Enabling forms based authentication in ISA 2004 for OWA.
I have to hold my hands up and say that I was not entirely happy with one of my answers from the Vancouver TechNet Winter Tour 2005 event Q&A session...
The question asked was 'how do you enable forms based authentication in ISA 2004 for Outlook Web Access Publishing'. The answer I gave was incorrect, so here goes:
Forms based authentication needs to be enabled on the web listener and is not part of the Mail Server Publishing Wizard. The procedure for enabling forms based authentication is:
1. |
In ISA Server Management, select the Firewall Policy node. In the task pane, select the Toolbox tab and the Network Objects header. |
2. |
In the Network Objects header, expand Web Listeners. Double-click the Web listener you created for Outlook Web Access publishing to open its properties. |
3. |
On the Preferences tab, under Configure allowed authentication methods, click Authentication. |
4. |
In the list of authentication methods, clear any authentication method that is selected (the default is Integrated), and then select OWA Forms-Based. This establishes forms-based authentication for the Outlook Web Access Web listener, and for the mail server publishing rule that uses this listener. You use the steps that follow to configure idle session time-out and attachment control options. |
5. |
Under Configure OWA forms-based authentication, click Configure to open the Outlook Web Access Forms-Based Authentication dialog box. |
There is a full description of the procedure for securely publishing Outlook Web Access in the document: https://www.microsoft.com/technet/prodtechnol/isa/2004/plan/owapublishing.mspx
Enjoy!
I have there
Comments
- Anonymous
March 04, 2005
I was the one who asked you the question. Thanks for the clarification. I will try your instructions this weekend (gotta love being an admin :-)
BTW your presentation rocked, it was very interesting and full of usefull tips. Thanks - Anonymous
March 07, 2005
Hi Bruce,
I am having difficulties configuring ISA 2004 and RPC over HTTPS. I have followed http://support.microsoft.com/?id=833401 very closely. The only difference between that you presented @ the Vancouver show and what I have is that I am using a RADIUS server. In my OWA listener when I try to configure Basic Authentication I get an error message. I see the connection attempt in my ISA but my clients are not talking to the server.
Any ideas
Thanks in advance
Nikolay
BTW how do I search your blog and how do i start a new topic. - Anonymous
March 07, 2005
Hi Bruce,
Great Victoria Event - good job!
I also ran into forms-based authentication problems with OWA publishing though ISA 2004. The problem/solution I ran into is mentioned in your linked Technet article, but I'll just focus in on the specifics of my scenario: migrating from ISA 2000 to ISA 2004.
With ISA 2000, I had forms-based authentication enabled at the Exchange 2003 server. When you move to ISA 2004 and use the new forms-based authentication option at the firewall, you MUST remember to disable forms-based authentication at the Exchange server. If you have forms-based authentication enabled at both ends, OWA publishing won't work for external users.
Russ - Anonymous
March 09, 2005
Nikolay,
I have come across the same problem before and there is a hotfix for your scenario. There is a KB article that you can use to verify that you have exactly the same problem..
http://support.microsoft.com/?kbid=884560
I normally hate just pointing people in the direction of KB artictles, but in the same scenario for me, the hotfix worked...
Many Thanks
Bruce - Anonymous
March 09, 2005
Thanks for the feeback Russ.. It is aloways great to hear that peopple enjoyed the sessions and find them useful...
Even more than that I really appreciate you letting us all know your solution for forms based authentication when upgrading from ISA 200 to 2004.
See you again, hopefully not in the too distant future.
Bruce - Anonymous
March 23, 2005
Just a small related question from Belgium:
I'm toying with a dedicate ISA2004-machine in a SBS2003 network, but somehow OWA-access eludes me. Forms based authentication seems to be working: I get to the authentication form, and when I put in wrong credentials it tells me so, but when I actually put in correct credentials I get an error 403 :-(
Any hints?? - Anonymous
March 28, 2005
Bart,
Can you do me a favour and contact me via this blog (click the contact button at the top) so I can see if I can walk you through the problem please?
Many Thanks
Bruce