03-05-2009 04:06 AM
Hi All,
Am facing a problem with EV2007 sp4 OWA implementation. Whenever we run the FrontEnd2003Setup.wsf the OWA frontend authentication breaks. The OWA logon has already been customised to work with a 2 factor authentication product. I've posted this previously but got no where with the integration of the 2 products. So now a different question/ discussion on customising the frontendsetup script.
1. Is anyone familiar with the switches available in FrontEnd2003Setup.wsf and how we can customise the script?We know something in it is causing the OWA logon to break. What I want to do is narrow down which config is doing it and maybe not configure that for now. So we get a "reduced" functionality for OWA for now. Looking throug the script's comments I've listed the switches and the info provided. I'm only familiar with 2 of the switches /remove and /formregdomain.I'm trying to find out which configurations are critical and which are optional - see list below
2. The other thing is customising the winhttp proxy which EV uses. As I understand it the owa frontend becomes a proxy for the EV server and thus proxycfg displays that the proxy server is set to <local> and the Exchange BE servers are put on the bypass list. I want to amend the proxy bypass list to include the 2-factor authentication server.I've a hunch that the owa server should not proxy connections to the authentication server. Correct me if I'm wrong here.However the script does not have a switch for the proxy bypass but calls a vbs script called proxybypass.vbs. fyi, there are about 16 other vbs scripts which are used in the FrontEnd2003Setup.wsf, i just need to narrow down which one. I'm now working on using proxycfg to configure this.
Switch
Help exchange :Exchange virtual server name. No form registrations will be performed
http :HTTP virtual server entry id
virtdir :Virtual directory alias
formreg :Only perform form registrations
formregmbx :Mailbox to use for forms registration
formregpf :Public folder to use for forms registration
rpcextensions :Only install the Enterprise Vault RPC extensions
smtpdomain :SMTP domain for mailbox virtual directories
fealias :Front end proxy virtual directory alias
bealias :Back end proxy virtual directory alias
prefix :Prefix for EVOWA virtual directories
formsalias :Enterprise Vault forms virtual directory alias
proxyfolder :Proxy files install folder
formsfolder :Forms files install folder
formregdomain :SMTP domain to use in form registrations
logondomain :Default logon domain
basicdomain :Basic authentication domain
gc :FQDN of global catalog server to use for LDAP queries
fileurls :Use file urls for form registration
remove : Remove configuration
03-05-2009 06:16 PM
The front end wsf does not have any switches or very few and the switches you mention are for the backend wsf as this is where all of the work is done in regards to registering the forms into exchange.
On the FE all's we do is proxy the request to the BE server through the enterprisevaultproxy virtual directory. The actual work is performed on the BE server.
Without having more details on your exact problem or any logging information unfortunately I cannot give you any advice as to where authentication is breaking down.
Regarding the proxy you can run the command procycfg -d -p "<local>" * which essentially means that it will let anything through. This list should really be populated with all of the combinations necesaary of your BE Server/servers.
ie Alias, hostname, ip address
Best thing would be to configure logging in the backendsetup2003.wsf.log and frontendsetup2003.wsf.log files open a support case for analysis if looking in the log files that should be created does not point to an obvious issue
03-05-2009 09:49 PM
Hi Paul
Ok so the switches are for backend. Anyway the good news for us I've tried the proxycfg with the command proxycfg-d -p "local" * and now got my 2 factor authentication working! /using proxcfg -d also works. Thanks for the tip. It was actually what me and my team members were guessing on too.
Now whats the impact on EV and on security in general if we were to proxy bypass "*". The previous setting on the OWA server was just direct and no proxy anyway. Also tried putting the 2 factor authentication hostname in but that also gives an error with the logon.
I've also tested EV functionality and all seems ok for now. Doing more regressive testing now to confirm. Thanks again for your response. Have got case number sym Case # 320-168-508 opened with both AP and UK support but I think you should take the credit.Thanks again.
Merv