This article was previously published under Q290113
This article describes how to configure Internet Security and Acceleration (ISA) Server to enable Web access to Microsoft Exchange mailboxes by using Outlook Web Access (OWA), when Exchange is behind an ISA Server-based server.
Although you must use these steps on standalone ISA installations, on Small Business Server 2000 you can run the SBS Internet Connection Wizard to configure ISA and OWA automatically. To run the Wizard, click Start, click Run, type icw, and then click OK.
For additional information about how to use the Internet Connection Wizard to configure an SBS network, click the following article number to view the article in the Microsoft Knowledge Base:
306802 How to configure Small Business Server for full time Internet access with two network adapters
To configure Internet Security and Acceleration (ISA) Server to enable Web access to Microsoft Exchange mailboxes by using Outlook Web Access (OWA), when Exchange is behind the ISA Server-based server:
Configure the ISA Server-based server to accept incoming Web requests on the external interface:
Open the ISA Management console, expand the Servers and Arrays icon, right-click the ISA Server-based server, and then click Properties.
Click the Incoming Web Requests tab, and then click Configure listeners individually per IP address.
Click Add, and then click the ISA Server-based server and the external Internet Protocol (IP) address of the ISA Server-based server from the available lists. This step can specify the IP address and port that the server uses to respond to Hypertext Transfer Protocol (HTTP) requests.
Click OK when finished.
Click OK to return to the ISA Management console.
Create a destination set that can point the Web clients to the appropriate folders that are used by the OWA Web site:
Open the ISA Management console, expand the ISA Server-based server, and then click the Policy Elements section.
Expand the Policy Elements section, right-click the Destination Set folder, click New, and then click Set. You are prompted to name the new destination set; name the new destination set "OWA".
In the Destination box, enter the Uniform Resource Locator (URL) that the external Web clients use to access OWA. This URL resolves the Internet Domain Name System (DNS) name to the external IP address on the ISA Server-based server.
NOTE: Do not include the "http://" or the "https://" portion of the URL in the Destination box.
In the Path box, type: /exchange*, and then click OK.
Repeat step d for the Exchweb and Public folders, adding the path for each as /exchweb* and /public* respectively.
Configure the Web Publishing rule to use the policy element that you previously created:
Expand the Publishing heading, right-click Web Publishing Rules, click New, and then click Rule.
For the name, type: OWA Access Rule, and then click Next.
In the box, click the specified destination set, click the OWA Exchange set that had been previously created, and then click Next.
Apply the rule to Any Request, and then click Next.
Click Redirect the request to this internal Web Server and enter either the name or the internal IP address of the server that is running OWA.
NOTE: If ISA and OWA are installed on the same server, such as on Small Business Server 2000, you must specify the server's internal IP address here instead of the server name. Otherwise, the name may resolve to the server's external IP address, which would cause OWA to be unavailable from outside the network.
Click to select the Send the original header to publishing server instead of the actual one check box, and then click Next.
Expand the Monitoring icon in the ISA Management console, and then click Services.
Stop and restart the Web proxy service and the Firewall service. To do this, right-click the service, click Stop, and then start the service from the menu.
To access the server, open your Web browser and then type http://URL/exchange in the Address box, where URL is the URL that you typed in the Destination box in step 2.
If OWA is set to use Secure Sockets Layer (SSL), you can also create a Server Publishing rule that uses the Secure Hypertext Transfer Protocol (HTTPS) server protocol definition, and then specify the internal OWA server and external IP address of the ISA Server-based server. (The OWA server must use the ISA Server-based server as its default gateway.)
To host OWA on the ISA Server-based server, you need to disable the Socket Pooling feature. The Socket Pooling feature is enabled, by default, in Microsoft Internet Information Services (IIS) version 5.0, and forces IIS to bind to Transmission Control Protocol (TCP) port 80 on all IP addresses.
For additional information about how to disable the Socket Pooling feature, click the following article number to view the article in the Microsoft Knowledge Base:
After you have disabled the Socket Pooling feature, you need to configure the OWA Web site to listen on the internal interface for HTTP requests. To do so, start the Internet Services Manager, right-click the Web site that is hosting OWA, and then click Properties. Select the internal address of the ISA Server-based server from the list of IP addresses, and then specify the TCP port that you want the Web site to listen on (TCP port 80, by default). This step is required whenever IIS is running on the same server as ISA Server. If IIS is not needed on the ISA Server-based server, you can uninstall IIS.
NOTE: The Auto Discovery feature of the ISA Server-based server needs to be disabled if the Web site is configured to respond to requests on TCP port 80. To disable Auto Discovery, open the ISA Management console, right-click the ISA Server-based server, and then click Properties. In the dialog box that is displayed, click the Auto Discovery tab, click to clear the Publish automatic discovery information check box, and then click OK.
When the preceding steps are completed, create a Web listener, destination set, and Web Publishing rule as previously outlined.