Exchange Server

Configure ISA to Publish OWA

How can I configure Internet Security and Acceleration Server to publish OWA on an Internal Exchange Server?

The ISA Server allows for traditional mail server protocols (SMTP, POP3, IMAP4, and so on) to be published easily under the Server Publishing Rules node. However, no ISA Server wizard automates publishing an internal mail server that allows mail retrieval by using the Hypertext Transfer Protocol (HTTP). 

This article assumes that the following prerequisites are in effect:

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

  1. You are running ISA Server in firewall mode and there are at least two network interfaces.

  2. Outlook Web Access (OWA) for Exchange Server 5.5 or Exchange 2000 Server is accepting HTTP requests within the internal network.

To configure ISA Server to allow external clients to access the internal OWA server, perform the following four steps:

  1. Enable an HTTP listener on ISA Server:

  1. In the ISA Management console, expand Servers and Arrays, right-click the ISA Server, and then click Properties.

  1. Click the Incoming Web Requests tab, and then click Configure listeners individually per IP address.

  1. Click Add, and click the ISA Server name in the list box in the Add/Edit Listeners dialog box. Enter the IP address that is assigned to one of the external network interface cards (NICs).

  1. Click OK to close the dialog box, and then click OK again to save changes.

  1. Create a destination set that can point the Web clients to the appropriate folders that are used by the OWA Web site:

  1. Open the ISA Management console, expand the ISA Server-based server, and then click the Policy Elements section.

  2. Expand the Policy Elements section, right-click the Destination Set folder, click New, and then click Set. You are prompted to name the new destination set; name the new destination set "OWA".

  1. In the Destination box, enter the Uniform Resource Locator (URL) that the external Web clients use to access OWA. This URL resolves the Internet Domain Name System (DNS) name to the external IP address on the ISA Server-based server.

Note: Do not include the "http://" or the "https://" portion of the URL in the Destination box.

  1. In the Path box, type: /exchange*, and then click OK.

  2. Repeat step d for the Exchweb and Public folders, adding the path for each as /exchweb* and /public* respectively.

  1. Create a Web Publishing Rule:

  1. Expand the ISA Server to the Publishing heading.

  2. Under Publishing, right-click Web Publishing Rules, click New, and then click Rule.

  1. Give a descriptive name to this rule, and then click Next.

  1. Apply the rule to the specified destination set that you created in step 2, and then click Next.

  1. Click Next to accept Any Request.

  1. Click Redirect the request to this Internal Web Server, and then enter the IP address of the internal server.

  1. Click to select the Send the original host header check box, click Next, and then click Finish.

  2. Open the Services Microsoft Management Console, and then right-click the ISA Server Control. Click Restart, and then click Yes to restart all dependent services.

  1. Repeat Steps 1 to 3 for any additional hosted domains. Each additional hosted domain that corresponds to a different internal Exchange Server should be registered on a different IP address on the external NIC of the ISA Server.

Note: If the "back-end" Exchange server does not hold the Web client’s mailbox, the redirection does not work. If you have a farm of Exchange 2000 servers that share the same e-mail domain namespace, it is not recommended that you use ISA as a "front-end" server.

Related articles

You may find these related articles of interest to you:


How to Configure Internet Security and Acceleration Server to Publish an Internal Exchange Server – 308599

How to Publish Outlook Web Access Behind Internet Security and Acceleration Server – 290113

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: