http://www.isaserver.org/articles/2004pubowartm.html Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP -- ISA Firewalls **Who is John Galt?** ________________________________ From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx] Sent: Thursday, December 22, 2005 9:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] that old 12202 forbidden chessnut http://www.ISAserver.org Some of you will recall a couple months back me having no success with this error at all. Now that things have been quiet around here this week, I have had a chance to revisit things. I uninstalled the original certificate authority I had created here, and reinstalled one for cme-net.com. I again have gone through Liran Zamir's Step By Step Publishing Article for publishing W2K3 OWA over ISA 2K4 using Forms Based Authentication. The name on the certificate is registered in DNS, and I can ping that name and have it resolve to the correct IP Address from an external computer. I have added this name to the ISA Server's host file with the internal 10 range address. When I go to the website, I am prompted to verify I want to proceed with the untrusted certificate, which I do, and the OWA Form opens on the page, I then put in my username and password (username being domain\user format) and the 403 Forbidden pops up. Interestingly enough, when I had this error before nothing showed up in the Logs of the ISA Server, however now, it comes up with a denied packet associated with port 443, https, with the username I am putting in being referenced. Is there some other rule that I need to create here? Lastly, when I browse to the OWA site from the ISA Server itself, before the certificate prompt comes up, a security warning is displayed stating that certificate revocation information for the previous certificate is unavailable do I wish to continue. I am guessing this is due to the old cert with that internal reference being still hanging around in IE somewhere, but will that be contributing to the 12202 issue from the public side? Any help will be greatly appreciated, tomorrow being the last day for me here this year, I would like to finish off on a positive. Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07932 653787 E:clayton.doige@xxxxxxxxxxx W:www.cetv-net.com ______________________________________________________________________ This electronic mail message and any attached files contain information intended for the exclusive use of the person to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. If you are not an addressee, please notify the sender immediately by electronic mail and delete the original message without making any copies. _____________________________________________________________________ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx