- Think Like A Computer - https://www.think-like-a-computer.com -

BIS, ISA and Exchange 2003 OWA Solution

This article is for Microsoft Exchange 2003 and ISA 2004. Go here for the BIS, ISA and Exchange 2007 OWA Solution.

This is caused by ISA 2004 being used to do the authentication and not the exchange box itself. I figured this out by investigating why Blackberry phones work perfectly well with an SBS 2003 server (which has ISA2004 and exchange 2003 installed on them) but not when they are installed on separate servers.

It is all do to with Outlook forms and how the authentication is handled.

When you use Outlook forms for authentication you are prompted with a nice Outlook splash page. At this point you type in your username and password to log in. This feature is enabled by default in a SBS 2003 installation but not with Exchange 2003 on a Windows Standard install. By default (on a win 2k3 std server) you will not get this splash page. Instead you get the grey pop up style box and have to log in this way instead. If you want to allow Outlook forms you must install and configure this component yourself on the exchange box. Now onto ISA….

Out the box ISA comes with Outlook forms (at least I think but it’s been a while….). It is easier and more secure to let ISA do the authentication instead of the Exchange box. By authentication I mean use Outlook forms authentication. Basically you should see the Outlook forms as a separate component to exchange and ISA. It is like an extension or bolt on. What our problem was (and the same problem you will all have) was that the Outlook forms was sitting on the ISA and this meant Outlook form authentication was happening at the ISA and not the exchange box. This is not an issue for users logging in over webmail but it seems to not work with Blackberry. To fix this what you need to do is the following:

1. Disable Outlook forms on the ISA server and just pass https 443 straight through to the exchange box (you can still use a web listener so it will still be secure).

2. Install and configure the Outlook forms on the exchange box instead.

This will give the exact same appearance as what was happening before but the difference is that now the exchange server is doing the Outlook authentication and processing. Your Blackberry’s will now work!

Of course make sure you have the latest service packs and updates before posting your response if this does not work for you…