Tuesday, September 1, 2009

RSA with OWA 106: The Web server is busy.

I am in the process of configuring RSA with OWA 2007 , ISA server and posting some of experiences as I face them

here is the error “106-web-server-is-busy-try-again” this one is real generic and if you Google you will get several hits and scenarios how to deal with below situation….


The best way in my opinion is to deal with error above fallow the tips below and save time and headache to yourself

I assume you are using as fallow

  • ISA server ( or servers)
  • CAS server ( or servers)
  • RSA / ACE Server ( servers)

The goal is

  • Enable RSA token with OWA to accomplish two way authentication

First before you do anything ask your RSA Admin guy to give you SDCONF.REC  file. This file contains the source IP addresses ( ISA servers) destination IP addresses for RSA servers  and some other authentication information to make the  RSA work.

Once you get this file copy  the file on the ISA servers below directories

  • Windows\System32 folder
  • C:\Program Files\Microsoft ISA Server\sdconfig directories

Now download RSA Test Authentication Utility or Internet Security and Acceleration (ISA) Server 2006

RSA Test Authentication


Now you need to extract the files and place them to this directory

  • C:\Program Files\Microsoft ISA Server ( assume you install ISA binaries on C drive if not change it accordingly

now find  sdtest.exe  in this directory and double click on it



Now click on the RCA ACE /Server Test Directly


if you are having problem it might be ISA server or remember in DMZ firewall needs to be configured allow access from ISA server to RSA server UDP port 5500, this is mentioned ion the RSA implementation paper, if you have done all these move on with below scenario

ISA is blocking traffic or  your test does not even getting to RSA servers because, ISA has two legs one is external interface one id internal interface, most likely your RSA server sitting inside and you have to add static route to ISA servers as fallows


issue route print  gateway for internal network ISA server IP

route add mask –p

after this go to ISA Server click on networks


click on Addresses , use Add range



  • insert the IP addresses of RSA server to allow communication

Now you test should work and you should be ready to move on second step

I will post part two for the rest of the work

download RSA Guide


oz Casey Dedeal,

MVP (Exchange)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.worldpress.com (Blog

No comments: