«
»

ISA Publishing OWA and RPC/HTTP using LDAP Authentication


PLEASE NOTE: this is a personal notepad while TESTING IS COMPLETED. Review the links to become familiar with the concepts. Commentary to follow when Patterns and Practices have been validated.

work in progress…. thanks

One of the outstanding features of ISA Server 2006 is it’s web publishing and Exchange Server publishing capabilities.

Dr. Tom Shinder has written an excellent series of articles on this subject at isaserver.org.

Check out one from the series here:

ISA Firewall Publishing OWA and RPC/HTTP with a Single IP Address

  1. Overview and Network Topology
  2. SSL Certificates and Exchange 2003 OWA HTTP/RPC setup
  3. Creating the Exchange 2003 Web Publishing Rule in ISA
  4. Outlook Client setup and testing with RPC/HTTP in Exchange
  5. LDAP Authentication through ISA for Exchange Server 2003

Dr. Shinder is a recognized ISA expert, blogger and writer of many books on ISA Server.

For additional information:

NOTE TO SELF: Disable Forms Authentication on the Exchange HTTP Virtual Server to perimt ISA to act as Proxy for Forms Authentication. See this guide.

Scenario assumptions

The following assumptions apply to the scenario:

  • Exchange Server 2003 is installed and configured on exchange01.
  • Exchange Server 2003 is installed and configured on owa01. The owa01 computer should be configured as an Exchange front-end server. For more information about Exchange Server front-end and back-end configurations, see the following:
    • “Front-End and Back-End Server Topology Guide for Exchange Server 2003 and Exchange 2000 Server” at the Microsoft TechNet Web site
    • “Configuring an Exchange Front-End Server” at the Microsoft TechNet Web site

Important

  • On owa01, do not select the Exchange Server 2003 forms-based authentication option. Forms-based authentication should be configured on the ISA Server Web publishing rule.
  • The owa01 computer has an SSL certificate installed from dc01 with a common name of owa01.corp.contoso.com. The internal URL is https://owa01.corp.contoso.com/exchange.
  • The external common name (fully qualified domain name or FQDN) is mail.contoso.com.
  • The isa01 computer has the root CA certificate for dc01 installed. This is necessary for ISA Server to accept the validity of the certificate on owa01.
  • The isa01 computer has an SSL certificate installed from router01 with the common name of mail.contoso.com.
  • The FQDN mail.contoso.com will resolve to the IP address 172.16.0.104, which is installed as a secondary IP address on isa01.

Technorati tags: , ,

, , , , ,

This entry was posted on 2007/02/17, 03:26 and is filed under ISA. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. No comments yet.
(will not be published)