0x0 0x0 Firewall 21/08/2006 > > > 2:07:46 PM 192.168.11.4 443 HTTPS Closed > > > Connection 123.123.123.123 External > > > Local Host - - > > > 123.123.123.123 GATEWAY - > > > TCP - > > > - 1239 2000 1053 3701 > > > 0x80074e21 > > > 0x0 0x0 Firewall 21/08/2006 > > > 2:07:46 PM 192.168.11.4 443 HTTPS Closed > > > Connection 123.123.123.123 External > > > Local Host - - > > > ------------------------------------------------------ > > > List Archives: //www.freelists.org/archives/isalist/ > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server Articles and Tutorials: > > > http://www.isaserver.org/articles_tutorials/ > > > ISA Server Blogs: http://blogs.isaserver.org/ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > -- > CPDE - Certified Petroleum Distribution Engineer > CCBC - Certified Canadian Beer Consumer > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials:
ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx
-- CPDE - Certified Petroleum Distribution Engineer CCBC - Certified Canadian Beer Consumer
