Also, WHY of WHY isn't the ISA firewall a domain member? Tom www.isaserver.org Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls ________________________________ From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx] Sent: Friday, August 26, 2005 4:53 AM To: [ISAserver.org Discussion List] Subject: [isalist] OWA 2003 ISA 2004 configuration question http://www.ISAserver.org Hi there. I have set up ISA and OWA in the following config, which gets as far as the login page, but does not actually log into OWA successfully. I followed the steps in Liran Zamir's Step by Step of Publishing OWA using Forms based authentication. Server details as follows: Exchange Server is stand alone CA in W2K3 AD Domain, but is not a DC ISA Server is a dual homed stand alone workstation (1 nic > DMZ of perimeter firewall, 1 nic to internal network) With this configuration, I was able to get the certificate on the website, import it into ISA Server, and get as far as the Login Page, but no further. As the ISA Server is not a domain member, I installed IAS on the Exchange Server, and registered it with Active Directory, and configured the OWA listener to authenticate to the RADIUS. I set up a RADIUS client for the ISA, left things pretty much default on the RADIUS Server properties. I also set rules on the ISA to allow 1812-1813, and 1645-1646 to flow between the RADIUS and ISA Servers. In system32\logfiles I can see that the RADIUS Server is logging the following each time I submit my username and password: (<> replaces actual logged data), but no other information about failure, success what have you is logged. <IP ADDRESS>,<MY_USER_NAME>,08/26/2005,10:15:25,IAS,<RADIUS SERVER>,25,311 1 <IP ADDRESS ON RADIUS SERVER> 08/25/2005 16:21:47 11,4130,<LDAP PATH TO MY USER ACCOUNT>,4149,Connections to other access servers,4127,1,4108,10.0.0.253,4116,0,4128,<ISA SERVER>,4155,1,4154,Use Windows authentication for all users,4129,<MY_USER_NAME>,4136,3,4142,65 My guess on this is that either I have IAS misconfigured, or IAS can't pass authentication through to the ISA, but am not sure. If anyone has any thoughts or suggestions it would be greatly appreciated. Regards Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07932 653787 E:clayton.doige@xxxxxxxxxxx W:www.cetv-net.com ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx