Publish Access Edge via ISA 2006 RRS feed

  • Question




    I have installed Access Edge servers with 2 NIC as mentioned below.


    External NIC - DMZ IP (Public IP mapped to the DMZ IP)


    Internal IP - LAN IP


    Now the External users were able to login thru internet and were able to chat. But they get an error msg in the communicator saying "Cannot Synchronize Corporate Address Book".


    I have installed ISA 2006 in 2 leg perimter and configured Website publishing rule as given in the OCS Document. But still I am getting the same error. I tried to access https://externalwebfarmfqdn/Abs/Ext/Handler & https://externalwebfarmfqdn/Conf/Ext/Tshott.html but it says page cannot be displayed.


    To configure Commicator external Server address and to publish the Address Book I used different externalFQDN for Example sip.domain.com & abs.domain.com


    please help me to solve the issue







    Tuesday, March 25, 2008 10:59 AM

All replies

  • You should enable logging in ISA server to check what is going on.

    I guess you might have authentication issues


    Tuesday, March 25, 2008 7:46 PM

    Can you please tell me how to check to it.
    Wednesday, March 26, 2008 4:06 AM
  • Sorry Guys,


     I had a problem with my Firewall configuration and now its corrected. But now if I try to browse https://ExternalWebfarmfqdn/Conf/Ext/Tshoot.html its giving an error "Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022) "


    Wednesday, March 26, 2008 7:53 AM

    You have published to your Internal Webserver using SSL bridging

    You must make sure that you enter the correct name for the webserver


    The Name must match the subject name in the Certificate of the webserver

    If you have a SAN (Subject Alternative Name list) I think you need to set it to the first entry in the list


    So if you publish to your internal server "web.contoso.com" with ip x.x.x.x

    Then your internal server must have a certificate that has web.contoso.com in the subject name

    or has web.contoso.com in the first entry of the SAN


    If web.contoso.com is not found in the certificate then you need to specify on that is on the certificate



    Wednesday, March 26, 2008 2:37 PM