General discussion


OWA 2003 through ISA 2000

By wayne.klug ·
I'm having a terrible time getting our OWA 2003 site published through our ISA 2000 server (at least I think that's where the problem is).

Our website is hosted externally by lunarpages. I have created a subdomain and have the A record pointing to the external IP address of our Exchange 2003 server (redirection is handled by ISA).

When I try to browse to the address ( it asks for credentials, but I cannot authenticate. It just continues asking for the password and after 3 times says the page cannot be displayed and give this error:

401 Unauthorized - The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator. (12209)
Internet Security and Acceleration Server

To configure everything between ISA and OWA I have followed the steps outlined on the following page:

Any suggestions from those familiar with ISA, Exchange, or IIS is greatly appreciated.

Thank you, Wayne

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to OWA 2003 through ISA 2000

humm didn't read the article but I'll give you the gist of ISA 2000. In a properly configured ISA Server, ISA acts as an intermediary between a public request for services such as email and the network. You don't actually gain access. ISA fetches what you want from the network and passes it on to the requestor. If ISA resides on the server that hosts the service such as in the Microsoft Small Business Server software, you not only have to create site and content rules, protocol rules but also a packet filter for the services. That means that if you are going to authenticate with a DC that ISA server also resides on you must create a packet filter in addition to site and content rules and protocol rules.

Collapse -

by CG IT In reply to

ISA can be tricky in that when first installed it blocks ALL traffic and it blocks all traffic. You must then allow traffic. Further ISA in a Active Directory domain environment will not allow traffic for users who do not belong to the Internet users security group. That means both Externally in and internally out regardless of site and content rules, protocol rules and packet filters.

Related Discussions

Related Forums