Good day, Scott. We are trying to set up OWA using ISA with FP1, and Internet Information Services (IIS) 5.0 (on same machine). I have followed all the relevant requirements found on this issue from Microsoft and the ISA Web site, and am still having an authentication problem. The setup is as follows:
Internet -> CheckpointFW -> ISA server -> Exchange server
The CP FW has a rule to allow access to the ISA via SSL/HTTPS.
When I attempt to access the OWA using https://web-server-name/exchange/, I get the SSL security certificate notice and accept it, and am then prompted for a username and password like I should be. I enter a valid username and password, and when looking at the session log of the ISA server, I see an open session for domain/username as I should. Despite this, the Web page gives me the following error:
500 Internal Server Error - The network logon failed. (1790)
Internet Security and Acceleration server
I have not been able to find what is wrong anywhere, and I have been working on this for over two weeks now. Do you have any idea what the problem could be and where to start looking?
I have set it to use basic authentication. The domain is correctly set up, I've tried giving the group everyone "log on locally" rights, etc. -- and still no luck.
I would really appreciate any help on this.
It sounds like everything is configured correctly. Some additional things you can do to troubleshoot this are:
1. Try adding host headers to the OWA virtual directory. You can find instructions for doing this in Microsoft Knowledge Base article 312422. (Note that the article does not apply to your situation; I'm just using it here as a reference for adding host headers.)
2. Check out the IIS, Checkpoint and ISA log files. There should be some indication in there as to why the logon is failing.
3. Check your authentication methods. For example, if you are trying to do Integrated Windows authentication, that will fail over ISA.
4. Run Network Monitor at all endpoints and analyze the traffic. This should show you where the authentication is failing, and possibly why it is failing.
5. Have a look at Microsoft Knowledge Base article 290113, which discusses how to publish OWA behind ISA.
6. Also review Microsoft Knowledge Base article 307347, which also discusses the need for host headers when using secure OWA behind ISA.
7. Have a look at Microsoft Knowledge Base article 308599, which details how to publish Exchange via ISA.