OWA 2007 authentication problem with ISA 2006
I have inherited an SBS 2008server that was built and migrated from SBS 2003,that seems to be working fine. Mail flow and OWA both work. I am trying to configure an ISA server to improve security while using OWA. The problem is that I am prompted twice for authentication. Once by an OWA page protected by ISA, then by Exchange itself. I know that the reason for this is that the authentication needs to be set to basic on the OWA virtual directory in IIS on the Exchange box and on the publishing rule in ISA. The problem is when I test the rule in ISA with both set to basic authentication, the test for */OWA fails because the ISA server thinks that the "publishing server" is set the forms based authentication. The other 3 virtual directories report correctly. I have confirmed many times that the settings are basic. I have tried to change the OWA authentication to forms based and as expected, the ISA rule test replies that the authentication is incorrect. When I change it back, I get the same test rule failure. I have tested the connectivity by changing the authentication on the other 3 virtual directories and they instantly report the change. My best guess is that the problem is with the OWA virtual directory but I have no other proof of a problem other than the ISA rule failure. I also don't know how else to test the permissions.One other note, the SSL certificate on the Exchange server is from an internal CA, and has been added to the ISA server.
December 15th, 2009 4:41pm
Look no further:Eriq Oliver Neale MVPISA 2006 in front of SBS 2008 Whitepaper Availablehttp://msmvps.com/blogs/onq/archive/2009/04/09/isa-2006-in-front-of-sbs-2008-whitepaper-available.aspxEriq Oliver Neale has written excellent books about SBS 2003 and SBS 2008.The certificate is most likely generated at install time. It works very well and does not pose any issue with ISA.
MCTS: Messaging | MCSE: S+M | Small Business Specialist
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2009 5:20pm
Thanks, I have already read that document. It has the install steps but does not cover the problem I am having.
December 15th, 2009 5:50pm
Hi,What is the authentication on exchange server? Basic? Form based Authentication??What is the authentication on ISA publish rule? Basic? HTML FormAuthentication??What is thecertificate for the ISA Server Web Listener?It should be issued to the public FQDN(public name).Please try to disable form based authentication on exchange server and then select to use basic authentication to test the issue again.You can compare the configuration against to settings in following article:Publishing Exchange 2007 OWA with ISA Server 2006http://www.msexchange.org/tutorials/Publishing-Exchange-2007-OWA-ISA-Server-2006.htmlRegards,Xiu
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2009 6:43am
HiI have the Same Problem......As per Xiu Zhang disable FBA on Exchange Server.....I have Customized my Exchange Login Form ....By doing above mentioned configuration i can not utilized the customize one.....Is there any other solution.....?
February 27th, 2010 12:51pm