I have seen a number of questions relating to Exchange 2010 OWA, Autodiscover and POP3/IMAP4 Settings using a TMG server so I thought that I would write this article for you to verify your settings. I will only list the most important tabs and not every single one of them.
ASSUMPTIONS
1. In this article I will assume that you have already created listeners etc. on TMG but it is not working because of some settings that might be missing, so this is to ensure that your settings are correct.
2. I also assume that you have already installed and configured your UCC SSL Certificate from an external Authoritative Certificate Provider.
VERY IMPORTANT NOTES:
ON TMG OUTLOOK ANYWHERE PUBLISHING RULE
On "Outlook Anywhere Publishing Rule - Public Name Tab" ensure that you have your autodiscover.domain.com and exchange.domain.com (the exchange one could be your mail.domain.com or what ever you use for your cas array) entered, as this is the primary reason why Outlook Anywhere does not work
ON BOTH EXCHANGE AND TMG
You have to use the same authentication methods on both sides
ON EXCHANGE 2010 SERVER
1. Open EMC and expland Server Configuration > Client Access
ASSUMPTIONS
1. In this article I will assume that you have already created listeners etc. on TMG but it is not working because of some settings that might be missing, so this is to ensure that your settings are correct.
2. I also assume that you have already installed and configured your UCC SSL Certificate from an external Authoritative Certificate Provider.
VERY IMPORTANT NOTES:
ON TMG OUTLOOK ANYWHERE PUBLISHING RULE
On "Outlook Anywhere Publishing Rule - Public Name Tab" ensure that you have your autodiscover.domain.com and exchange.domain.com (the exchange one could be your mail.domain.com or what ever you use for your cas array) entered, as this is the primary reason why Outlook Anywhere does not work
ON BOTH EXCHANGE AND TMG
You have to use the same authentication methods on both sides
ON EXCHANGE 2010 SERVER
1. Open EMC and expland Server Configuration > Client Access
OWA Settings
2. Select your CAS Server and on the bottom tabs select Outlook Web App
3. Now right click on owa (Default Web Site) and click on properties
4. Now ensure that your settings are as follow:
OWA - General Tab
NB: Use your external url as internal URL and External URL
OWA - Authentication Tab
OWA - Public Computer File Access Tab
OWA - Private Computer File Access Tab
Autodiscover Settings
5. Open EMC and expland Server Configuration > Client Access
6. Right click on your CAS Server and click properties
7. Select the Outlook Anywhere tab and ensure that you have your External host name entered and have Basic Authentication selected.
POP3 and IMAP4 Settings
POP3
8. Open EMC and expland Server Configuration > Client Access
9. Select your CAS Server and select the POP3 and IMAP4 tab
10. Right click POP3 and click properties
POP3 - Binding Tab
POP3 - Authentication Tab
IMAP4
11. Open EMC and expland Server Configuration > Client Access
12. Select your CAS Server and select the POP3 and IMAP4 tab
13. Right click IMAP4 and click properties
IMAP4 - Binding Tab
IMAP5 - Authentication Tab
ON TMG SERVER
OWA SETTINGS ON TMG
1. Open Forefront TMG Management by doing the following: Click Start > All Programs > Microsoft Forefront TMG > Forefront TMG Management
2. Now Expand Forefront TMG > Firewall Policy
3. Ensure that your OWA Publishing rule has the following settings:
OWA Publishing Rule - Action Tab
OWA Publishing Rule - From Tab
OWA Publishing Rule - To Tab
NB: I have got my CAS Array IP in the "Computer name or IP address" field
OWA Publishing Rule - Traffic Tab
OWA Publishing Rule - Listener Tab
NB: Will show you the Listener tabs in more detail at the end of this article.
OWA Publishing Rule - Public Name Tab
OWA Publishing Rule - Paths Tab
OWA Publishing Rule - Authentication Delegation Tab
OWA Publishing Rule - Application Settings Tab
OWA Publishing Rule - Bridging Tab
OWA Publishing Rule - Users Tab
OWA Publishing Rule - Schedule Tab
OUTLOOK ANYWHERE SETTINGS ON TMG
Once again:
1. Open Forefront TMG Management by doing the following: Click Start > All Programs > Microsoft Forefront TMG > Forefront TMG Management
2. Now Expand Forefront TMG > Firewall Policy
3. Ensure that your Outlook Anywhere RPC/HTTPS Publishing rule has the following settings:
Outlook Anywhere Publishing Rule - Action Tab
Outlook Anywhere Publishing Rule - From Tab
Outlook Anywhere Publishing Rule - To Tab
Outlook Anywhere Publishing Rule - Traffic Tab
Outlook Anywhere Publishing Rule - Listener Tab
Outlook Anywhere Publishing Rule - Public Name Tab
NB: YOU MUST HAVE YOUR autodiscover.domain.com AND exchange.domain.com (the exchange one could be your mail.domain.com or what ever you use for your cas array and both would be your external url's)
Outlook Anywhere Publishing Rule - Paths Tab
Outlook Anywhere Publishing Rule - Authentication Delegation Tab
Outlook Anywhere Publishing Rule - Application Settings Tab
Outlook Anywhere Publishing Rule - Bridging Tab
Outlook Anywhere Publishing Rule - Users Tab
POP3 AND IMAP4 SETTINGS ON TMG
These settings are pretty standard, and ones again you would just need to ensure that Authentication is set to the exact same on TMG and Exchange.
EXCHANGE LISTENER SETTINGS ON TMG
Listener Settings on TMG - Authentication Tab
Listener Settings on TMG - Forms Tab
Listener Settings on TMG - SSO Tab
Listener Settings on TMG - Connections Tab
Listener Settings on TMG - Certificates Tab
LAST THOUGHT:
In order for you certificate to be installed correctly you need to install the certificate on the local machine on TMG and in AD.
If this article was helpful please vote for it and leave a comment?
Cheers,
Hendrik Wiese