Wednesday, September 2, 2009

RSA & OWA ( 2007) Two Factor Authentication with ISA 2006

Here is part two we continue troubleshooting the implementation RSA & ISA 2006 Exchange 2007 CAS servers.

As I said earlier on part I, don't bother to pock around if you cannot make the SDTEST.exe

Because, rest of the steps wont work and you will at the end need local secret to be copied from.

In previous post we were getting “106-web-server-is-busy-try-again” and when we try to use SDTEST.exe from ISA 2006 Server we start getting

Problem: cannot communicate with RSA ACE/Server

Possible cause: you have two NIC Cards on the ISA server one is Public other one is Internal Communication. The test utility does not know how to use the Internal NIC and using External NIC and hence cannot even start communication with RSA server. If you go to Application event log you will notice ACECLIENT errors as fallows

image

make sure the SDTEST and does know which interface to use so add static route to your ISA Servers as needed. ( see Part 1 for details)

if static route is there and you are getting this time “Access Denied” yet you do know the user name and postcode is correct check the fallowing

image

Add the following String Value registry entry on each ISA Array Member restart “wspsrv.exe”

  • PrimaryInterfaceIP
  • HKEY_LOCAL_MACHINE\Software\SDTI\AceClient
  • Where the string value of PrimaryInterfaceIP is the IP address assigned to the interface that communicates with the RSA Server.

image

image

After restarting firewall service test once more , bingo it works

image

oz Casey Dedeal,

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.worldpress.com (Blog

No comments: