RE: Setting UP Microsoft OWA

["BYRD,GREGORY (HP-Boise,ex1)" <gregory.byrd () hp com>]

Bill,

If you check the Default Web Site, under IIS, you'll see that it is
protected by SecurID.  Since this is protected by the SecurID Watchdog ISAPI
filter (verify this by looking in the ISAPI filter tab), any attempt to
connect to your server (URL or URL/Exchange/), users will be directed to the
SecurID login web page.  I haven't tried all of the following steps (only
the first couple during testing), but I think it should work.  

What you might try doing is under the RSA SecurID tab in ISM (for the
Default Web Site), uncheck the "protect this resource" option, save and
restart IIS.  Now if you connect to URL, you should see the default IIS 5
"under construction" web page.  With this in mind, you should now be able to
add a virtual site, with the Exchange, Exchweb, and Public access points for
OWA access.  You'll need to remove the "under construction" web page and
replace it with a script that redirects connections to the default web site,
to the new virtual site (you'll also need to have this virtual web site
named something other than exchange, because all web connections to
URL/exchange will bind to SecurID).  In addition, you'll also have to
populate the new virtual web site's Exchange, Exchweb, and Public areas with
necessary data (ASP scripts, etc) to connect to Exchange, and I think you'll
need to bind this to a different port than 80 or 443 (something other than
SecurID is binding to).  And lastly, make sure you to all this to a test
server, or you'll have lots of angry folks who can't get to their e-mail. ;)


So with all this in mind, is it really worth the hassle and potential
troubleshooting time (when it breaks), not to put in an internal OWA server?
Just a thought.  Any who, I hope this helps.

Cheers,
Greg

-----Original Message-----
From: Wright, Bill [mailto:bwright () ny whitecase com]
Sent: Wednesday, June 18, 2003 2:28 PM
To: security-basics () securityfocus com
Subject: Setting UP Microsoft OWA


We have an OWA server in the DMZ that is integrated with SecureID for
outside
users to check their email, but if we access that page internally we also
get
the secureid prompt even though were "trusted".  Is there a way to set up
two
websites with OWA running on the same server, 'outside' requests would
prompt
for secureid and the 'inside' requests wouldn't.  Thanks for all the help.

Bill
Infrastructure Engineer


============================================================================
=
This e-mail communication is confidential and is intended only for the
individual(s) or entity named above and others who have been specifically
authorized to receive it. If you are not the intended recipient, please do
not read, copy, use or disclose the contents of this communication to
others. Please notify the sender that you have received this e-mail in error
by replying to the e-mail or by telephoning (212) 819-8200 during the hours
of 9:30am - 5:30pm (EST). Any other time please call (212) 819-7664. Please
then delete the e-mail and any copies of it. Thank you. 

============================================================================
==


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------