http://blogs.technet.com/isablog/archive/2008/04/29/troubleshooting-owa-2007-publishing-rules-on-isa-server-2006.aspx1. Introduction Sometimes troubleshooting publishing rules can be really challenging. The main reason for that is because of the thin line between the published server and the edge firewall (in this case ISA Server). Where is it broken? Is my ISA Serveren-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/isablog/archive/2008/04/29/troubleshooting-owa-2007-publishing-rules-on-isa-server-2006.aspx#3066047Wed, 04 Jun 2008 19:09:05 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3066047mdgrkb<p>Hi,</p> <p>I've heard that when using Forms Based Authentication on the Web Lister for OWA, that doesn't allow for using NTLM authentication for Outlook Anywhere, using the same web listener. &nbsp;So basic authentication has to be used for Outlook Anywhere, which requires users to manually input their credentials. &nbsp;Is that correct?</p> <p>Would I need to have an additional web listener configured with NTLM authentication for Outlook Anywhere access, besides the Forms Based Authentication web listener used for OWA? &nbsp;Does it mean I would also need an additional public IP address? &nbsp;Please advice.</p> <p>Thank you very much</p> http://blogs.technet.com/isablog/archive/2008/04/29/troubleshooting-owa-2007-publishing-rules-on-isa-server-2006.aspx#3068671Tue, 10 Jun 2008 04:36:22 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3068671isablog<p>The reason for that is because the fallback from forms-based authentication is to Basic authentication, for non-browser clients (such as Outlook Client).</p> <p>More info on this behavior check the article:</p> <p><a rel="nofollow" target="_new" href="http://technet.microsoft.com/en-us/library/bb794722.aspx">http://technet.microsoft.com/en-us/library/bb794722.aspx</a></p> <p>If you want to use NTLM for your Outlook Anywhere access than you need to use another listener with another IP, another rule and use KCD as delegation method.</p> <p>Thanks,</p> http://blogs.technet.com/isablog/archive/2008/04/29/troubleshooting-owa-2007-publishing-rules-on-isa-server-2006.aspx#3105889Thu, 14 Aug 2008 20:13:04 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3105889mnecas<p>And what authentication i have to select on listener's properties? HTTP Authentication: Integrated ?</p> http://blogs.technet.com/isablog/archive/2008/04/29/troubleshooting-owa-2007-publishing-rules-on-isa-server-2006.aspx#3170835Thu, 18 Dec 2008 17:40:10 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3170835fred_p<p>We use ISA server 2006 with SP1 to publish Exchange OWA. Any path is specify when we start a session to the OWA server. For example : <a rel="nofollow" target="_new" href="https://mail.domain.be">https://mail.domain.be</a>, in this case we cannot access the logon page on the CAS server.</p> <p>But if we use the url with /OWA path, we get OWA logon page.</p> <p>Why it's works ? i don'y know because the FBA is enable on the both side, on the edge firewall and the Exchange CAS Server.</p> <p>It's very amazing.</p> <p>Thx</p>