According to the article it was supposed to go under computer on the ISA Server. On 12/22/05, Jim Harrison <Jim@xxxxxxxxxxxx> wrote: > > http://www.ISAserver.org > > *Exactly* where did you install the certificates? > Every machine has three basic locations: > - user > - computer > - service > > Each one of those has "personal" and "trusted root" locations for > certificates. > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx] > Sent: Thursday, December 22, 2005 09:51 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: that old 12202 forbidden chessnut > > http://www.ISAserver.org > > That's the bit I don't get, I went through that document word for word, > slowly, pedantically, and did exactly what it said. > > At any rate, what I really wanted to get working out of all of this was > active sync on an IPAQ, which I have managed this afternoon. So I am a happy > bunny from that perspective. Although I have responded to some of your > points below: > > Merry Christmas :-) and thanks for the feedback. > > Clayton Doige > IT Project Manager > CME Development Corporation > T: 020 7430 5355 > M: 07932 653787 > E:clayton.doige@xxxxxxxxxxx > W:www.cetv-net.com > > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: 22 December 2005 17:30 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: that old 12202 forbidden chessnut > > http://www.ISAserver.org > > You're clearly *not* following instructions. > CIL... > > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: Doige, Clayton [mailto:clayton.doige@xxxxxxxxxxx] > Sent: Thursday, December 22, 2005 07:54 > To: [ISAserver.org Discussion List] > Subject: [isalist] that old 12202 forbidden chessnut > > http://www.ISAserver.org > > > Some of you will recall a couple months back me having no success with > this error at all. > > > > Now that things have been quiet around here this week, I have had a chance > to revisit things. > > > > I uninstalled the original certificate authority I had created here, and > reinstalled one for cme-net.com. I again have gone through Liran Zamir's > Step By Step Publishing Article for publishing W2K3 OWA over ISA 2K4 using > Forms Based Authentication. > > > > The name on the certificate is registered in DNS, and I can ping that name > and have it resolve to the correct IP Address from an external computer. I > have added this name to the ISA Server's host file with the internal 10 > range address. > [Jim] - stop messing about with the hosts file; this is what DNS is for. > > [Clayton] - Under the section in the article I got from isaserver.orgcalled > Checking Browser connectivity from ISA to the OWA site it states: > "If the ISA Firewall cannot resolve the common name to the exchange ip > address using DNS, you should edit the ISA firewall's host file..." > > > When I go to the website, I am prompted to verify I want to proceed with > the untrusted certificate, which I do, and the OWA Form opens on the page, > I then put in my username and password (username being domain\user format) > and the 403 Forbidden pops up. > [Jim] - this is where ISA will fail; ISA *must* trust the cert issuer or > your internal connection will *not* happen > > [Clayton] - Fair enough, the article I used referenced importing the > certificate into the ISA Server, which I did do, admittedly certs are not my > strong point, but over and above what is in that article, how do I go about > getting ISA to trust my local CA? In the trusted root section, my cert is > listed, and I also imported the pfx file into the personal certs container, > and was able to select it via the listener. > > > Interestingly enough, when I had this error before nothing showed up in > the Logs of the ISA Server, however now, it comes up with a denied packet > associated with port 443, https, with the username I am putting in being > referenced. > > > > Is there some other rule that I need to create here? > > > > Lastly, when I browse to the OWA site from the ISA Server itself, before > the certificate prompt comes up, a security warning is displayed stating > that certificate revocation information for the previous certificate is > unavailable do I wish to continue. I am guessing this is due to the old cert > with that internal reference being still hanging around in IE somewhere, but > will that be contributing to the 12202 issue from the public side? > > > > Any help will be greatly appreciated, tomorrow being the last day for me > here this year, I would like to finish off on a positive. > > > > > > Clayton Doige > > IT Project Manager > > CME Development Corporation > > T: 020 7430 5355 > > M: 07932 653787 > > E:clayton.doige@xxxxxxxxxxx > > W:www.cetv-net.com > > > > > ______________________________________________________________________ > This electronic mail message and any attached files contain information > intended for the exclusive use of the person to whom it is addressed and may > contain information that is proprietary, privileged, confidential and/or > exempt from disclosure under applicable law. If you are not the intended > recipient, you are hereby notified that any viewing, copying, disclosure or > distribution of this information may be subject to legal restriction or > sanction. If you are not an addressee, please notify the sender immediately > by electronic mail and delete the original message without making any > copies. > _____________________________________________________________________ > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > clayton.doige@xxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > ______________________________________________________________________ > > ______________________________________________________________________ > This electronic mail message and any attached files contain information > intended for the exclusive use of the person to whom it is addressed and may > contain information that is proprietary, privileged, confidential and/or > exempt from disclosure under applicable law. If you are not the intended > recipient, you are hereby notified that any viewing, copying, disclosure or > distribution of this information may be subject to legal restriction or > sanction. If you are not an addressee, please notify the sender immediately > by electronic mail and delete the original message without making any > copies. > _____________________________________________________________________ > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > clayton.doige@xxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > -- Regards, Clayton clayton@xxxxxxxxxxxx http://alsipius.com