Re: OWA with SSL issues

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Wed, 2 Feb 2005 22:13:58 -0600

What are you using the virtual SMTP sites for? Don't you want to use a
second virtual HTTP server? Are you trying to host a second OWA sites on
the same box? Is that supported?

________________________________

From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 10:50 AM
To: [ExchangeList]
Subject: [exchangelist] Re: OWA with SSL issues


http://www.MSExchange.org/


Steve, 

 

Unfortunately under Microsoft tech notes you must enable the cache on
ISA 2004. I mean come on Steve you know that Microsoft knows what's
best, they were the ones who made Exchange 2003 Server in the first
place! ;)

 

Andrew

 

 

________________________________

From: Steve Moffat [mailto:steve@xxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 11:22 AM
To: [ExchangeList]
Subject: [exchangelist] Re: OWA with SSL issues

 

http://www.MSExchange.org/

To the cache....if you have to do that then something else is waaaaay
wrong.

 

S

 

________________________________

From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 12:12 PM
To: [ExchangeList]
Subject: [exchangelist] Re: OWA with SSL issues

http://www.MSExchange.org/

Hey Tom, 

 

Thus far what has made the difference for me is adding
http://mail.maildomain.com/exchange/* and /echange/img/* to the cache on
ISA server. Before when I didn't have this feature turned on I would get
either "page can not be found" or "forbidden access" when connecting
from a remote machine. Also when I enabled anonymous access on /exchweb
and clear text security (??) I was able to https from the local LAN
which showed that yes indeed it works from inside the network.

 

The main issue right now for me is my setup I am doing on a different
setup than what most would do. I use virtual HTTP sites as suppose to
using the default site. So I am hitting a wall when it comes figuring
out my latest feat with un-graying the SSL port on the virtual HTTP
sites. Oh and figuring how to get HTTP to HTTPS redirection working. 

 

Andrew

 

 

________________________________

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 10:29 AM
To: [ExchangeList]
Subject: [exchangelist] Re: OWA with SSL issues

 

http://www.MSExchange.org/

Hi Andrew,

Inline...

 

________________________________

From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 8:53 AM
To: [ExchangeList]
Subject: RE: [exchangelist] Re: OWA with SSL issues

Jumping to conclusions to protect your reputation will not cut it Tom.
As it turns out I was able to add your steps to the Microsoft way which
didn't change a thing except for making things load up a little slower
(I am typing this on a clients machine..off site). 
[Thomas W Shinder] I'm not trying to protect my reputation or bolster my
meager ego, I just want to understand what made the difference for you.
Also, as far as you know, I was the one who wrote the "MS way" (not
saying that I did). 

 

The only thing I don't agree with is your OWA client notes were the
client has to add the IP address of the External nic to their host file
along with the mail server name, the reason this is a problem is simply
because what if the client wants to access his or her mail via a
Internet cafe in Ireland? (ref. chapter 10, page 49)
[Thomas W Shinder] Read them again. I use the HOSTS file on the client
only for testing the scenario. I made it extremely clear in all my OWA
publishing docs that a split DNS is the best practice, and that we're
using HOSTS files only to bypass the instructions on split DNS, which is
discussed in other areas of the docs or in the book. I never use HOSTS
files in my production networks for the clients (only on the ISA
firewalls until the split DNS is in place). Once the split DNS is in
place, you never have to use a HOSTS file anywhere, and that's made
clear in all my stuff. Also, MS itself continues to use HOSTS file
entries on the ISA firewall's themselves for their world-wide
deployment, which is good enough for me. 

 

The purpose of OWA SSL is for security and to allow people to get their
mail anywhere. If you told your clients, oh btw you have to make sure
the machine you are on has this setting they would probably freak out
and dump your services for someone else who doesn't require such
nonsense. 
[Thomas W Shinder] Sort of.SSL is actually a privacy method, not a
"security" method, but that gets into a security wankers debate :)  I've
never had problems with clients and split DNS once I explain the massive
benefits obtained from it, and the overall improvement in the end user
expereince because of the complete location indepence and transparency
it provides.  

 

This forum and the ISA one has been a great help to me. Even your
documentation has been a help though it's only a piece of the bigger
puzzle! :)
[Thomas W Shinder] I appreciate the ack! :)  I still would like to know
what made the difference for you, so the next guy doesn't have to go
through what you did.

Thanks!

Tom 

 

Andrew 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
ExchangeMailingList@xxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
andrew@xxxxxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
tshinder@xxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx 

Other related posts: