cancel
Showing results for 
Search instead for 
Did you mean: 

Customising the EV OWA frontend extension script and proxycfg

Merv
Level 6
Partner

 Hi All,

 

Am facing a problem with EV2007 sp4 OWA implementation. Whenever we run the FrontEnd2003Setup.wsf the OWA frontend authentication breaks. The OWA logon has already been customised to work with a 2 factor authentication product. I've posted this previously but got no where with the integration of the 2 products. So now a different question/ discussion on customising the frontendsetup script.

1. Is anyone familiar with the switches available in FrontEnd2003Setup.wsf and how we can customise the script?We know something in it is causing the OWA logon to break. What I want to do is narrow down which config is doing it and maybe not configure that for now. So we get a "reduced" functionality for OWA for now. Looking throug the script's comments I've listed the switches and the info provided. I'm only familiar with 2 of the switches /remove and /formregdomain.I'm trying to find out which configurations are critical and which are optional - see list below 

2. The other thing is customising the winhttp proxy which EV uses. As I understand it the owa frontend becomes a proxy for the EV server and thus proxycfg displays that the proxy server is set to <local> and the Exchange BE servers are put on the bypass list. I want to amend the proxy bypass list to include the 2-factor authentication server.I've a hunch that the owa server should not proxy connections to the authentication server. Correct me if I'm wrong here.However the script does not have a switch for the proxy bypass but calls a vbs script called proxybypass.vbs. fyi, there are about 16 other vbs scripts which are used in the FrontEnd2003Setup.wsf, i just need to narrow down which one. I'm now working on using proxycfg to configure this.

 

 

Switch

  Help exchange  :  

Exchange virtual server name. No form registrations will be performed

http  :

HTTP virtual server entry id

virtdir  :

Virtual directory alias

formreg  :

Only perform form registrations

formregmbx  :

Mailbox to use for forms registration

formregpf  :

Public folder to use for forms registration

rpcextensions  :

Only install the Enterprise Vault RPC extensions

smtpdomain  :

SMTP domain for mailbox virtual directories

fealias  :

Front end proxy virtual directory alias

bealias  :

Back end proxy virtual directory alias

prefix  :

Prefix for EVOWA virtual directories

formsalias  :

Enterprise Vault forms virtual directory alias

proxyfolder  :

Proxy files install folder

formsfolder  :

Forms files install folder

formregdomain  :

SMTP domain to use in form registrations

logondomain  :

Default logon domain

basicdomain  :

Basic authentication domain

gc  :

FQDN of global catalog server to use for LDAP queries

fileurls  :

Use file urls for form registration

remove  : Remove configuration

 

2 REPLIES 2

Paul_Grimshaw
Level 6
Employee Accredited Certified

The front end wsf does not have any switches or very few and the switches you mention are for the backend wsf as this is where all of the work is done in regards to registering the forms into exchange.

On the FE all's we do is proxy the request to the BE server through the enterprisevaultproxy virtual directory. The actual work is performed on the BE server.

Without having more details on your exact problem or any logging information unfortunately I cannot give you any advice as to where authentication is breaking down.

Regarding the proxy you can run the command procycfg -d -p "<local>" * which essentially means that it will let anything through. This list should really be populated with all of the combinations necesaary of your BE Server/servers.

ie Alias, hostname, ip address

Best thing would be to configure logging in the backendsetup2003.wsf.log and frontendsetup2003.wsf.log files open a support case for analysis if looking in the log files that should be created does not point to an obvious issue

Merv
Level 6
Partner

Hi Paul

Ok so the switches are  for backend. Anyway the good news for us I've tried the proxycfg  with the command proxycfg-d -p "local" * and now got my 2 factor authentication working! /using proxcfg -d also works. Thanks for the tip. It was actually what me and my team members were guessing on too.

Now whats the impact on EV and on security in general if we were to proxy bypass "*". The previous setting on the OWA server was just direct and no proxy anyway. Also tried putting the 2 factor authentication hostname in but that also gives an error with the logon.

I've also tested EV functionality and all seems ok for now. Doing more regressive testing now to confirm. Thanks again for your response. Have got case number sym Case # 320-168-508 opened with both AP and UK support but I think you should take the credit.Thanks again.

Merv