Accessing OWA thru ISA using RSA

Have you ever wondered how to properly setup access to OWA 2007 thru ISA 2006 using RSA authentication? Quite honestly, this is not a subject I have spent much time thinking about, but the current work project has required that I do so. Fortunately, there are many articles out there on how to set it up. After completing the initial setup, my personal favorite is this one: http://smtp25.blogspot.com/2009/09/rsa-securid-ready-implementation-guide.html

However, I didn’t find this one at the start, so I got to have some fun and mess around a bit with these 3 components. If you follow Oz’s steps, you shouldn’t see any of these things, but I thought it may be fun to share what can happen if you don’t follow his steps.

1. 106: The Web server is busy. Try again later.

I got the 106: The Web server is busy message because I did not copy the sdconf.rec to the Program Files\Microsoft ISA Server\sdconfig directory.

2. YES! I finally got to my login prompt, but upon entering my username and SecurID passcode and PIN, I saw this: 100: Access denied. RSA ACE/Server rejected the passcode that you supplied. Try again with a valid passcode.

In this case, I received this because I had not copied the SecurID file to the Program Files\Microsoft ISA Server\sdconfig directory.

3. Awesome! Now I see Authentication Success, I’m getting somewhere:

But now I get the following: Error Code: 500 Internal Server Error. The parameter is incorrect. (87)

Looking at the Publishing Rule on ISA, specifically the Web Farm tab, the Requests appear to come from the: option was not set to ISA Server Computer. Upon changing, and applying the ISA configuration, I could access my mailbox using OWA.

Though I am able to get in to OWA, it looks like my rules could use a little tweaking to improve the user experience. Once those are hashed out, I’ll post them.

Leave a comment

Filed under Microsoft, Security, Windows Server

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s