Exchange Exchange
A community dedicated to Exchange and related technology.
Andy Schan's Exchange Blog » Exchange Server 2007, OWA and ISA Server 2006 - Part 2
Exchange Server 2007, OWA and ISA Server 2006 - Part 2

Exchange Server 2007, OWA and ISA Server 2006 – Part 1

This is my second post outlining the configurations necessary to publish Exchange Server 2007 OWA in a DMZ with ISA Server 2006 in a workgroup configuration, in particular how this differs from the TechNet procedures documented here. In the first part, I outlined how to configure authentication over SSL (including installing the necessary certificate) and how to reconfigure your server farm connectivity verification for HTTPS (instead of the default HTTP). In this post, I'll outline how to configure ISA Server 2006 to authenticate users against Active Directory using LDAPS (LDAP over SSL). Of course, you will need an SSL certificate installed on the ISA Server 2006 server, but as you're publishing OWA over SSL you already have a certificate on the box.

LDAP authentication can be configured in the New Web Listener Wizard when you're initially creating the web listener, or it can be configured on an existing web listener as follows:

  1. Access the Properties dialogue for web listener, then select the Authentication tab.
  2. On the Authentication tab, select LDAP (Active Directory) in the Authentication Validation Method section, then click Configure Validation Servers…
  3. In the Authentication Servers dialogue, click Add…
  4. In the Add LDAP Server Set dialogue, name the LDAP server set. Enter the FQDN of the domain in the Type the Active Directory domain name field, then select the Use Global Catalog and Connect LDAP servers over secure connection options. If you're going to be providing password change capability over OWA, define the user name and password used to access Active Directory in the bottom fields in the dialogue.
  5. Click Add… to add LDAP servers to the server set. In the Add LDAP Server dialogue, specify the FQDN of the GC (or IP address if name resolution isn't configured), then click OK to add it to the server set.
  6. Repeat step 5 to add the rest of the GCs to be used for authentication, then click OK to create the LDAP server set and return to the Authentication Servers dialogue.
  7. In the Authentication Servers dialogue, click Close to apply the settings and return to the web listener's Properties dialogue, then click OK to apply the changes to the Properties dialogue and return to the Microsoft Internet Security and Acceleration Server 2006 GUI.
  8. Back in the Microsoft Internet Security and Acceleration Server 2006 GUI, click Apply in the right-hand pane and then click OK in the dialogue advising that your changes have been saved.

And, that's the last of the configurations needed to publish OWA in an ISA Server 2006 workgroup configuration; hopefully you found this of some use. This wasn't an attempt to document the entire process, but simply highlight the changes/additions to the TechNet procedures.

 

Until next time,

Andy

Posted Mon, Feb 9 2009 8:06 AM by aschan
© 2003-2009 NamedPipes Consulting. All other company and product names are property of their owners.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems