I am receiving "Cannot authenticate to Forefront TMG <My Server>" from non domain joined systems when running the Forefront TMG Client software.
I have a dedicated network for internet cafe, auditors, etc. Within Forefront this has been established with a separate subnet and set of web access rules. I have verified that the "Require all users to authenticate" checkbox for the Cafe network isn't checked.
When in the client I enter the server name and add the hostname to the HOSTS file - we use external DNS for this range - it appears that the Forefront client should work. I've also tried using just the IP address.
All the documentation I've seen has referred to SecureNAT clients having this problem. These systems are not yet configured to use Forefront as the gateway so I don't see how it can apply. Any suggestions on a route forward would be much appreciated.