Installation of a UC digital certificate in EBS environment

you need to install the new certificate onto the exchange server
then run the following to locate the cert
get-exchangecertificate | fl

then using the thumbprint for the new cert run
enable-exchangecertificate -thumbprint <id> -services "iis,pop,imap,smtp"

you do not need to restart any services

Ok. great.  Will that sort the problem of accessing RWW using the https://remote.domainB.com ?

what is the entire http error code 403.x?

the error displayed in IE8 is:

The page cannot be displayed  
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.

--------------------------------------------------------------------------------

Try the following:

Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.

--------------------------------------------------------------------------------

Technical Information (for support personnel)

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
 

try going to
https://remote.domainb.com/owa

just the same.  I will install the cert on the exchange server tomorrow to see if that fixes the issues and report back.

thanks.

I installed the new cert on the exchange server. I ran the enable-exchangecertificate -thumbprint <id> -services "iis,pop,imap,smtp"  command  and all users immediatley received a certificate error message.  So I switched it back.

Any thoughts.

I have looked at the forefront logs and found the following entry. I have changed the private names and addresses where applicable:

#################################################################

Denied Connection SECURITYSERVER 21/09/2010 12:06:56
Log type: Web Proxy (Reverse)
Status: 12202 The Forefront TMG denied the specified Uniform Resource Locator (URL).  
Rule: Default rule
Source: External (external IP)
Destination: Local Host (192.168.1.2:443)
Request: GET http://remote.domainB.com/ 
Filter information: Req ID: 228512d6; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
 Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.3...
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type: -

######################################################################

It would appear that ISA is denying access when the name remote.domainB.com is used by the client.

Any further thoughts?
 

When you set up the publishing rule on your ISA, did you import the private key with the certificates?

I believe so.  I exported the cert from the management server and imported it into ISA. Then i added it to the listener.