Ask a question

Search Forums:

• Search Forefront Edge Security - Publishing Forum
• Search All Forefront Edge Security Forums
• Search All Microsoft TechNet Forums

 

ISA 2004 published OWA producing a 403

• Tuesday, September 15, 2009 9:22 AMQuitch

   
  

  0

  Sign In to Vote
  I have setup the publishing of Outlook Web Access through our ISA 2004 box. The name it is publishing OWA under is different from that of the certificate as we wish to ensure the connection works prior to replacing the existing setup (which is using the certificate name).
  
  The rule is setup to publish using HTTPS but pass connections through to the Exchange server using HTTP (one step at a time and all that). Connections are received by owa2.domain.co.uk but then passed on to owa.domain.co.uk, an entry exists in the hosts table for this.
  
  Attempts to connect first produce an expected certificate warning, but upon choosing to continue a 403 Forbidden error crops up
  
  The logs on the ISA server look as follows
  
  

  Original Client IP	Client Agent	Authenticated Client	Service	Server Name	Referring Server	Destination Host Name	Transport	MIME Type	Object Source	Source Proxy	Destination Proxy	Bidirectional	Client Host Name	Filter Information	Network Interface	Raw IP Header	Raw Payload	Source Port	Processing Time	Bytes Sent	Bytes Received	Result Code	HTTP Status Code	Cache Information	Error Information	Log Record Type	Log Time	Destination IP	Destination Port	Protocol	Action	Rule	Client IP	Client Username	Source Network	Destination Network	HTTP Method	URL
  82.133.108.155				ISA2004BOX	-		TCP	-						-				13644	0	0	0	0x0 		0x0	0x0	Firewall	15/09/2009 10:09:02	172.172.172.172	443	HTTPS	Initiated Connection		82.133.108.155		External	Local Host	-	-
  82.133.108.155				ISA2004BOX	-		TCP	-						-				13644	2000	712	1782	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN		0x0	0x0	Firewall	15/09/2009 10:09:04	172.172.172.172	443	HTTPS	Closed Connection		82.133.108.155		External	Local Host	-	-
  0.0.0.0	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1)	No	Reverse Proxy	ISA2004BOX		owa2.domain.co.uk	TCP			-	-		-	Req ID: 02b70e13 	-	-	-	0	1	2264	573		12202 The ISA Server denied the specified Uniform Resource Locator (URL). 	0x0	0x0	Web Proxy Filter	15/09/2009 10:09:06	172.172.172.172	443	https	Denied Connection	Default rule	82.133.108.155	anonymous	External		GET	http://owa2.domain.co.uk/
  82.133.108.155				ISA2004BOX	-		TCP	-						-				13645	0	0	0	0x0 		0x0	0x0	Firewall	15/09/2009 10:09:06	172.172.172.172	443	HTTPS	Initiated Connection		82.133.108.155		External	Local Host	-	-
  82.133.108.155				ISA2004BOX	-		TCP	-						-				13646	0	0	0	0x0 		0x0	0x0	Firewall	15/09/2009 10:09:06	172.172.172.172	443	HTTPS	Initiated Connection		82.133.108.155		External	Local Host	-	-
  82.133.108.155				ISA2004BOX	-		TCP	-						-				13645	0	397	294	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN		0x0	0x0	Firewall	15/09/2009 10:09:06	172.172.172.172	443	HTTPS	Closed Connection		82.133.108.155		External	Local Host	-	-
  82.133.108.155				ISA2004BOX	-		TCP	-						-				13646	2000	1067	2703	0x80074e20 FWX_E_GRACEFUL_SHUTDOWN		0x0	0x0	Firewall	15/09/2009 10:09:08	172.172.172.172	443	HTTPS	Closed Connection		82.133.108.155		External	Local Host	-	-
  82.133.108.155				ISA2004BOX	-		TCP	-						-				13621	0	0	0	0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED		0x0	0x0	Firewall	15/09/2009 10:11:40	172.172.172.172	80	HTTP	Denied Connection		82.133.108.155		External	Local Host	-	-

  Adding the Exchange server to the ISA's allowed sites shows that it is able to successfully make the connection to that server on port 80.
  
  I'm unsure why the connection attempts are falling to the default rule.
  • Reply
  • Quote