We are using Exchange Server 2007 Standard SP3. OWA and ActiveSync already have been setup and working without any problems through TMG 2010 firewall. The domain where TMG and Exchange have been installed is operating in Windows 2003 mode.
We would like to setup and use Outlook Anywhere with NTLM rather than Basic authentication. NTLM authentication offer one key advantage from an end user perspective, when using a computer that is a member of our domain and logging on with cached credentials the user does not need to re-enter their credentials. I was following white paper -“Publishing Outlook Anywhere Using NTLM Authentication with Forefront TMG or Forefront UAG” http://www.microsoft.com/downloads/en/details.aspx?FamilyID=040b31a0-9a69-4278-9808-e52f08ffaee3
Everything has been setup according to the instruction from the white papers. Our UCC certificate has list of the required subject alternative names (SAN) and has been installed on TMG and Exchange server. As I had mentioned before, clients already are using OWA and ActiveSync with this certificate without any problems.
Outlook Connection Status for the internal users shows successful HTTPS connection but externally outlook is still in the “disconnected” mode.
When I run “Outlook Anywhere (RPC over HTTP)” test on www.testexchangeconnectivity.com
I have this error message:
“Testing HTTP Authentication Methods for URL https://mail.company.com/rpc/rpcproxy.dll
The HTTP authentication test failed.
An HTTP 403 error was received because ISA Server denied the specified URL”.
Clicking on the “Test Rule” button for my Outlook Anywhere rule in TMG shows all happy green ticks.
From the TMG logs I can see denied connection with the status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Request: RPC_IN_DATA http://mail.mycompany.com/rpc/rpcproxy.dll?server1.mycompany.com:6001
Protocol: https User: anonymous
Looking at URL above I don’t understand why is http is there but not https. Plus, why user is anonymous?!
I have spent hours trying to find out what I have missed. Please advise me on what needs to be done to make this Outlook Anywhere to work.
Thank you very much in advance.