Module11: OWA
=============
IIS (WEB SERVER):
-iis 5 weak!,has exploit on port 80:"the system can not log
you ,network request is not supported!! lsasrv eventID 5000
-default web site, stop, right click server , new , web site,
give him a path, read permitions, right click your site,
properties, documents tab ,add home.htm, up errow, put a page
in this dir,at operators tab verify that admins r writen. than
start, RUN:http://localhost ,ok.
add internal ip address. cmd: net stop iisadmin /y
-right click your site, properties, on directory security tab
under anonimous access and authenticatin, edit, clear anonimouse
access and integrated windows authentication check boxes,yes-
now u need a password!
-expand server,default web site the exchange folder r:exchweb
,public,exchange
and exadmin. right click 1 of them properties, at directory
security tab| edit
|check only: basic authentication & integrated window
authentication.than edit the basic authentication and browse a
domain| restart iis.
-expand server|protocols|http|exchange virtual server|right click
exchange properties|access tab|click authentication|clear basic
authentication check box,verify that the integrated windows
authentication is selected|ok.
open explorer (from other machine -worked) go to
http://-ip-:/exchange/administrator| go. enter owa and send a message
when owa sits on isa server:
-dont test it without a true connection to the internet with static
ip!
-open servers and arrays|right click test5|properties|incomming web
requests tab
|configure listeners individualy per ip|add|external ip|ok.
-creating destination set:at isa|policy elements|destination set
right click
new set owa|at destination tab click add|at the upper side put the
url or ip
address that the external web clients use to access (dns)and at the
path:
"/exchange/*" (without the brackets) | ok. repeat thease steps with
"/exchweb/*" and "/public/*"
-creating web publishing rule:publishing|web publishing rule|new|
choose specified destination set| owa| at the client type choose any
request|than at rule action choose redirect the request to this
internal web server|give it internal ip(not the server_name)|click
send orginal header to publishing server
instead of actual 1|next|finish.
-services|restart web proxy+firewall.
-also u need to disable Socket pooling: at cmd: cd
c:\inetpub\adminscripts:
cscript adsutil.vbs set w3svc/disablesocketpooling True (watch for
replay)
restart services: iisadmin and www
-for ssl u must create a server publishing rule that uses the https
and than specify the internal owa server-the external ip address as
its default gateway, also web properties directory security|edit|
certificate wizard
-the auto discovery feature of isa server-based server needs to be
disabled:
open test5|properties|auto discovery tab|clear publish automatic
discovery..
-on the desktop right click new shrtcut|add the owa admin url|name
it:my mailbox
-server|protocol|smtp|default smtp virtual server, delivery tab|
advanced |put the domain name or smart host in bracets:
[192.114.47.52]
errors:
-when u try to enter --ip--/exchange the authentication just ignores
your password and after 3 times a blank page opens: u probebly added
a user before a domain name was assighned! so a new user will b able
to enter but not an old user! (also at user properties at AD u can
c the mail difference)
go to ORG1 exchange recipients| change the default smtp address and
refresh: ISA,exchange and AD!
-when u get 2 rows for authentication enter name@domain.co.il
configuring a front end server: (not possible at sbs)
------------------------------
right click server_name |properties|select this is a front
end server|ok.
go to admin tools|services|restart pop3,imap4,www (was your
browser redirectd to your server?)
resetting a server to a back-end server:
---------------------------------------
right click server_name |properties| clear the this is a
front end server|restart the above services
|