• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1082
  • Last Modified:

Exchange 2007 owa with Forefront TMG, owa not working after configuring autodiscovery NTLM with a new listener

I've published Exchange 2007 owa with Forefront TMG.  It was working perfectly well until I decided to create another listener for autodiscover NTLM authentication.  autodiscovery is working great now, but owa seems to be broken.  The strange thing is that from one of my machines it works perfectly well as it always has.  Which leads me to believe that this machine is in some rule somewhere that is giving it extra access permission.  I also noticed that the computer that it's working for shows the owa site as in the local intranet, where as on the other computers I can't get them to recognize the site in the local intranet.  I've attached a file that has TMG logs from the working computer and one that doesn't.  Any ideas?  Thanks!
FTMG-OWA-log.txt
0
mbromb
Asked:
mbromb
  • 5
  • 3
1 Solution
 
endital1097Commented:
i would start by looking at the web publishing rules and make sure there are no overlapping paths
0
 
mbrombAuthor Commented:
none that i can see. It was working before the autodiscovery rule change, and i've haven't changed the paths, but I did add another public name.
0
 
endital1097Commented:
the OWA publishing rule should have the paths /Exchange /owa /public /exadmin (i don't have a box to verify, but I think that is all of them)

Autodiscover publishing rule should only have the /Autodiscover and /rpc paths unless your web services vdir uses the same fqdn, then it should also include /ews /oab /unifiedmessaging

i will try to connect and verify if no one else posts before i can
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
mbrombAuthor Commented:
I have /public/*, /owa/*, /exchange/*, /exchweb/* .  I made a change with this because of this problem.  I had a separate rule for the OWA path so that it would use negotiation auth to the CAS servers. I've since added it back into the main owa rule which uses basic to simplify things.   But one machine works perfectly well even after refreshing, clearing temp files and form, passwords, etc.  
0
 
endital1097Commented:
sometimes you need to restart the isa firewall service
0
 
mbrombAuthor Commented:
If that fixes it, I think I'll drop a brick and then give you 300 points.  Hold that thought..... :)
0
 
mbrombAuthor Commented:
I can't believe the time I wasted on this!  thank you! thank you! thank you!
0
 
mbrombAuthor Commented:
Thank You!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now