RE: that old 12202 forbidden chessnut
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 22 Dec 2005 12:39:06 -0600
Hi Clayton,
If FBA is enabled on the listener, then OMA/ActiveSync won't work.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx]
> Sent: Thursday, December 22, 2005 11:51 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: that old 12202 forbidden chessnut
>
> http://www.ISAserver.org
>
> That's the bit I don't get, I went through that document word
> for word,
> slowly, pedantically, and did exactly what it said.
>
> At any rate, what I really wanted to get working out of all
> of this was
> active sync on an IPAQ, which I have managed this afternoon. So I am a
> happy bunny from that perspective. Although I have responded
> to some of
> your points below:
>
> Merry Christmas :-) and thanks for the feedback.
>
> Clayton Doige
> IT Project Manager
> CME Development Corporation
> T: 020 7430 5355
> M: 07932 653787
> E:clayton.doige@xxxxxxxxxxx
> W:www.cetv-net.com
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: 22 December 2005 17:30
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: that old 12202 forbidden chessnut
>
> http://www.ISAserver.org
>
> You're clearly *not* following instructions.
> CIL...
>
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx]
> Sent: Thursday, December 22, 2005 07:54
> To: [ISAserver.org Discussion List]
> Subject: [isalist] that old 12202 forbidden chessnut
>
> http://www.ISAserver.org
>
>
> Some of you will recall a couple months back me having no success with
> this error at all.
>
>
>
> Now that things have been quiet around here this week, I have had a
> chance to revisit things.
>
>
>
> I uninstalled the original certificate authority I had
> created here, and
> reinstalled one for cme-net.com. I again have gone through
> Liran Zamir's
> Step By Step Publishing Article for publishing W2K3 OWA over ISA 2K4
> using Forms Based Authentication.
>
>
>
> The name on the certificate is registered in DNS, and I can ping that
> name and have it resolve to the correct IP Address from an external
> computer. I have added this name to the ISA Server's host
> file with the
> internal 10 range address.
> [Jim] - stop messing about with the hosts file; this is what
> DNS is for.
>
> [Clayton] - Under the section in the article I got from isaserver.org
> called Checking Browser connectivity from ISA to the OWA site
> it states:
> "If the ISA Firewall cannot resolve the common name to the exchange ip
> address using DNS, you should edit the ISA firewall's host file..."
>
>
> When I go to the website, I am prompted to verify I want to
> proceed with
> the untrusted certificate, which I do, and the OWA Form opens on the
> page, I then put in my username and password (username being
> domain\user format) and the 403 Forbidden pops up.
> [Jim] - this is where ISA will fail; ISA *must* trust the
> cert issuer or
> your internal connection will *not* happen
>
> [Clayton] - Fair enough, the article I used referenced importing the
> certificate into the ISA Server, which I did do, admittedly certs are
> not my strong point, but over and above what is in that
> article, how do
> I go about getting ISA to trust my local CA? In the trusted root
> section, my cert is listed, and I also imported the pfx file into the
> personal certs container, and was able to select it via the listener.
>
>
> Interestingly enough, when I had this error before nothing
> showed up in
> the Logs of the ISA Server, however now, it comes up with a denied
> packet associated with port 443, https, with the username I am putting
> in being referenced.
>
>
>
> Is there some other rule that I need to create here?
>
>
>
> Lastly, when I browse to the OWA site from the ISA Server
> itself, before
> the certificate prompt comes up, a security warning is
> displayed stating
> that certificate revocation information for the previous
> certificate is
> unavailable do I wish to continue. I am guessing this is due
> to the old
> cert with that internal reference being still hanging around in IE
> somewhere, but will that be contributing to the 12202 issue from the
> public side?
>
>
>
> Any help will be greatly appreciated, tomorrow being the last
> day for me
> here this year, I would like to finish off on a positive.
>
>
>
>
>
> Clayton Doige
>
> IT Project Manager
>
> CME Development Corporation
>
> T: 020 7430 5355
>
> M: 07932 653787
>
> E:clayton.doige@xxxxxxxxxxx
>
> W:www.cetv-net.com
>
>
>
>
> ______________________________________________________________________
> This electronic mail message and any attached files contain
> information
> intended for the exclusive use of the person to whom it is
> addressed and
> may contain information that is proprietary, privileged, confidential
> and/or exempt from disclosure under applicable law. If you are not the
> intended recipient, you are hereby notified that any viewing, copying,
> disclosure or distribution of this information may be subject to legal
> restriction or sanction. If you are not an addressee, please
> notify the
> sender immediately by electronic mail and delete the original message
> without making any copies.
> _____________________________________________________________________
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> clayton.doige@xxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> ______________________________________________________________________
>
> ______________________________________________________________________
> This electronic mail message and any attached files contain
> information intended for the exclusive use of the person to
> whom it is addressed and may contain information that is
> proprietary, privileged, confidential and/or exempt from
> disclosure under applicable law. If you are not the intended
> recipient, you are hereby notified that any viewing, copying,
> disclosure or distribution of this information may be subject
> to legal restriction or sanction. If you are not an
> addressee, please notify the sender immediately by electronic
> mail and delete the original message without making any
> copies.
> _____________________________________________________________________
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
