Hi We have a Windows 2008 server with Exchange 2007 CAS and HubTransport Role and another server with Exchange 2007 Mailbox Role. Acquire a public certificate Digicert to use the same certificate with the services of OCS and Exchange. The information shown below: The name of the new public certificate is oa.mydomain.com The Subject Alternate Name for Exchange and OCS services: Owa,ActiveSync,RPC over HTTP --> oa.mydomain.com Autodiscover --> autodiscover.mydomain.com And sip.mydomain.com av.mydomain.com webconf.mydomain.com abs.mydomain.com ocweb.mydomain.com ocs.mydomain.com the name of the previous certificate was generated by a Windows Authority to be used only by the Exchange which has the following information: Name of internal certificate: Oa.mydomain.com Subject Alternate Name: oa.mydomain.com autodiscover.mydomain.com dominio.local cas.dominio.local cas mydomain.com with internal certificate installed on the ISA and Exchange everything works fine, but when you install the public certificate in the ISA server, it works fine internet connection from ActiveSync and OWA, but the RPC over HTTP prompts for credentials from the Internet forever . In the LAN if it works. When I run a test to Exchange services shows that: [PS] C:\Documents and Settings\Administrator>Test-OutlookWebServices | fl Id : 1003 Type : Information Message : About to test AutoDiscover with the e-mail address exchusrci@mydomain.com. Id : 1007 Type : Information Message : Testing server SDIVINFEXGCAF.DOMINIO.LOCAL with the published name https://sdivinfexgcaf.dominio.local/EWS/Exchange.asmx & https://oa.mydomain.com/EWS/Exchange.asmx. Id : 1019 Type : Information Message : Found a valid AutoDiscover service connection point. The AutoDiscover URL on this object is https://SDIVINFEXGCAF.DOMINIO.LOCAL/Autodiscover/Autodiscover.xml Id : 1006 Type : Information Message : The Autodiscover service was contacted at https://SDIVINFEXGCAF.DOMINIO.LOCAL/Autodiscover/Autodiscover.xml. Id : 1016 Type : Success Message : [EXCH]-Successfully contacted the AS service at https://sdivinfexgcaf.dominio.local/EWS/Exchange.asmx. The elapsed time was 62 milliseconds. Id : 1015 Type : Success Message : [EXCH]-Successfully contacted the OAB service at https://sdivinfexgcaf.dominio.local/EWS/Exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Success Message : [EXCH]-Successfully contacted the UM service at https://sdivinfexgcaf.dominio.local/UnifiedMessaging/Service.asmx. The elapsed time was 15 milliseconds. Id : 1013 Type : Error Message : When contacting https://oa.mydomain.com/EWS/Exchange.asmx received the error The remote server returned an error: (407) Proxy Authentication Required. Id : 1016 Type : Error Message : [EXPR]-Error when contacting the AS service at https://oa.mydomain.com/EWS/Exchange.asmx. The elapsed time was 15 milliseconds. Id : 1015 Type : Success Message : [EXPR]-Successfully contacted the OAB service at https://oa.mydomain.com/EWS/Exchange.asmx. The elapsed time was 0 milliseconds. Id : 1014 Type : Information Message : [EXPR]-The UM is not configured for this user. Id : 1013 Type : Error Message : When contacting https://oa.mydomain.com/Rpc received the error The remote server returned an error: (407) Proxy Authentication Required. Id : 1017 Type : Error Message : [EXPR]-Error when contacting the RPC/HTTP service at https://oa.mydomain.com/Rpc. The elapsed time was 0 milliseconds. Id : 1006 Type : Success Message : The Autodiscover service was tested successfully. Id : 1021 Type : Information Message : The following web services generated errors. As, in EXPR Contacting server in EXPR Please use the prior output to diagnose and correct the errors. And when I run Autoconfiguration TEST E-mail in Outlook from the Internet shows me the following error: Log: Autodiscover to https://mydomain.com/autodiscover/autodiscover.xml starting Autodiscover to https://mydomain.com/autodiscover/autodiscover.xml Failed (0x800C8203) Autodiscover to https://autodiscover.mydomain.com/autodiscover/autodiscover.xml starting Autodiscover request completed with http status code 403 Autodiscover to https://autodiscover.mydomain.com/autodiscover/autodiscover.xml Failed (0x80004005) Local autodiscover for mydomain.com starting Local autodiscover for mydomain.com Failed (0x8004010F) Redirect check to http://autodiscover.mydomain.com/autodiscover/autodiscover.xml starting Srv Record lookup for http://autodiscover.mydomain.com/autodiscover/autodiscover.xml Failed (0x80072EE2) Srv Record lookup for mydomain.com starting Srv Record lookup for mydomain.com Failed (0x8004010F) but owa y Active Sync We found an article that intends to make these changes in the configuration of Exchange 2007 and its service URL, but how this would affect the internal services by placing InternalURL options https://oa.mydomain.com instead of the URL with internal name of the CAS server https://cas.dominio.local. Making these changes can affect our internal services? we will have to make changes in our desktops? the certificate can be created with the CA internal Windows on the Exchange and the public certificate only in the ISA? or required to be installed in both ISA and Exchange servers? Suggested solution: 1. Change the External and Internal URLs for your Autodiscover services to point to oa.mydomain.com, is my domain name external. a. For OAB use Set-OABVirtualDirectory –externalURL https://oa.mydomain.com/oab –InternalURL https://oa.mydomain.com/oab b. For EWS (Exchange Web Services) use: Set-WebServicesVirtualDirectory –externalurl https://oa.mydomain.com/EWS/Exchange.asmx –internalurl https://oa.mydomain.com/EWS/Exchange.asmx c. For UM (if you have it) use Set-UMVirtualDirectory –externalurl https://oa.mydomain.com/UnifiedMessaging/Service.asmx –internalurl https://oa.mydomain.com/UnifiedMessaging/Service.asmx 3. Configure the Service connection point to use the oa.mydomain.com address. Use the command: Set-ClientAccessServer -id <cas server> -AutoDiscoverServiceInternalUri https://oa.mydomain.com/autodiscover/autodiscover.xml Regards Ftorres

It looks like you have a problem with publishing the Exchange 2007 through the ISA correctly (assuming you published the correct A records at your DNS provider). Follow this article and also make sure your ISA is updated to the latest SP and patches.: http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-using-2006-ISA-Firewall-Part1.html Yanir Ben-Nun / System Team Leader / IT / IS Professional