While continuing to help my friend with his Exchange 2003 deployment I thought I would complete my ISA reverse proxy configuration that I started and complete the encryption process from the ISA Server back to the Exchange server now that the ISA Server to the internet portion has been encrypted with SSL. So I set up a Certificate Server internally and once I had done a GPUPDATE policy refresh at the Exchange Server so that IIS 6.0 would recognise that fact that an “Online CA” was now available, I issued an SSL cert for the Exchange Server. Once SSL is working directly against the Exchange Server you can then enable the Forms Based Logon available in the Exchange System Manager and have a pretty, Hotmail looking, logon screen for your users to logon with. This doesnt work without SSL by default though Im sure theres a way around it…just havent looked it up in TechNet yet..:).
Bear in mind that you will need to modify your ISA Web proxy rule to now redirect SSL requests as SSL requests and also import the root certificate from the CA you just created so that ISA trusts it otherwise it wont work properly till you do this. Only RPC over HTTP to go!