Publishing OWA through ISA Server-walk through

  • Article

ISA server and OWA publishing are like two best friends and it is something most administrators like to configure on ISA Server, infact it is also true for other exchange services like Activesync and Outlook anywhere.

In this post I would explain OWA publishing

Requirements:

Certificates for SSL connection

A. On CAS/Front End exchange server

As we are going to use ssl connection for OWA access we would require certificate to establish the SSL channel. We need to install a certificate on the CAS( IIS) server and bound to the default website and Issued to the website name.Since CAS(IIS) server is internal to network and internal users would also access it and most probably would use internal name of the server to access OWA internally so better approach would be to use FQDN of the CAS server to issue certificate to, in my case it is issued to CorpA08.corpa.local.

We need to install the rootCA certificate on the CAS server in the computer trusted authority store

Note: I m taking the best approach route here since I am not using SAN certificate or wild card certificates ,moreover we are only focusing on OWA in this post. I will write another post about what possible combinations we can have about the certificate that we can have on the CAS server.

B. On ISA server

We need to install a certificate on the ISA server and issued to the website name in this case it is issued to mail.corpa.com

We need to install the rootCA certificate on the ISA server in the computer trusted authority store

In this walk though we will first go through the OWA publishing wizard and where we will need to create listener for the web publishing rule we would go through that and then complete the publishing rule.

So we would launch the OWA publishing wizard as shown below

choose exchange web client access publishing rule and we will have the following screen

Give name to the rule and move next we will get what services to select and version of exchange server

in my case I m using Exchange server 2007 and publishing OWA so I chose exchange server 2007 and selected OWA and after selecting OWA other options would grey out

and moving next we will get following

choose first option since we are not publishing a web farm and move next

since we will use SSL connection so lets choose first option for ssl and move next

Then enter the name(FQDN) of the CAS server for internal site name and its IP address then move next

Then enter the public name that we are going to use externally to access OWA in my case its mail.corpa.com and move next

Now we will create the listener to be used in this publishing rule ,click on new and we will get following screen

name the listener and then move next

use ssl since we are going to choose ssl connection

Choose External network where we are going to listen for the OWA requests and then clisck on the select IP addresses button to choose the IP address on the External NIC as shown below

highlight the IP address and then click on the add button to add the IP address as shown below

then click on OK and then we will get the following screen to select the certificate to be used for SSL connection

click on select certificate and we will get following screen where we will choose the certificate corresponding to our public name for OWA which is mail.corpa.com.

then click on select and we will see following screen then move next

and we get the screen to choose the authentication method

since I m using Form based authentication method so I chose HTML Form Authentication with windows (Active Directory) and then move next

since we are not using single sign on we would uncheck Enable SSO option and move next

and the we will get listener completion screen and here we will click on finish and will get following screen after choosing the newly created listener in the to be used in the rule then move next

we will get authentication delegation screen where we choose authentication method as per the authentication method used on the CAS server for OWA access in our case we have basic on the CAS server for OWA access so we are using Basic authentication, after choosing the method move next

on users page choose all authenticated as shown below and move next

finaly we will get the completion page shown below

click finish and we are ready to access OWA through the ISA server.