locked
PhoneFactor Proxy and Outlook Anywhere RRS feed

  • Question

  • Been running PhoneFactor for a few years now.  During the initial configuration Exchange2010 the only way to get PhoneFactor to work was with the help of support and the configuration of a proxy.  Now I have the need to roll out Outlook Anywhere ran Exchange connectivity analyzer and it failed because of the PhoneFactor proxy.  Any ideas how to get around this?

    Attempting to ping RPC proxy mail.domainname.com.
      RPC Proxy can't be pinged.
     
     Additional Details
     
    An HTTP 401 Unauthorized response was received from the remote IIS7 server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
    Headers received:
    Content-Length: 6734
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Date: Mon, 13 Jan 2014 20:36:07 GMT
    Server: Microsoft-IIS/7.5
    WWW-Authenticate: Negotiate,NTLM
    X-Powered-By: ASP.NET
    Via: 1.1 192.168.200.116 (PhoneFactor Proxy)
    Connection: close


    Elapsed Time: 1186 ms. 

    Monday, January 13, 2014 9:20 PM

Answers

  • Older versions may have required you to set up the PhoneFactor Agent as a reverse proxy, but the latest versions should be able to secure OWA without a proxy. If you are using Server 2008 or higher (IIS7) you can now use Native Modules instead of the ISAPI filter that was required. The Native Module can be hooked into the OWA virtual directory instead of hooking in at the website level which has less of an impact on other Exchange services. Unless you need functionality that is specifically available with the form-based IIS authentication in the MFA Server (PhoneFactor Agent), I recommend using the HTTP authentication, but both are options. If you need assistance with the configuration, please open a support ticket.
    • Marked as answer by Milo145 Thursday, January 16, 2014 9:31 PM
    Wednesday, January 15, 2014 12:08 AM

All replies

  • Older versions may have required you to set up the PhoneFactor Agent as a reverse proxy, but the latest versions should be able to secure OWA without a proxy. If you are using Server 2008 or higher (IIS7) you can now use Native Modules instead of the ISAPI filter that was required. The Native Module can be hooked into the OWA virtual directory instead of hooking in at the website level which has less of an impact on other Exchange services. Unless you need functionality that is specifically available with the form-based IIS authentication in the MFA Server (PhoneFactor Agent), I recommend using the HTTP authentication, but both are options. If you need assistance with the configuration, please open a support ticket.
    • Marked as answer by Milo145 Thursday, January 16, 2014 9:31 PM
    Wednesday, January 15, 2014 12:08 AM
  • Were you able to get Phone Factor working with OA via a proxy?
    Thursday, February 5, 2015 10:05 PM