Overview of Publishing OWA 2003 in ISA Server 2006 SP1

Publishing OWA 2003 in ISA server 2006 SP1 is simply easy and straightforward. However, what do the beginner need to publish OWA 2003. Of course, the one thing we need to do is, to import the certificate of Outlook Web Access into the ISA server. Most mistake they did was to renew the certificate of OWA. actually, we don’t need to renew the certificate. The only thing is to export the current certificate in to a .pfx file.How do you do that?

On Exchange Server:

  • you go to your frontend exchange server or your single exchange server where you set OWA FBA.
  • Open your Internet Information Services, and right click your exchange default website.
  • right-click properties and go to Directory Security.
  • Click Server certificate button, click next to start the wizard.
  • Choose “Export the current Certificate to a .pfx file”. Click Next.
  • Enter Path and filename you want to save. Let say, C:\owacertificate.pfx
  • set the password and confirm the password and click next until finish.

After that, import the “owacertificate.pfx” into your ISA Server. Remember, you import the certificate into “Personal”. Otherwise, once you try to publish the Exchange Client Access rule, the ISA server will not seeing your owacertificate. Please make sure you import the certificate in Personal folder.

Then, create your OWA publishing. To create the OWA publishing rule, DNS server in your internal DNS take the role as well as your public DNS. For example, if the public domain is “mail.netoverme.info” , you need to resolve the domain to certain IP address and also your internal dns should work fine in order FQDN works properly so that it points to the correct internal domain which accordance to your OWA publishing. have a read on Split DNS. This link should solve your problems.

see you next time on this similar to topic later on.


Test Rule Available in ISA Server 2006 SP1

Hi all,

I like to attach an image of my Exchange Access Client Publishing Rule. when you create Exchange access client publishing for the client to access OWA, or using RPC, the ISA server 2006 Service Pack 1 provides the test rule button to check whether the access rule we create is valid and reachable to destination. The Test Rule will not available at ISA Server 2006, it’s only in Services Pack1.

Multiple Websites using Host Header Integration to ISA server 2004/2006

I want to show you on how to publish websites using host header. in here, I used the following components:

  • Internet Information Services 6.0
  • DNS Server  to resolve different name with same IP address.
  • ISA Server 2004/2006

There are many ways to do multiple websites. in my steps, I used only one IP address with different Alias for the host headers.

Step 1: Prepare your website and upload to IIS

Figure 1:  Two websites publish

In this examples, I have 2 websites to published to the Internet. Test1 and Test2 are used with the same IP address and same ports 80.

Figure 2: Two properties of 2 websites

Step 2:  On the both properties, you see on the advanced button in Figure 2. For Test1 website,click the IP address and click Edit and add the host header value “test1.netoverme.info”. repeat this at the Test2 website and give name “test2.netoverme.info”

Figure 3: example of host header given.

After that, restart your IIS server.

step3: Go to your DNS server. at the Forward Lookup Zone, right-click on your domain, and Add Alias and give a Alias Name as “test1” and at Fully Qualified Domain Name (FQDN), I point to my web-server which is dc-server.netoverme.info

Figure 4: Alias CName

please repeat this for test2 website. give alias name as test2.netoverme.info

Step 4: verify that test1.netoverme.info and test2.netoverme.info can browse internally.

step 5: you open your ISA server and create new web server publishing on Firewall Policy. Create to allow “All” . While you go on the wizard,

at the Define Website to Publish, type the internal website. previously, the test1 website is using “test1.netoverme.info”. Thus, we type test1.netoverme.info in the computername/Ip address box and check the box “Forward the original host header instead of the actual one”. This is important because, it will lookup the host header that we created previous step.

Figure 5: Define Website to publish

at the select Web listener, if you don’t have at all, you need to create one web listener. Even you create multiple websites, you need one web listener and listening the same port which port 80.

after you create web listener, at Select Web Listener, click Next and at the user sets, leave it as default for all users and click Next and Finish.

* Repeat the steps for Test 2 website.

Step 6: Define your External DNS and create 2 Host Records. For example, Test1.netoverme.info and Test2.netoverme.info. This is done at your public DNS or External DNS. Finally, Try to Browse..

hopefully you can work it successfully..

Backup your firewall policy (ISA Server 2006)


Back up the firewall policy is simply easy.

The steps:

  1. Open ISA Server Management
  2. right-click Firewall Policy. You will see “Export”.
  3. In welcome wizard, just click Next.
  4. You may have to export by using password. This is recommended. Just tick Export confidential information
  5. type your password.
  6. Save the data by entering the location and filename such as E:\Firewallpolicy\allpolicy.xml.Click Next
  7. then, finish.

Just for your information:

if you try to import your policy from ISA server 2004 to ISA server 2006, it will not work.  you will see a warning.

Connectivity Dashboard of ISA Server 2004/2006

How to configure the Dashboard for the connectivity such as DHCP, Active Directory and DNS in ISA Server 2006?

well, it’s pretty easy steps to do. In this example, I will demonstrate on how to cofigure for the AD connectivity. first thing to verify that the Active Directory Server is no downtime.

  • click on Monitoring in the array. you’ll see the dashboard, alerts, sessions, services, configuration, reports,connectivity and logging.
  • Choose connectivity.
  • then, on your right hand of your monitor, you see the tasks pane.
  • on connectivity task pane, click on create new connectivity verifier.
  • then, the welcome wizard will be appeared.
  • type AD-Server just to name the new connectivity verifier
  • click Next.
  • On connection details, type the fullyqualify domain name or server name.
  • in this example, i type “AD-Server.justexample.com”
  • make sure to categorize on Active Directory.
  • On the verification method, it will automatically change to TCP connection to port LDAP which is port 389.

see just like figure below:

i think that would help you..

once you save the change, the dashboard will show “verify” until it shows “good”  if it can reach the Active Directory.

you may follow this step to configure DNS and DHCP as well..

good luck.

Remote Management in ISA Server 2006

Remote Desktop Connection is a tool that most administrator used to remote the servers in the Datacenter.


“Alicia is a server administrator. She would like to implement and install ISA Server 2006 in their network infrastructe. Usually, all servers she’s handle can be remote by her in her desk only. After she installed ISA Server 2006, the remote deskop connection fails.. She suspects that she failed to remote all servers after she installed the ISA Server 2006”.

Possible Solution:

By default, after she finished installing and running the ISA Server in the organization, ISA started to block the remote desktops. Also, the ISA Server also cannot be managed remotely.

The solution is that Alicia must configure the Remote Management Computer properties in the ISA Server Management.

Open the ISA Server Managment and go to the toolbox on the right pane.

Search for the Computer Sets in the network objects. Then choose Remote Management Computer. In the properties, she may add what servers she needs to remote. She can add the ip address range and also subnet that the servers run.

Click Apply for saving the changes.

That’s all…

ISA Server: Create New rule

I would like to show you on how to create new rule to allow all users in the ogranization can connect to the Internet by allowing all outbound traffic. The reason I do this, is to make sure that the users can browse to the internet. After succeed, you may filter or make new rules to deny outbound traffics that comfort to your organization’s needs.

Allowing All user to connect to the internet. Firstly, Go to the Firewall Policy and right-click -> Access Rule

Figure 1

Second step, give a name for the new rule. In my case, i create the rule named “Permit All Outbund Traffic”. .Then, click Next

 Figure 2

In the Rule Action, choose “Allow” -> Click Next

In Protocols, I select “All outbound traffic”. -> Click Next (figure 3)

Figure 3

Next step is to select the Internal network which is a source that access the Internet.So, in Access Rules Source, you click on Add button ->Click on (-ve sign) Network and select Internal and click Add. (just like in Figure 4).

Figure 4

In a destination, you may have to add the external network so that the traffic may going out to the external or to the gateway just like in Figure 5

Figure 5

For a further step, leave as default at the user sets and click next. and finally finish.

please don’t forget to click Apply to save changes in the ISA so that ISA may take the effect for the new rule. For few seconds, all users in the internal network would be able to browse internet.

In my conclusion, it’s not a good idea to allow all users to have access on all outbound traffics. In ISA server, you can make some changes such as to deny AOL or MSN Messenger in your internal LAN.