locked
Setting up external access for CWA 2007 R2 RRS feed

  • Question

  • We just completed our OCS R2 CWA internal deployment.  Originally we decided that we were only going to use it for internal access only so we created a single internal virtual server and used an internal enterprise CA for the certificate.  We are now getting pressure to open it up for external access so that our blackberry users can use their phones for mobile MOC access.

    We have an ISA 2006 Server in place today for Exchange 2007 OWA and EAS.  We would like to purchase another SSL Cert from DigiCert for CWA but we can't figure out how to generate the CSR on the CWA server or, what we should put in the Subject Name on the CSR along with SAN's.

    From there, is it even possible to use ISA to publish CWA or should we just NAT https://im.domain.com straight through to the internal CWA server?

    Has anyone successfully set up CWA 2007 R2 for external access?  We're in a crunch to get this going within 48 hours so I would appreciate any help.

    Thanks
    Wednesday, March 11, 2009 2:10 AM

All replies

  • ISA Server is the preferred method to present external access to CWA, and a standard HTTPS web listener is used.  To create the certificate request simply use the Certificates snap-in or the certsrv command line, there are multiple walkthroughs online for using these tools.  the specifics of the CWA configuration are covered in the CWA Deployment documentation:
    http://www.microsoft.com/downloads/details.aspx?familyid=62D61142-8AC1-4E56-AFA9-E99801B703F6&displaylang=en
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, March 11, 2009 1:33 PM
    Moderator
  • Here's a link specifically to CWA configuration and certificates for R2: http://technet.microsoft.com/en-us/library/dd441293(office.13).aspx

    By the way, if your primary goal is BES access you don't need to expose CWA externally. The BES access piece actually communicates with the CWA internal virtual server via Windows Integrated auth. And last time I checked I don't think RIM has added support for CWA R2 yet. I think you'll need to stand up an R1 CWA to interface with your BES server if that's your goal.
    Wednesday, March 11, 2009 5:15 PM
  • Thanks for your responses guys.  I'm still a little confused on the external SSL certificate.  We're going to get one from DigiCert and would like to map http://im.domain.com to our ISA box which will then have a web publishing rule on it.  When we create the CSR, what do we put on the Subject Name?  We only have a single CWA server with an internal and external virtual server.

    Appreciate the help.
    Thursday, March 12, 2009 2:37 PM