Publishing OWA through ISA Server-walk through



ISA server and OWA publishing are like two best friends and it is something most administrators like to configure on ISA Server, infact it is also true for other exchange services like Activesync and Outlook anywhere.


In this post I would explain OWA publishing


Requirements:


Certificates for SSL connection


A. On CAS/Front End exchange server


As we are going to use ssl connection for OWA access we would require certificate to establish the SSL channel. We need to install a certificate on the CAS( IIS) server and bound to the default website and Issued to the website name.Since CAS(IIS) server is internal to network and internal users would also access it and most probably would use internal name of the server to access OWA internally so better approach would be to use FQDN of the CAS server to issue certificate to, in my case it is issued to CorpA08.corpa.local.



We need to install the rootCA certificate on the CAS server in the computer trusted authority store



Note: I m taking the best approach route here since I am not using SAN certificate or wild card certificates ,moreover we are only focusing on OWA in this post. I will write another post about what possible combinations we can have about the certificate that we can have on the CAS server.


B. On ISA server


We need to install a certificate on the ISA server and issued to the website name in this case it is issued to mail.corpa.com



We need to install the rootCA certificate on the ISA server in the computer trusted authority store




In this walk though we will first go through the OWA publishing wizard and where we will need to create listener for the web publishing rule we would go through that and then complete the publishing rule.


So we would launch the OWA publishing wizard as shown below



choose exchange web client access publishing rule and we will have the following screen



Give name to the rule and  move next we will get what services to select and version of exchange server



in my case I m using Exchange server 2007 and publishing OWA so I chose exchange server 2007 and selected OWA and after selecting OWA other options would grey out



and moving next we will get following



choose first option since we are not publishing a web farm and move next



since we will use SSL connection so lets choose first option for ssl and move next



Then enter the name(FQDN) of the CAS server for internal site name and its IP address then move next



Then enter the public name that we are going to use externally to access OWA in my case its mail.corpa.com and move next



Now we will create the listener to be used in this publishing rule ,click on new and we will get following screen



name the listener and then move next



use ssl since we are going to choose ssl connection


 


Choose External network where we are going to listen for the OWA requests and then clisck on the select IP addresses button to choose the IP address on the External NIC as  shown below



highlight the IP address and then click on the add button to add the IP address as shown below



then click on OK and then we will get the following screen to select the certificate to be used for SSL connection



click on select certificate and we will get following screen where we will choose the certificate corresponding to our public name for OWA which is mail.corpa.com.



then click on select and we will see following screen then move next



and we get the screen to choose the authentication method



since I m using Form based authentication method so I chose HTML Form Authentication with windows (Active Directory) and then move next



since we are not using single sign on we would uncheck Enable SSO option and move next



and the we will get listener completion screen and here we will click on finish and will get following screen after choosing the newly created listener in the to be used in the rule then move next



we will get authentication delegation screen where we choose authentication method as per the authentication method used on the CAS server for OWA access in our case we have basic on the CAS server for OWA access so we are using Basic authentication, after choosing the method move next



on users page choose all authenticated as shown below and move next



 


finaly we will get the completion page shown below



click finish and we are ready to access OWA through the ISA server.


 

Comments (1)

  1. Atp says:

    Good one.