OWA External Access w/ ISA 2004 using FBA + SSL Problem

Discussion in 'Windows Small Business Server' started by Dane, Jan 27, 2007.

  1. Dane

    Dane Guest

    Internal Domain - SBS2K3 w/ISA 2004 - domain.local
    -OWA access works fine on port 80
    -OWA access won't accept correct username and pass on 443 w/ SSL
    -Currently SSL is disabled in IIS
    -But SSL is enabled in ISA so external connections get SSL

    External Domain - exchange.publicname.com
    -OWA access works fine on port 80
    -OWA access gives the error "Unkown Request:The request could not be
    resolved by the server" when using SSL on ISA w/ FBA
    - SSL certificate is from SBS and is *.publicname.com(this is on ISA, IIS
    has no SSL cert set to it)

    any suggestions on how I can get at least my external connections with SSL
    and FBA going?, and if possiable I would like to have SSL for internal
    connections as well. Thanks in Advance!
     
    Dane, Jan 27, 2007
    #1
    1. Advertisements

  2. Hello Customer,

    Thank you for posting here.

    According to your description, I understand that you can not access OWA via
    SSL from internal and external. If I have misunderstood the problem, please
    don't hesitate to let me know.

    Based on my research, I suggest we try the following steps to see if we can
    resolve this issue:

    1. You have to rerun the CEICW to make sure your SBS 2003 server have right
    network configuration. Go through the follow KB and Rerun CEICW again
    carefully.

    How to configure Internet access in Windows Small Business Server 2003
    http://support.microsoft.com/kb/825763/en-us

    Detailed steps for your reference:

    a. On the SBS 2003 Server open the Server Management console. Go to
    Standard Management\To Do List.

    b. Click the "Connect to the Internet" link.

    c. When navigating to the Firewall page, select "Enable firewall" and click
    Next (I suppose you have 2 network adapters in SBS 2003).

    d. On the "Services Configuration" page, select all the items and then
    click Next.

    e. On the "Web Services Configuration" page, make sure "Allow access to the
    entire Web site from the Internet" is selected. If you select "Allow access
    to only the following Web site services from the Internet", make sure all
    item in the list are selected. Click Next.

    f. On the "Web Server Certificate" page, choose to create a new Web server
    certificate and then type the public FQDN (your new DNS name) that you will
    use to access OWA and OMA (for example, if your public FQDN that you use to
    access the sites is mail.xyz.com, you should type mail.xyz.com as the new
    certificate name).

    g. Go through the remaining steps.

    2. And I suggest you check the authentication method via the following list:

    Default Web Site : Enable Anonymous Access

    Integrated Windows Authentication

    Exadmin : Integrated Windows Authentication

    Exchange : Basic Authentication

    Exchweb : Enable Anonymous Access

    Then run iisreset in command line to Reset IIS

    If the issue persists, please kindly help me collect some information for
    further investigation:

    1. Please capture screenshots on the error pages and send the pictures to
    me at

    2. Please gather system info on your SBS and send to me
    a. Click Start and then Run.

    b. Type in "msinfo32" without the quotations and click OK.

    c. Once System Information is up and running, click File and then Save.
    Save the system information to a .nfo file.

    3. Gather IIS log:

    a. Open IIS snap-in.

    b. Right click Default Web Site and click Properties.

    c. Uncheck the "Enable Logging" box and click Apply.

    d. Go to C:\WINDOWS\system32\LogFiles\W3SVC1 folder and move all files to a
    backup location.

    e. Check "Enable Logging" box and click OK.

    f. Run IISReset command.

    g. Reproduce the problem and send the log file in
    C:\WINDOWS\system32\LogFiles\W3SVC1 folder to me for research.

    4. Gather IIS Metabase:

    1) Download the IIS Resource Kit tools from the following page:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=56FC92EE-A71A-4C73-
    B628-ADE629C89499&displaylang=en

    2) Install it, run MBExplorer (Metabase Explorer)

    3) Right click the "LM" node and choose "Export to file".

    4) Specify a file name, specify the password and finish the export.

    5) Send the file and the password to .

    Hope these steps will give you some help.

    Thanks and have a nice day!

    Best regards,

    Terence Liu(MSFT)

    Microsoft CSS Online Newsgroup Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    =====================================================

    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | Thread-Topic: OWA External Access w/ ISA 2004 using FBA + SSL Problem
    | thread-index: AcdBqkeY9xGIBB0XSTKBW7YsXcWKJQ==
    | X-WBNR-Posting-Host: 207.46.198.15
    | From: =?Utf-8?B?RGFuZQ==?= <>
    | Subject: OWA External Access w/ ISA 2004 using FBA + SSL Problem
    | Date: Fri, 26 Jan 2007 16:30:00 -0800
    | Lines: 17
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
    | Newsgroups: microsoft.public.windows.server.sbs
    | Path: TK2MSFTNGHUB02.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:13098
    | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
    | X-Tomcat-NG: microsoft.public.windows.server.sbs
    |
    | Internal Domain - SBS2K3 w/ISA 2004 - domain.local
    | -OWA access works fine on port 80
    | -OWA access won't accept correct username and pass on 443 w/ SSL
    | -Currently SSL is disabled in IIS
    | -But SSL is enabled in ISA so external connections get SSL
    |
    | External Domain - exchange.publicname.com
    | -OWA access works fine on port 80
    | -OWA access gives the error "Unkown Request:The request could not be
    | resolved by the server" when using SSL on ISA w/ FBA
    | - SSL certificate is from SBS and is *.publicname.com(this is on ISA, IIS
    | has no SSL cert set to it)
    |
    | any suggestions on how I can get at least my external connections with
    SSL
    | and FBA going?, and if possiable I would like to have SSL for internal
    | connections as well. Thanks in Advance!
    |
    |
     
    Terence Liu [MSFT], Jan 29, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.