ISA 06 Exchange 03 FBA issue
I have a single Exchange 03 server published by a ISA 06 server. FBA is turned off on the Exchange box and externally I am getting the correct FBA logon box and OWA all works well.
I am using a split DNS and would like my internal users to be able to access the OWA site internally using the same url as externally, but because FBA is turned off on exchange, users are prompted with a "ugly" blue MS logon box. (if they enter domain\username and password, OWA works OK)
ISA04 was easy as the FBA was done by the exchange server, but with ISA06, ISA looks after it.
Has any one developed a work around? I would love my users to browse to https://external.domain.name/exchange both internally and externally and receive the same website.
I am using a split DNS and would like my internal users to be able to access the OWA site internally using the same url as externally, but because FBA is turned off on exchange, users are prompted with a "ugly" blue MS logon box. (if they enter domain\username and password, OWA works OK)
ISA04 was easy as the FBA was done by the exchange server, but with ISA06, ISA looks after it.
Has any one developed a work around? I would love my users to browse to https://external.domain.name/exchange both internally and externally and receive the same website.
Isn't Bill such a Great Guy!!!!
Comments
-
HeroPsycho Inactive Imported Users Posts: 1,940Make sure your internal DNS resolves the IP for the name to the internal IP address of the ISA Server by having a forward look up zone for your external domain name that map to internal IP addresses.Good luck to all!
-
SWM Member Posts: 287Make sure your internal DNS resolves the IP for the name to the internal IP address of the ISA Server by having a forward look up zone for your external domain name that map to internal IP addresses.
Thanks
So rather than use a split dns and point (internally)the external FQDN for my OWA site to the internal Exchange site IP, rather point it at the ISA box... I will try today
I also had a though overnight, that I could export the Exchange virtual dir from the mailbox IIS and import it back as "Exchange-isa" and point my ISA publishing rule at Exchange-isa vdir. I could then have one vdir with forms on and the other with forms off...
Will try both and adviseIsn't Bill such a Great Guy!!!! -
SWM Member Posts: 287found the answer...
Enabling ISA Firewall Forms-based Authentication (FBA) for OWA Connections for both Internal and External Clients – Part 1
Enabling ISA Firewall Forms-based Authentication (FBA) for OWA Connections for both Internal and External Clients (Part 2)
spit DNS and browsing to internal nic of ISA is not enough... will try it over the next few days.. Should have know Mr Thomas Shinder would have the answerIsn't Bill such a Great Guy!!!!