OWA question.

TechJunky

I am having trouble accessing an OWA session through my ISA server. I was curious if there was something I am supposed to be allowing through for users within our network to access an OWA server outside of our network. If I get on our internet connection direct bypassing the ISA server I am able to connect to the OWA server.

It looks like it connects to the OWA, then it asks for username/password and then it looks like it is trying to load. It loads the left pane of the OWA client but then asks for the username/password again in order to load the actual inbox portion pane to the right. I finally hit cancel and the left side is completely loaded, but the inbox portion will not load.

It works fine directly connected. I enter the username/password once and it connects and everything works fine.

Let me know.

Thanks.

sprkymrk

Are you using Integrated Authentication for the OWA site? I remember an issue with that on ISA and it's recommended to use basic authentication coupled with SSL instead.

TechJunky

I have no idea to be honest, its not my OWA site.

sprkymrk

When you go to the OWA site, is it https://owasite.com or http://owsite.com ? Is the OWA/Exchange on the same domain as your users?
Both of those can provide clues. If you say it is very slow, and basically not responding even though you know you connected, I bet they are using integrated auth.

TechJunky

They connect via http://mail.site.com

domain name is totally different.

It responds, it just keeps asking to authenticate. Like it doesnt accept the login credentials. I know its not the credential information I am entering because i can get on fine when I bypass my ISA firewall. It has to be something I need to allow through our company ISA.

Smallguy

take alook at tis

http://www.petri.co.il/configure_isa_to_publish_owa.htm

make sure everything is configured properly

we got rid of isa 2000 here and put in a hardware device becase we had way too many issues with it worknig correctly with OWA

not saying ISA sucks but we had too many issues with it

has this ever worked before if so just restore ISA

TechJunky

Smallguy, sorry if I am not making myself clear. I am not trying to have users connect to my OWA. I am trying to have my users connect to someone elses OWA. I do not need to know how to configure our OWA, our OWA works fine.

I need to allow a rule for my ISA to allow internal users to access an external OWA off site.

IE: lets say my domain name is mine.com. Now lets say we have a customer who has a domain name theirs.com. I am trying to connect to mail.theirs.com Outlook Web Access Server. This means I am trying to allow an outbound connection from mine.com to theirs.com for OWA.

I hope that clears things up.

sprkymrk

My vote is still that they are using integrated authentication (sorry for sounding like a broken record) and ISA has never been able to handle that with OWA for some reason. As far as I know there is no "fix" for it, just the work around I mentioned with ssl and basic.

If I come across something else I'll let you know. The only other time I have seen what you describe is when the LAN Manager authentication didn't match between computers. For instance the OWA server is set for "Send NTLM v2 Response only" and the remote workstation trying to connect is set lower like "Send LM & NTLM responses", which causes it to repeatedly ask for the user name and p/w. However, since you can connect fine by by-passing the ISA box, I doubt that's the issue.