RTM EX2K3: How to have OMA and OWA/SSL work together?!

RTM EX2K3: How to have OMA and OWA/SSL work together?!

Post by Ronny Ro » Sat, 05 Jul 2003 20:56:25



I have during the last 20 hours gone from big e*ment to growing grey
hair with setting up a lab environment of EX2K3.

I first managed to get OWA use the nice new login page, struggled a little
with the SSL settings and so, but in the end it worked. Ok, then it was time
to dig out the old Compaq Ipaq, to awe at the marvels of OMA, but, well that
didn't work.

By reading through the earlier posts in this ng I learned that i had to
remove SSL, I had to remove the tick box for "Enable forms based
authentication", I had to tick the option "Basic Authentication" for the
virtual IIS directory OMA. I did all this, and, yes - now OMA works fine.

But I just have one simple, humble question to ask: How do I get both OMA
and the new OWA login page with SSL to work together?

I am sure that I am missing something very obvious here, I can't believe
that MS would release such a major product as EX2K3 and not make sure that
two such vital parts as OMA and OWA with the new login page can't be enabled
at the same time.

Please help me find the solution, I need that to be able to give my bosses a
good show on why it would be worth the investement to upgrade from EX2K.

Regards

Ronny
IT Manager
Micros Fidelio Sweden

 
 
 

RTM EX2K3: How to have OMA and OWA/SSL work together?!

Post by Kara » Sun, 06 Jul 2003 12:36:03


I was the one that ran into the SSL issue.  You don't need to remove SSL,
just remove the "Require SSL".  This means that OWA will answer both HTTP
and HTTPS request.  Just block port 80 on the firewall and you will be
secure externally.
I still don't like the solution, but at least they both work.

HTH,
Karan Mavai


Quote:> I have during the last 20 hours gone from big e*ment to growing grey
> hair with setting up a lab environment of EX2K3.

> I first managed to get OWA use the nice new login page, struggled a little
> with the SSL settings and so, but in the end it worked. Ok, then it was
time
> to dig out the old Compaq Ipaq, to awe at the marvels of OMA, but, well
that
> didn't work.

> By reading through the earlier posts in this ng I learned that i had to
> remove SSL, I had to remove the tick box for "Enable forms based
> authentication", I had to tick the option "Basic Authentication" for the
> virtual IIS directory OMA. I did all this, and, yes - now OMA works fine.

> But I just have one simple, humble question to ask: How do I get both OMA
> and the new OWA login page with SSL to work together?

> I am sure that I am missing something very obvious here, I can't believe
> that MS would release such a major product as EX2K3 and not make sure that
> two such vital parts as OMA and OWA with the new login page can't be
enabled
> at the same time.

> Please help me find the solution, I need that to be able to give my bosses
a
> good show on why it would be worth the investement to upgrade from EX2K.

> Regards

> Ronny
> IT Manager
> Micros Fidelio Sweden


 
 
 

RTM EX2K3: How to have OMA and OWA/SSL work together?!

Post by Ronny Ro » Tue, 08 Jul 2003 00:19:22


Hi Karan,

Thanks for your reply. And you are correct, I can now use my Ipaq against
the OMA page and also point my browser to the OWA SSL page - and have both
working!

Now I will try to find a strategy for how to make this as secure as
possible. Obviously users who are on the road want to use their Ipaq's,
Ericsson phones etc to access the OMA page, and then I will need to have
port 80 open in the firewall to accommodate for them, right? But then, how
to make sure all OWA users don't forget the little 's' after http? Well, for
the moment I am happy, I am sure this will impress my bosses when I show
them EX2K3, especially with GFI Faxmaker added with fax and SMS capabilities
as well...

Regards

Ronny


> I was the one that ran into the SSL issue.  You don't need to remove SSL,
> just remove the "Require SSL".  This means that OWA will answer both HTTP
> and HTTPS request.  Just block port 80 on the firewall and you will be
> secure externally.
> I still don't like the solution, but at least they both work.

> HTH,
> Karan Mavai



> > I have during the last 20 hours gone from big e*ment to growing grey
> > hair with setting up a lab environment of EX2K3.

> > I first managed to get OWA use the nice new login page, struggled a
little
> > with the SSL settings and so, but in the end it worked. Ok, then it was
> time
> > to dig out the old Compaq Ipaq, to awe at the marvels of OMA, but, well
> that
> > didn't work.

> > By reading through the earlier posts in this ng I learned that i had to
> > remove SSL, I had to remove the tick box for "Enable forms based
> > authentication", I had to tick the option "Basic Authentication" for the
> > virtual IIS directory OMA. I did all this, and, yes - now OMA works
fine.

> > But I just have one simple, humble question to ask: How do I get both
OMA
> > and the new OWA login page with SSL to work together?

> > I am sure that I am missing something very obvious here, I can't believe
> > that MS would release such a major product as EX2K3 and not make sure
that
> > two such vital parts as OMA and OWA with the new login page can't be
> enabled
> > at the same time.

> > Please help me find the solution, I need that to be able to give my
bosses
> a
> > good show on why it would be worth the investement to upgrade from EX2K.

> > Regards

> > Ronny
> > IT Manager
> > Micros Fidelio Sweden

 
 
 

RTM EX2K3: How to have OMA and OWA/SSL work together?!

Post by Kara » Tue, 08 Jul 2003 04:36:59


Hey Ronny,

Happy to hear you've got things working too.  Pretty nice, huh?

One thing to answer, you actually don't need port 80 open for the phone and
PDA users for OMA.  You should have them going over SSL and 443 as well.
All the phones I know can handle the SSL transactions and the Ipaq's can as
well.  I have mine working with my own self-signed certificate which may not
work with some phones and adds complexity with PocketPC's as you have to
insert your domain root certificate onto the Ipaq.  If you are dealing with
lots of phones and PDA's you're better off getting a 3rd party certificate
from one of the main vendors (like Verisign) because the root certificates
for these vendors are on the phones and PDA's.

HTH,
Karan Mavai


> Hi Karan,

> Thanks for your reply. And you are correct, I can now use my Ipaq against
> the OMA page and also point my browser to the OWA SSL page - and have both
> working!

> Now I will try to find a strategy for how to make this as secure as
> possible. Obviously users who are on the road want to use their Ipaq's,
> Ericsson phones etc to access the OMA page, and then I will need to have
> port 80 open in the firewall to accommodate for them, right? But then, how
> to make sure all OWA users don't forget the little 's' after http? Well,
for
> the moment I am happy, I am sure this will impress my bosses when I show
> them EX2K3, especially with GFI Faxmaker added with fax and SMS
capabilities
> as well...

> Regards

> Ronny



> > I was the one that ran into the SSL issue.  You don't need to remove
SSL,
> > just remove the "Require SSL".  This means that OWA will answer both
HTTP
> > and HTTPS request.  Just block port 80 on the firewall and you will be
> > secure externally.
> > I still don't like the solution, but at least they both work.

> > HTH,
> > Karan Mavai



> > > I have during the last 20 hours gone from big e*ment to growing
grey
> > > hair with setting up a lab environment of EX2K3.

> > > I first managed to get OWA use the nice new login page, struggled a
> little
> > > with the SSL settings and so, but in the end it worked. Ok, then it
was
> > time
> > > to dig out the old Compaq Ipaq, to awe at the marvels of OMA, but,
well
> > that
> > > didn't work.

> > > By reading through the earlier posts in this ng I learned that i had
to
> > > remove SSL, I had to remove the tick box for "Enable forms based
> > > authentication", I had to tick the option "Basic Authentication" for
the
> > > virtual IIS directory OMA. I did all this, and, yes - now OMA works
> fine.

> > > But I just have one simple, humble question to ask: How do I get both
> OMA
> > > and the new OWA login page with SSL to work together?

> > > I am sure that I am missing something very obvious here, I can't
believe
> > > that MS would release such a major product as EX2K3 and not make sure
> that
> > > two such vital parts as OMA and OWA with the new login page can't be
> > enabled
> > > at the same time.

> > > Please help me find the solution, I need that to be able to give my
> bosses
> > a
> > > good show on why it would be worth the investement to upgrade from
EX2K.

> > > Regards

> > > Ronny
> > > IT Manager
> > > Micros Fidelio Sweden

 
 
 

1. BETA: Ex2K3 ActiveSync and OMA

Here is my environment...

ServerA (Ex2K3 front-end server) - HTTP instance was created on something
other than the default web site, but created via Ex System Manager UI.
ServerB (Ex2K3 back-end server) - HTTP instance was created on something
other than the default web site, but created via Ex System Manager UI.

From my pocketpc, I cannot:

use OMA via http://servera/oma or http://serverb/oma
or
use activesync to either server.

What do I have to do to get ActiveSync and OMA working again?

-th

2. Encryption

3. logon frm.sp? error

4. Making OWA for Exch 5.5 and OWA for E2k work happily together

5. CreateAddress API In Exchange

6. Installing Retail Exhange 2000 RTM over the trial Exchange 2000 RTM

7. WAN Advice Needed

8. Exchange 2000 RTM Eval -> RTM retail

9. OWA doesn't work with SSL

10. OWA only works without SSL?

11. New SSL certificate installed now OWA Password change does not work

12. OWA - Attachments not working after enabling SSL, sp2