Have you ever wondered how to properly setup access to OWA 2007 thru ISA 2006 using RSA authentication? Quite honestly, this is not a subject I have spent much time thinking about, but the current work project has required that I do so. Fortunately, there are many articles out there on how to set it up. After completing the initial setup, my personal favorite is this one: http://smtp25.blogspot.com/2009/09/rsa-securid-ready-implementation-guide.html

However, I didn’t find this one at the start, so I got to have some fun and mess around a bit with these 3 components. If you follow Oz’s steps, you shouldn’t see any of these things, but I thought it may be fun to share what can happen if you don’t follow his steps.

1. 106: The Web server is busy. Try again later.

I got the 106: The Web server is busy message because I did not copy the sdconf.rec to the Program Files\Microsoft ISA Server\sdconfig directory.

2. YES! I finally got to my login prompt, but upon entering my username and SecurID passcode and PIN, I saw this: 100: Access denied. RSA ACE/Server rejected the passcode that you supplied. Try again with a valid passcode.

In this case, I received this because I had not copied the SecurID file to the Program Files\Microsoft ISA Server\sdconfig directory.

3. Awesome! Now I see Authentication Success, I’m getting somewhere:

But now I get the following: Error Code: 500 Internal Server Error. The parameter is incorrect. (87)

Looking at the Publishing Rule on ISA, specifically the Web Farm tab, the Requests appear to come from the: option was not set to ISA Server Computer. Upon changing, and applying the ISA configuration, I could access my mailbox using OWA.

Though I am able to get in to OWA, it looks like my rules could use a little tweaking to improve the user experience. Once those are hashed out, I’ll post them.