Security Basics mailing list archives
RE: Setting UP Microsoft OWA
From: "BYRD,GREGORY (HP-Boise,ex1)" <gregory.byrd () hp com>
Date: Wed, 18 Jun 2003 21:13:18 -0700
Bill, If you check the Default Web Site, under IIS, you'll see that it is protected by SecurID. Since this is protected by the SecurID Watchdog ISAPI filter (verify this by looking in the ISAPI filter tab), any attempt to connect to your server (URL or URL/Exchange/), users will be directed to the SecurID login web page. I haven't tried all of the following steps (only the first couple during testing), but I think it should work. What you might try doing is under the RSA SecurID tab in ISM (for the Default Web Site), uncheck the "protect this resource" option, save and restart IIS. Now if you connect to URL, you should see the default IIS 5 "under construction" web page. With this in mind, you should now be able to add a virtual site, with the Exchange, Exchweb, and Public access points for OWA access. You'll need to remove the "under construction" web page and replace it with a script that redirects connections to the default web site, to the new virtual site (you'll also need to have this virtual web site named something other than exchange, because all web connections to URL/exchange will bind to SecurID). In addition, you'll also have to populate the new virtual web site's Exchange, Exchweb, and Public areas with necessary data (ASP scripts, etc) to connect to Exchange, and I think you'll need to bind this to a different port than 80 or 443 (something other than SecurID is binding to). And lastly, make sure you to all this to a test server, or you'll have lots of angry folks who can't get to their e-mail. ;) So with all this in mind, is it really worth the hassle and potential troubleshooting time (when it breaks), not to put in an internal OWA server? Just a thought. Any who, I hope this helps. Cheers, Greg -----Original Message----- From: Wright, Bill [mailto:bwright () ny whitecase com] Sent: Wednesday, June 18, 2003 2:28 PM To: security-basics () securityfocus com Subject: Setting UP Microsoft OWA We have an OWA server in the DMZ that is integrated with SecureID for outside users to check their email, but if we access that page internally we also get the secureid prompt even though were "trusted". Is there a way to set up two websites with OWA running on the same server, 'outside' requests would prompt for secureid and the 'inside' requests wouldn't. Thanks for all the help. Bill Infrastructure Engineer ============================================================================ = This e-mail communication is confidential and is intended only for the individual(s) or entity named above and others who have been specifically authorized to receive it. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others. Please notify the sender that you have received this e-mail in error by replying to the e-mail or by telephoning (212) 819-8200 during the hours of 9:30am - 5:30pm (EST). Any other time please call (212) 819-7664. Please then delete the e-mail and any copies of it. Thank you. ============================================================================ == --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Setting UP Microsoft OWA Wright, Bill (Jun 18)
- <Possible follow-ups>
- RE: Setting UP Microsoft OWA BYRD,GREGORY (HP-Boise,ex1) (Jun 19)
- RE: Setting UP Microsoft OWA DeGennaro, Gregory (Jun 19)