Tuesday, September 1, 2009

RSA with OWA 106: The Web server is busy.

I am in the process of configuring RSA with OWA 2007 , ISA server and posting some of experiences as I face them

here is the error “106-web-server-is-busy-try-again” this one is real generic and if you Google you will get several hits and scenarios how to deal with below situation….

image

The best way in my opinion is to deal with error above fallow the tips below and save time and headache to yourself

I assume you are using as fallow

  • ISA server ( or servers)
  • CAS server ( or servers)
  • RSA / ACE Server ( servers)

The goal is

  • Enable RSA token with OWA to accomplish two way authentication

First before you do anything ask your RSA Admin guy to give you SDCONF.REC  file. This file contains the source IP addresses ( ISA servers) destination IP addresses for RSA servers  and some other authentication information to make the  RSA work.

Once you get this file copy  the file on the ISA servers below directories

  • Windows\System32 folder
  • C:\Program Files\Microsoft ISA Server\sdconfig directories

Now download RSA Test Authentication Utility or Internet Security and Acceleration (ISA) Server 2006

RSA Test Authentication

image

Now you need to extract the files and place them to this directory

  • C:\Program Files\Microsoft ISA Server ( assume you install ISA binaries on C drive if not change it accordingly

now find  sdtest.exe  in this directory and double click on it

image

image

Now click on the RCA ACE /Server Test Directly

image

if you are having problem it might be ISA server or remember in DMZ firewall needs to be configured allow access from ISA server to RSA server UDP port 5500, this is mentioned ion the RSA implementation paper, if you have done all these move on with below scenario

ISA is blocking traffic or  your test does not even getting to RSA servers because, ISA has two legs one is external interface one id internal interface, most likely your RSA server sitting inside and you have to add static route to ISA servers as fallows

image

issue route print

172.26.7.197  gateway for internal network

172.26.114.202 ISA server IP


route add 172.26.114.202 mask 255.255.255.255 172.26.7.197 –p

after this go to ISA Server click on networks

image

click on Addresses , use Add range

image

image

  • insert the IP addresses of RSA server to allow communication

Now you test should work and you should be ready to move on second step

I will post part two for the rest of the work

download RSA Guide

  image

oz Casey Dedeal,

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.worldpress.com (Blog

No comments: