Solved: No Probs........... I'm glad

ama1510 · ‎05-05-2016

I had an issue after deploying Cisco WSA as a web security gateway with outlook email client, the case as below:

1- Cisco WSA HTTPS proxy is configured with self-signed certificate to intercept the encrypted traffic.

2- Customer email server is hosted extrenally, they access their email through the OWA web interface and through the outlook client.

3- OWA web interfaces working fine with HTTPS.

4- Outlook client is configured with Exchange proxy URL to be able to retrieve their emails, this exchange proxy URL is using HTTPS.

5- Cisco WSA self-signed certificate is deployed in the client machine certificate repository in the trusted root certificate authorities.

6- When trying to access the email using the outlook client, it cannot connect to the exchange server.

what should i do to solve this issue, as from my readings i knew that the outlook client is connecting to the exchange proxy using RPC over HTTP, i do not know exactly what is the issue.

Andre Neethling · ‎05-06-2016

Hi. The Outlook client (Outlook anywhere/RPC over HTTPS) doesn't behave well with decryption. What I would try to do is put the Exchange URL in a "Do not Decrypt" custom URL category and configure a decryption policy with the action "Pass" so that no Decryption takes place. This should get the Client to work through the WSA.

View solution in original post

Ken Stieers · ‎05-05-2016

Are the OWA users getting a cert error that they just click through?

Outlook doesn't surface that error so they can't click through it. You need to deploy that cert to all machines or have the users install it or deploy a subordinate CA cert from a CA the workstations already trust.

ama1510 · ‎05-05-2016

Cisco WSA self signed certificate is already deployed on the trusted root certificates on the users browsers and when access email through OWA web interface there is no problem and nor certificate error happen cause it's exited in the trusted root certificates, the problem appear when using the outlook client and the outlook start to use the defined exchange proxy HTTPS URL.

Ken Stieers · ‎05-05-2016

Okay then it's probably an authentication issue. If they go to a website with a browser and then open Outlook does it work? Outlook doesn't handle authentication either. Either deploy a CDA or create a new identity for the Outlook user agent and set that identity to not require authentication.

ama1510 · ‎05-05-2016

Thanks for your reply, but users access the internet without authentication at all.

Andre Neethling · ‎05-06-2016

Hi. The Outlook client (Outlook anywhere/RPC over HTTPS) doesn't behave well with decryption. What I would try to do is put the Exchange URL in a "Do not Decrypt" custom URL category and configure a decryption policy with the action "Pass" so that no Decryption takes place. This should get the Client to work through the WSA.

ama1510 · ‎05-17-2016

Thanks Andre, It Works :)

ama1510 · ‎05-17-2016

Thank you Andre, It Works with me.

Andre Neethling · ‎05-18-2016

No Probs........... I'm glad you got it to work.

WSA with Outlook client