Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA/ISA question

Status
Not open for further replies.
adfreek

adfreek

IS-IT--Management
Joined
Jul 22, 2003
Messages
227
Location
US
Hello,

We have a single homed ISA 2004 server in our DMZ. I gone through all the articles to set up Exchange 2003 OWA with forms based authentication. Everything is working fine right now as I can type in:
I just completed making changes on our two front end OWA servers (load balancing set up and working) where I followed this article
This let me make changes so users who put in http would really be redirected to https and also, the change where the /exchange virtual directory doesn't need to be speficed in url so users can simply type:
Now, when I type in I'm getting the following error message:

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

ISA server isn't passing it through.

Has anyone set this up before? Sounds like I have to make a change on ISA box

Thanks
 
Sort by date Sort by votes
You said this is working when you type in right?

Where does this work from? Internal or External? On the server or from a client?

Did you mean that you have a FE server installed on a DMZ created by two ISA Servers? Explain your configuration to me a bit more and tell me how the behavior changes when you test from the Server(s), External client to ISA Edge Firewall, and Internal client on the Secure network to the inside of the ISA firewall please and maybe I can help further.

Steven Parent [MSFT]
 
Upvote 0 Downvote
Here is my setup:

Single Homed ISA 2004 box with a public IP address hard coded on TCP/IP properties sitting in DMZ.

Two Exchange 2003 FE OWA servers on internal network. A network load balancing cluster is setup and includes these two nodes with a virtual IP. That Virtual IP is set up on the local hosts file on ISA box to resolve owa.domain.com.

Intially I had one OWA Web Publishing rule created pointing ot owa.domain.com and on the listener, I selected "internal" network and had both HTTP and HTTPS checked off.

From the internet, I could get to no problem.

The goal is to use and have the http request redirected to https and also not have to put in the /exchange virtual directory in URL.

I followed the KB articles to set up redirection (although, I would like to ask you which one you use because I'm finding multiple articles with conflicting information).

Ever since making those changes, I can't get anything to work, internally or externally.

I've removed load balancing for now and will use one FE OWA box for testing. as for firewall, for right now, HTTP/HTTPS is allowed from internet to ISA box and everything is allowed from ISA to internal network (for now).

I created a second web server publishing rule using the same owa.domain.com and a new listener. On this listener, I selected on HTTP and not HTTPS and I went into the original rule and removed HTTP.

I would like to start from scratch if I have to, but I just need to know if this can work with a single homed ISA server and if so, how many rules do I need to create and how do I create them?

Thanks
 
Upvote 0 Downvote
Well we are a little out of my comfort zone, but I do not see anyone else trying to help so I figured I would give it a shot. Honestly if you had it working directly, it sounds like a DNS issue, or perhaps ISA is not forwarding the original host header to the FE server. If it works from external using then it should also work with as long as once it makes it to the IIS server it knows to redirect.

So with that said, if you test this locally on the IIS server, does it redict and shoot you to the right place? If not, make sure you have the home directory setup right for the default website if that is what you are using. Even better, instead of using the default website, create a second HTTP Virtual Server in the ESM and let it create a new website. With that website, setup your Host header and redirect. Once it works internally, then test external. External is a waste of time if Internal doesnt work.

Hope it helps.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

S
  • Locked
  • Question Question
MS Exchange contacts question
Replies
0
Views
887
sdp.Daniele
S
microsGuy16
  • Locked
  • Question Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
3K
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
3K
ponoodle
ponoodle
Amaksoud396
  • Locked
  • Question Question
Exchange 2016 sizing questions
Replies
0
Views
340
Amaksoud396
Amaksoud396
lwhalo
  • Locked
  • Question Question
Domain Admins - Active Sync/OWA question
Replies
1
Views
350
ntinlin
ntinlin

Part and Inventory Search

Sponsor

Back
Top