This article describes how to configure Internet Security
and Acceleration (ISA) Server to enable Web access to Microsoft Exchange
mailboxes by using Outlook Web Access (OWA), when Exchange is behind an ISA
Although you must use these steps on standalone
ISA installations, on Small Business Server 2000 you can run the SBS Internet
Connection Wizard to configure ISA and OWA automatically. To run the Wizard,
, click Run
, type icw
, and then click OK
For additional information about how to use the Internet Connection Wizard
to configure an SBS network, click the following article number to view the article in the Microsoft Knowledge Base:
How to configure Small Business Server for full time Internet access with two network adapters
To configure Internet Security and Acceleration (ISA)
Server to enable Web access to Microsoft Exchange mailboxes by using Outlook
Web Access (OWA), when Exchange is behind the ISA Server-based server:
- Configure the ISA Server-based server to accept incoming
Web requests on the external interface:
- Open the ISA Management console, expand the Servers and Arrays icon, right-click the ISA Server-based server, and then click Properties.
- Click the Incoming Web Requests tab, and then click Configure listeners individually per
- Click Add, and then click the ISA Server-based server and the external
Internet Protocol (IP) address of the ISA Server-based server from the
available lists. This step can specify the IP address and port that the server
uses to respond to Hypertext Transfer Protocol (HTTP) requests.
- Click OK when finished.
- Click OK to return to the ISA Management console.
- Create a destination set that can point the Web clients to
the appropriate folders that are used by the OWA Web site:
- Open the ISA Management console, expand the ISA
Server-based server, and then click the Policy Elements section.
- Expand the Policy Elements section, right-click the Destination Set folder, click New, and then click Set. You are prompted to name the new destination set; name the new
destination set "OWA".
- In the Destination box, enter the Uniform Resource Locator (URL) that the external
Web clients use to access OWA. This URL resolves the Internet Domain Name
System (DNS) name to the external IP address on the ISA Server-based
NOTE: Do not include the "http://" or the "https://" portion of the
URL in the Destination box.
- In the Path box, type: /exchange*, and then click OK.
- Repeat step d for the Exchweb and Public folders,
adding the path for each as /exchweb* and
- Configure the Web Publishing rule to use the policy element
that you previously created:
- Expand the Publishing heading, right-click Web Publishing Rules, click New, and then click Rule.
- For the name, type: OWA Access
Rule, and then click Next.
- In the box, click the specified destination set, click
the OWA Exchange set that had been previously created, and then click Next.
- Apply the rule to Any Request, and then click Next.
- Click Redirect the request to this internal Web
Server and enter either the name or the internal IP address of the
server that is running OWA.
NOTE: If ISA and OWA are installed on the same server, such as on Small
Business Server 2000, you must specify the server's internal IP address here
instead of the server name. Otherwise, the name may resolve to the server's
external IP address, which would cause OWA to be unavailable from outside the
- Click to select the Send the original header to
publishing server instead of the actual one check box, and then click Next.
- Click Finish.
- Expand the Monitoring icon in the ISA Management console, and then click Services.
- Stop and restart the Web proxy service and the Firewall
service. To do this, right-click the service, click Stop, and then start the service from the menu.
- To access the server, open your Web browser and then
type http://URL/exchange in
the Address box, where URL is the URL that you typed
in the Destination box in step 2.
If OWA is set to use Secure Sockets Layer (SSL), you can also
create a Server Publishing rule that uses the Secure Hypertext Transfer
Protocol (HTTPS) server protocol definition, and then specify the internal OWA
server and external IP address of the ISA Server-based server. (The OWA server
must use the ISA Server-based server as its default gateway.)
OWA on the ISA Server-based server, you need to disable the Socket Pooling
feature. The Socket Pooling feature is enabled, by default, in Microsoft
Internet Information Services (IIS) version 5.0, and forces IIS to bind to
Transmission Control Protocol (TCP) port 80 on all IP addresses.
For additional information about how to disable the Socket Pooling feature, click the following article number to view the article in the Microsoft Knowledge Base:
How to disable socket pooling
After you have disabled the Socket Pooling feature,
you need to configure the OWA Web site to listen on the internal interface for
HTTP requests. To do so, start the Internet Services Manager, right-click the
Web site that is hosting OWA, and then click Properties
. Select the internal address of the ISA Server-based server from
the list of IP addresses, and then specify the TCP port that you want the Web
site to listen on (TCP port 80, by default). This step is required whenever IIS
is running on the same server as ISA Server. If IIS is not needed on the ISA
Server-based server, you can uninstall IIS.NOTE
: The Auto Discovery feature of the ISA Server-based server needs
to be disabled if the Web site is configured to respond to requests on TCP port
80. To disable Auto Discovery, open the ISA Management console, right-click the
ISA Server-based server, and then click Properties
. In the dialog box that is displayed, click the Auto Discovery
tab, click to clear the Publish automatic discovery
check box, and then click OK
When the preceding steps are completed, create a Web
listener, destination set, and Web Publishing rule as previously outlined.