Troubleshooting OWA 2007 Publishing Rules on ISA Server 2006

ISA Server Product Team Blog

The article outlines the most common authentication methods and certificate consideration as well as steps to troubleshoot the 6 most common ISA Server issues (summary below).

Scenario 1: Users are re-prompted for authentication after entering username and password on the ISA FBA logon page.
Resolution: Verify that FBA is only enabled on the CAS or ISA Server.

Scenario 2: Users receive the error "Target Principle name is incorrect" after entering credentials on the FBA form.
Resolution: Verify the certificate name, the CAS name referenced on the ISA rule, and make sure the ISA server can resolve the CAS FQDN to an IP.

Scenario 3: Typing in the OWA URL without using /owa gives "403 Access Forbidden" error
Resolution: The ISA paths only allow for access to OWA with /owa. Either update the allowed paths or use /owa in the URL.

Scenario 4: After logging into OWA users receive a "404 Not Found" error and ISA logs show a "Failed connection attempt" error
Resolution: Make sure that the ISA server can resolve the CAS FQDN to an IP, use telnet to connect to the FQDN and check if you get a response, and enable logging.

If you see a "Failed connection attempt" error in the ISA logs, also check for connection issues between ISA and the CAS such as closed or restricted ports, do a network trace, and check the IIS logs to see if the connection was received.

Scenario 5: Users get a "10061 Connection Refused" error after logging into OWA.
Resolution: Make sure that the port on the Bridging tab used by ISA to connect to Exchange matches the port configured on the OWA website in IIS. In this scenario, the ISA logs will show a "Failed connection attempt" error.

Scenario 6: When connecting to OWA via ISA users can login but all the buttons are disabled on a new message form. The issue does not occur when connecting to the Exchange Server directly.
Resolution: Verify if you have other 3rd party ISAPI filters on the OWA website.

To access the full article, go to

Use Ctrl+Shift+R to "Reply all" to the selected message.


Will tablet and Smart phone use be a big part of your OWA 2013 deployment?