Test Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Monday, September 24, 2007 7:12 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ActiveSync and ISA FBA (HTML Forms) > > ..fixed it for ya... > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Greg Mulholland > Sent: Monday, September 24, 2007 4:53 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ActiveSync and ISA FBA (HTML Forms) > > It's the what; hair? > > > > Jim is a wizard.... > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > On Behalf Of Greg Mulholland > > Sent: Monday, September 24, 2007 5:53 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: ActiveSync and ISA FBA (HTML Forms) > > > > Jim loves wizards! :p > > > > Greg > > > > Jim Harrison wrote: > >> That's the point of the weirdzards; to prevent "oopsies" > for all the > >> fine details about publishing Exchange and SharePoint services. > >> > >> You don't want the FBA timeout applied to EAS clients. > >> The folks in Exch, WM6 and ISA all agreed that a wide-open > 30-minute > >> timeout was good for battery life. If you close that sooner, the > >> client has to re-authenticate. > >> > >> Jim > >> > >> -----Original Message----- > >> From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > >> On Behalf Of Jason Jones > >> Sent: Monday, September 24, 2007 7:25 AM > >> To: isapros@xxxxxxxxxxxxx > >> Subject: [isapros] Re: ActiveSync and ISA FBA (HTML Forms) > >> > >> Hmmm...when you select ActiveSync in the wizard, it > appears to disable > >> the "apply session timeout to non-browser clients" in the advanced > > form > >> options dialog. If you choose OWA, this options is enabled. > >> > >> As my rule was created manually (by copying the OWA rule > and amending) > >> the option is still enabled on the shared listener...never realised > > the > >> wizards had that level of granularity TBH. > >> > >> This all sounds very feasible as to the cause of my > problem, so just > >> need to wait and see if this changes fixes the issue > >> > >> Comments? > >> > >> JJ > >> > >> -----Original Message----- > >> From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > >> On Behalf Of Jim Harrison > >> Sent: 24 September 2007 15:05 > >> To: isapros@xxxxxxxxxxxxx > >> Subject: [isapros] Re: ActiveSync and ISA FBA (HTML Forms) > >> > >> Do these: > >> > >> 1. make sure your web publishing rule was created using the Exch > >> weirdzard. I've seen manually-created rules cause this sort of > > behavior > >> 2. make sure your CAS (FE) is responding to all requests properly. > > The > >> best way to determine this is to examine the IIS logs at > the CAS. My > >> RPC/HTTP part 3 blog has several of the more common > win32-status error > >> states you'll find for IIS auth problems > >> > >> Jim > >> > >> -----Original Message----- > >> From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > >> On Behalf Of Jason Jones > >> Sent: Monday, September 24, 2007 4:41 AM > >> To: isapros@xxxxxxxxxxxxx > >> Subject: [isapros] ActiveSync and ISA FBA (HTML Forms) > >> > >> Hi, > >> > >> Is anyone aware of any problems with ActiveSync when ISA > is configured > >> to use FBA with fallback to basic? > >> > >> We have recently moved to a single web listener as part of our > > Exchange > >> 2007 upgrade and users are now getting intermittent > password prompts > >> when ActiveSync tries to authenticate to ISA. If users > provide their > >> credentials, the connection is successful. I have also > seen the issue > > at > >> a couple of customers in the past, but assumed it was a > device issue. > >> > >> If we go back to a second listener configured for basic > authentication > >> only (not HTML forms) users are no longer intermittently > prompted and > >> stability is good. > >> > >> Ideally, I would like two listeners, one for > OWA/ActiveSync using FBA > >> and one for Outlook Anywhere using Integrated (with KCD). > >> > >> Any sneaky KBs I may have missed?? > >> > >> Cheers in advance... > >> > >> JJ > >> > >> > >> > >> All mail to and from this domain is GFI-scanned. > >> > >> > >> > >> > >> > >> All mail to and from this domain is GFI-scanned. > >> > >> > >> > >> > >> > > > > > > > > > > > >