Yes, my the OWA server is fully service packed. Well, we are up to W2K SP3 with all the latest updates. I am no hurry to rollout SP4 until I am confident it is stable. I am also caught up on Exchange 2000 service packs. The registry entry wasn't there. I added it, cycled the web proxy service, and it is working like a champ. Thanks for all your help!!!!! - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, August 06, 2003 11:18 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Hi Matt, I agree, it does look like a Q307347 issue. Is your Exchange server fully service packed? Double check the AddFrontEndHttpsHeader entry in the Registry and make sure its there. I don't think you need to restart the server, but its worth a shot :-) HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] Sent: Wednesday, August 06, 2003 1:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Killing one problem at time. I changed the bridging tab on the Web Publishing Rule to redirect SSL to HTTP. I can now reach https://URL but I ge t the "This page contains both secure and nonsecure items" pop-up. I would like to get rid of this. It seems that this falls under Q307347 but we have Feature Pack 1 installed. Any ideas? - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Wednesday, August 06, 2003 10:48 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Hi Matt, Read through: http://isaserver.org/tutorials/error505.html And we'll take it from there. Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] Sent: Wednesday, August 06, 2003 12:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Not enough coffee yet this morning..Here is the error message from IE: 500 Internal Server Error - The target principal name is incorrect. (-2146893022) Internet Security and Acceleration Server - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Bailey, Matthew Sent: Wednesday, August 06, 2003 10:25 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org One other thing I meant to mention, this Exchange 2000 OWA not Exchange 2003 OWA. I don't think it will matter for this but just in case.... - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Bailey, Matthew Sent: Wednesday, August 06, 2003 10:22 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org I did find the helpful but I have fun into a problem. I configured everything similar as your walk-through with one exception: on the Web Publish Rule I didn't check "require secure channel (SSL) for published site" or "require 128-bit encryption". We want to give users warning that we are switching to https vs http and give them time to update their bookmarks before we force them to https. Here is my problem. I can't reach the https URL. I can reach the OWA server directly from inside ISA via SSL and the http URL is still working (inside and out). Aside from the restart of the web proxy service while configuring the Incomming Web Requests, is there a need to restart the services at the end of the process? Where else could I have gone wrong? Thanks, - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 05, 2003 4:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Hi Matt, No problem! :-) If you find the articles helpful, let us know. If there's something missing, let me know and I'll fix them up. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] Sent: Tuesday, August 05, 2003 5:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org I thought to check the isaserver.org site after posting my question *doh*. I haven't had time to read the "lackluster" series of articles but I will. It appears that is the best way for me to proceed at this point. Thanks, - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 05, 2003 3:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Hi Matt, The problem with Server Publishing is you lose a LOT of security. You can use the RRAS port forwarding mechanism and get the same level of functionality. Notice I say level of functionality, since Server Publishing won't add any ISA Server firewall based security at all. If you want to get your money's worth, you'll use Web Publishing and SSL to SSL bridging, as described in some lackluster series of articles someone wrote on Publishing OWA recently ;-) The KB 307347 is a non issue. Just install Feature Pack 1, or create the Registry entry. And if you do SSL to SSL bridging (like you should) its not an issue at all, because SSL to SSL bridging solves the problem completely without requiring the registry fix. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] Sent: Tuesday, August 05, 2003 4:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] OWA, SSL, and ISA http://www.ISAserver.org I have my OWA server published through ISA using KB Article 290113. We are now adding a SSL Cert to the server and want to publish it through ISA. It appears there are 2 methods for doing it: 1. Export the SSL Cert to ISA 2. Use a server publising to publish the SSL website It appears the that Option 1 has a few issues with it namely KB 307347 and increased overhead. I am leaning towards using a server publishing rule to do this but I have a concern. I want to continue to use http while I test the https connections and it will take some time for all my users to convert over to using https. How will setting up the server publish described in KB 298900 effect the current web publishing of the same site on port 80? Can they live in harmony? Links for the articles mentioned above: http://support.microsoft.com/default.aspx?scid=kb;EN-US;298900 http://support.microsoft.com/default.aspx?scid=kb;en-us;307347 Thanks, - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')