> Do you have the same wildcard cert on the exchange server? No
Unless you do some extra work with name resolution, then how do you expect that to work? The public DNS name of your mail server should point to the external interface of the ISA Server. ISA Server then bridges to your Exchange front end/CAS server. You'd need a certificate on the FE/CAS server that matches the name that ISA Server is using to connect to it. ISA Server can not use the public name unless you edit the HOSTS file on the ISA Server Cheers Ken -----Original Message----- From: Glen Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, 20 June 2008 10:35 PM To: NT System Admin Issues Subject: RE: OWA 2003 wildcard cert and isa 2006 Do you have the same wildcard cert on the exchange server? I'll test again tonight when I go in to do some network upgrades and get the exact error. Thanks. Glen. ________________________________ From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Thu 6/19/2008 10:24 PM To: NT System Admin Issues Subject: RE: OWA 2003 wildcard cert and isa 2006 Wildcard certs work just fine on ISA Server 2006 (I'm using one myself right now). Service Principal Names (SPNs) have nothing to do with certs per se. What is the exact error you are getting and from where? Cheers Ken > -----Original Message----- > From: Glen Johnson [mailto:[EMAIL PROTECTED] > Sent: Thursday, 19 June 2008 9:55 PM > To: NT System Admin Issues > Subject: OWA 2003 wildcard cert and isa 2006 > > The subject say it all. We've been successfully running OWA behind ISA > 2006 with a free cert from Startcom but for other reasons we had to > purchase a cert form a more widely trusted authority. > I installed the wildcard cert on the exchange server and tested it > internally and it worked fine. > Exported the cert from exchange and installed it on the ISA box. > Reconfigured the SSL listener to use the new cert but am getting an > error about service principal name when trying to access OWA from > outside the ISA server. > I found several references that this did not work on ISA 2004 and > earlier but is supported on 2006 but no info on what to troubleshoot or > settings to check if it doesn't. > Any suggestions greatly appreciated. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
