Continuing the blogcast series on infrastructure essentials.
One step closer to making webmail available. In this blogcast, we publish our Outlook Web Access on the Internet, but initially using HTTP rather than HTTPS – the reason for this at this stage is that this gives us the potential to be able to monitor network traffic “in the clear” if there were a potential problem to diagnose. (But please note, if you are connected to the actual Internet, then I strongly recommend you don’t do this – I’m in a lab environment here.) We take a look at some of the terms used by ISA such as Forms Based Authentication, and look at how you can use the “netstat” command to verify the ISA server is listening for inbound traffic from the Internet.
As a quick digression though, notice a common problem many people make when installing their first AD domain. My internal DNS namespace is contoso.com. However, I also want contoso.com services available externally – for example by making webmail available through https://mail.contoso.com. I took the namespace decision deliberately to emulate that very scenario many companies face. It’s not the end of the world – we can easily overcome it and use what is called a “Split-Brain” DNS configuration. In this scenario, it simply means that we have two seperate DNS services authoritative for contoso.com, rather than a single authoritiative service. One service is for internal use, the other for external use (and is provided by our ISP in our case). If you are in the luxurious position of starting out and being able to decide on an internal namespace, I’d recommend you make life easier in the long run by choosing something like corp.contoso.com for the internal namespace instead. Click here to view.
0. Network configuration and series background.
1. Getting started
2. ISA Server configuration to allow basic web browsing capability
3. ISA Firewall Client basic configuration
4. ISA Firewall Client auto-detection through WPAD configuration
5. Configuring an Exchange mailbox and Outlook profile
6. Fixing 0x8004010F on Outlook send/receive
7. Installing our first Certificate Authority