Exchange 2010 OWA, Autodiscover and POP3/IMAP4 Setting verification through TMG

Hendrik WieseInformation Security Manager
Published:
I have seen a number of questions relating to Exchange 2010 OWA, Autodiscover and POP3/IMAP4 Settings using a TMG server so I thought that I would write this article for you to verify your settings. I will only list the most important tabs and not every single one of them.

ASSUMPTIONS

1. In this article I will assume that you have already created listeners etc. on TMG but it is not working because of some settings that might be missing, so this is to ensure that your settings are correct.
2. I also assume that you have already installed and configured your UCC SSL Certificate from an external Authoritative Certificate Provider.

VERY IMPORTANT NOTES:

ON TMG OUTLOOK ANYWHERE PUBLISHING RULE
On "Outlook Anywhere Publishing Rule - Public Name Tab" ensure that you have your autodiscover.domain.com and exchange.domain.com  (the exchange one could be your mail.domain.com or what ever you use for your cas array) entered, as this is the primary reason why Outlook Anywhere does not work

ON BOTH EXCHANGE AND TMG
You have to use the same authentication methods on both sides

ON EXCHANGE 2010 SERVER
1. Open EMC and expland Server Configuration > Client Access
Expand EMC
OWA Settings
2. Select your CAS Server and on the bottom tabs select Outlook Web App
3. Now right click on owa (Default Web Site) and click on properties
4. Now ensure that your settings are as follow:


OWA - General Tab
NB: Use your external url as internal URL and External URL
OWA - General Tab
OWA - Authentication Tab
OWA - Authenticaion Tab
OWA - Public Computer File Access Tab
OWA - Public Computer File Access Tab
OWA - Private Computer File Access Tab
OWA - Private Computer File Access Tab
Autodiscover Settings
5. Open EMC and expland Server Configuration > Client Access
Expand EMC6. Right click on your CAS Server and click properties
7. Select the Outlook Anywhere tab and ensure that you have your External host name entered and have Basic Authentication selected.
Autodiscover Settings on CAS Server Properties - Outlook Anywhere Tab

POP3 and IMAP4 Settings

POP3
8. Open EMC and expland Server Configuration > Client Access
Expand EMC9. Select your CAS Server and select the POP3 and IMAP4 tab
10. Right click POP3 and click properties

POP3 - Binding Tab
POP3 - Binding Tab
POP3 - Authentication Tab
POP3 - Authentication Tab
IMAP4
11. Open EMC and expland Server Configuration > Client Access
Expand EMC12. Select your CAS Server and select the POP3 and IMAP4 tab
13. Right click IMAP4 and click properties

IMAP4 - Binding Tab
IMAP4 - Binding Tab
IMAP5 - Authentication Tab
IMAP4 - Authentication Tab
ON TMG SERVER

OWA SETTINGS ON TMG
1. Open Forefront TMG Management by doing the following: Click Start > All Programs > Microsoft Forefront TMG > Forefront TMG Management
2. Now Expand Forefront TMG > Firewall Policy
TMG - Firewall Policy Navigation3. Ensure that your OWA Publishing rule has the following settings:

OWA Publishing Rule - Action Tab
TMG - OWA Pub Rule Action Tab
OWA Publishing Rule - From Tab
TMG - OWA Publishing Rule - From Tab
OWA Publishing Rule - To Tab
NB:
I have got my CAS Array IP in the "Computer name or IP address" field
TMG - OWA Publishing Rule - To Tab
OWA Publishing Rule - Traffic Tab
TMG - OWA Publishing Rule - Traffic Tab
OWA Publishing Rule - Listener Tab
NB:
Will show you the Listener tabs in more detail at the end of this article.
TMG - OWA Publishing Rule - Listener Tab
OWA Publishing Rule - Public Name Tab
TMG - OWA Publishing Rule - Public Name
OWA Publishing Rule - Paths Tab
TMG - OWA Publishing Rule - Paths Tab
OWA Publishing Rule - Authentication Delegation Tab
TMG - OWA Publishing Rule - Authentication Delegation Tab
OWA Publishing Rule - Application Settings Tab
TMG - OWA Publishing Rule - Application Settings Tab
OWA Publishing Rule - Bridging Tab
TMG - OWA Publishing Rule - Bridging Tab
OWA Publishing Rule - Users Tab
TMG - OWA Publishing Rule - Users Tab
OWA Publishing Rule - Schedule Tab
TMG - OWA Publishing Rule - Schedule Tab
OUTLOOK ANYWHERE SETTINGS ON TMG
Once again:
1. Open Forefront TMG Management by doing the following: Click Start > All Programs > Microsoft Forefront TMG > Forefront TMG Management
2. Now Expand Forefront TMG > Firewall Policy
TMG - Firewall Policy Navigation3. Ensure that your Outlook Anywhere RPC/HTTPS Publishing rule has the following settings:

Outlook Anywhere Publishing Rule - Action Tab
TMG - Outlook Anywhere Publishing Rule - Action Tab
Outlook Anywhere Publishing Rule - From Tab
TMG - Outlook Anywhere Publishing Rule - From Tab
Outlook Anywhere Publishing Rule - To Tab
TMG - Outlook Anywhere Publishing Rule - To Tab
Outlook Anywhere Publishing Rule - Traffic Tab
TMG - Outlook Anywhere Publishing Rule - Traffic Tab
Outlook Anywhere Publishing Rule - Listener Tab
TMG - Outlook Anywhere Publishing Rule - Listener Tab
Outlook Anywhere Publishing Rule - Public Name Tab
NB:
YOU MUST HAVE YOUR autodiscover.domain.com AND exchange.domain.com (the exchange one could be your mail.domain.com or what ever you use for your cas array and both would be your external url's)
TMG - Outlook Anywhere Publishing Rule - Public Name Tab
Outlook Anywhere Publishing Rule - Paths Tab
TMG - Outlook Anywhere Publishing Rule - Paths Tab
Outlook Anywhere Publishing Rule - Authentication Delegation Tab
TMG - Outlook Anywhere Publishing Rule - Authentication Delegation Tab
Outlook Anywhere Publishing Rule - Application Settings Tab
TMG - Outlook Anywhere Publishing Rule - Application Settings Tab
Outlook Anywhere Publishing Rule - Bridging Tab
TMG - Outlook Anywhere Publishing Rule - Bridging Tab
Outlook Anywhere Publishing Rule - Users Tab
TMG - Outlook Anywhere Publishing Rule - Users Tab

POP3 AND IMAP4 SETTINGS ON TMG
These settings are pretty standard, and ones again you would just need to ensure that Authentication is set to the exact same on TMG and Exchange.

EXCHANGE LISTENER SETTINGS ON TMG

Listener Settings on TMG - Authentication Tab
TMG - Listener Settings - Authentication Tab
Listener Settings on TMG - Forms Tab
TMG - Listener Settings - Forms Tab
Listener Settings on TMG - SSO Tab
TMG - Listener Settings - SSO Tab
Listener Settings on TMG - Connections Tab
TMG - Listener Settings - Connections Tab
Listener Settings on TMG - Certificates Tab
TMG - Listener Settings - Certificates Tab
LAST THOUGHT:
In order for you certificate to be installed correctly you need to install the certificate on the local machine on TMG and in AD.

If this article was helpful please vote for it and leave a comment?

Cheers,
Hendrik Wiese
4
11,926 Views
Hendrik WieseInformation Security Manager

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.