Mombu the Microsoft Forum sponsored links

Go Back   Mombu the Microsoft Forum > Microsoft > OWA Mail Publishing Rule on ISA 2004 Workgroup Server
User Name
REGISTER NOW! Mark Forums Read

sponsored links

1 9th June 21:43
mike l.݊.Ȩɢr,\
External User
Posts: 1
Default OWA Mail Publishing Rule on ISA 2004 Workgroup Server

I have an HP DL320 ISA 2004 appliance deployed in a pilot environment with a
single NIC, in a workgroup. The system will be deployed in production in a
DMZ as an OWA reverse proxy.

In the pilot my back-end Exchange server is, and the ISA server
is My XP workstation is My back-end Exchange system
is currently part of a FE/BE configuration, with the FE system in the DMZ.
The ISA 2004 system will be replacing the FE system, and I hope to eliminate
the FE/BE arrangement alltogether and just reverse proxy to the back-end.
The FE/BE configuration I am speaking of in this pilot is in production. I
have merely installed an ISA 2004 server on the wire to test - under the
assumption that this should work. The real AD/DNS name of the back-end
server is

On the XP box I create a hosts file entry for and point it
to On the ISA server I create a hosts file entry for and point it to

I create a single mail server publishing rule for OWA on ISA using as both the published mail server and the public web site
name. Other than the default rule, this is the only rule in the FW policy.

I am using an HTTPS listener configured with a Verisign SSL cert matching Bridging is to the client only, and I send everything to
the backend Exchange server via TCP/80.

I have tried both forms based auth and basic auth with no luck. ISA will
serve me the page for both, but in the log, when it attempts to connect to
the BE Exchange server, I get nothing but failed connection attempts.

My confusion is in trying to understand which auth method will send
everything to the back-end and which implies that ISA will perform the
authentication? And, does the fact that this system is in a workgroup have
any bearing on either auth method? Does this ISA box need to be in the
domain to work at all?

Also, why can I not get this ISA box with this single rule to proxy anything
to the backend?

I have read in another thread that FBA requires that ISA perform all
authentication. If this is true, then I would rather avoid that method,
since what I really need is for all traffic to traverse TCP/80 on the
back-end, or SSL if I implement that.

  Reply With Quote

  sponsored links


Thread Tools
Display Modes

Copyright 2006 - Dies Mies Jeschet Boenedoesef Douvema Enitemaus -