the certificate has to be for the url that you access eg https://testdomain.net S -----Original Message----- From: Mustafa Cicek [mailto:mbcicek@xxxxxxxxx] Sent: Sunday, September 12, 2004 9:29 AM To: Exchange Weblist Subject: [exchangelist] ISA 2004 and Exchange 2003 Publishing http://www.MSExchange.org/ Hi! Fisrt of all, I'm sorry for my bad English. I hope I can describe my problem correctly. I am very new in ISA infrastructure. My aim is to use ISA 2004 and to publish the services of Exchange Server 2003 which has a front-end/back-end infrastructure. Unfortunately I have big problems in my test enviorement. My test anvironment is like that: INTERNET <> NETSCREEN FIREWALL 1 <> ISA 2004 <> NETSCREEN FIREWALL 2 <> INTERNAL NETWORK with Font-End/Back-End/Global Catalog Server. INTERNAL NETWORK: - All server are installed on Windows 2003 Server - Windows 2003 Active Directory is deployed for internal server only. It means that ISA 2004 is not a domain member server. It has own workgroup. DC/GC Server: 10.10.4.3 Front-End-Exchange: 10.10.4.1 Back-End-Exchange: 10.10.4.2 ISA: - ISA 2004 has two interfaces and is configured as a router (not as proxy) internal IP address: 213.183.4.118 external IP address: 213.183.4.125 - I published OWA and SMTP/IMAP4/POP3 with publish mail server wizard. NETSCREEN FIREWALLs: - Netscreen Firewall 1 routes the packets from/to Internet - Netscreen Firewall 2 is configured as NAT for internal network and Front-End-Exchange has a NAT address 213.183.4.116. - All inbound (incoming) connections for OWA/OMA/ActiveSync/RPC over HTTP/SMTP/POP3/IMAP4 are addressed to external IP address of ISA 2004. CERTIFICATES: - DC/Global Catalog Server is also my Certificate Authority. - Front-End-Exchange has its own certificate from CA. This certificate is also copied to ISA 2004. - The published services record in external DNS (for example OWA) has the same Common Name like the certificates has: owa.testdomain.net. DNS: - I have an external and internal DNS server. The internal DNS is responsible for the internal server (FE/BE/GC), and the external DNS is located in INTERNET. - If the internal DNS doesn't know the address in its database, it forwards DNS requests to the external DNS. internal DNS: 10.10.4.3 external DNS: 213.183.0.1 Hier is some DNS records of external DNS: MX record >>> 213.183.4.125 (external IP of ISA) Host record >>> owa.testdomain.net (external IP of ISA) What is not functioning in my environment: OWA/OMA: If I access OWA (Front-End) with https://owa.testdomain.net/exchange, fisrt, I have the certifcate warning (accept the certificate or not). I accept the certificate, thenn, I have the error page principal name is not found! If I access OWA with the internal address, https://frontend.testdomain.net, I cann access the OWA pages without any problem. SMTP/POP3/IMAP4: I use the external IP address of ISA (213.183.4.125) as SMTP/POP3/IMAP4 server address. I cannot access SMTP/POP3/IMAP4. There is always an error that indicates that the server is not found. My QUESTIONS: 1) Is it correct that I configured/installed the ISA Server as Router not as Webproxy? If I must configure it as Webproxy, I cannot use the full function of ISA for SMTP/POP3/IMAP4?! 2) Can it be a DNS problem? 3) Perhaps a certificate problem? 4) Any other error sources? Please help me...! THANKS for responses!!! Best Regards Mustafa ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx This E-Mail is confidential. It is not intended to be read, copied, disclosed or used by any person other than the recipient named above. Unauthorised use, disclosure, or copying is strictly prohibited and may be unlawful. Optimum IT Solutions disclaims any liability for any action taken in connection of this E-Mail. The comments or statements expressed in this E-Mail are not necessarily those of Optimum IT Solutions or its subsidiaries or affiliates. administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx