Forefront TMG blocking OWA access
Hi Experts,
I'm having an issue here that seems simple, I'm just missing something and need your help!
Environment:
- Upgrading from Exchange 2003 to Exchange 2010
- In the process of trying to get an Edge/TMG server up and running so I can move OWA login to it
- Single NIC environment; TMG/Edge server is sitting in our DMZ
- Temporarily have the web address on TMG settings and DNS set to newmail.domain.com (so as to not interfere with current OWA)
Symptoms:
- When I go to https://newmail.domain.com/owa, I get the security alert about mismatch on name vs. what's on certificate
- Logs on TMG show successful initiated HTTPS packets from my machine to TMG server
- When i proceed, IE throws "page could not be displayed" w/ error "403 forbidden. the server denied the specified URL. (12202)"
- Then a log entry on TMG states "denied connection" from same source and destination w/ protocol of https and same error code that IE throws .. also that the Default Rule is the reason it's being blocked.
Other Info:
- We're not using this as an internet proxy for our users, just as a reverse proxy for the Exchange OWA related sites
- I think i've populated as many access rules needed to allow all traffic through and to the local host:
Firewall Policy - Allow Traffic - All outbound traffic - from Internal - To Local Host / Allow Web access - HTTP/HTTPS - from Internal - to Internal
Network Rules - Allow Traffic - Route - source All Networks - destination All Networks
I've got a test network/domain setup similar to our production network, and was able to get this working without this many issues.
What am I missing?
Thanks!
I'm having an issue here that seems simple, I'm just missing something and need your help!
Environment:
- Upgrading from Exchange 2003 to Exchange 2010
- In the process of trying to get an Edge/TMG server up and running so I can move OWA login to it
- Single NIC environment; TMG/Edge server is sitting in our DMZ
- Temporarily have the web address on TMG settings and DNS set to newmail.domain.com (so as to not interfere with current OWA)
Symptoms:
- When I go to https://newmail.domain.com/owa, I get the security alert about mismatch on name vs. what's on certificate
- Logs on TMG show successful initiated HTTPS packets from my machine to TMG server
- When i proceed, IE throws "page could not be displayed" w/ error "403 forbidden. the server denied the specified URL. (12202)"
- Then a log entry on TMG states "denied connection" from same source and destination w/ protocol of https and same error code that IE throws .. also that the Default Rule is the reason it's being blocked.
Other Info:
- We're not using this as an internet proxy for our users, just as a reverse proxy for the Exchange OWA related sites
- I think i've populated as many access rules needed to allow all traffic through and to the local host:
Firewall Policy - Allow Traffic - All outbound traffic - from Internal - To Local Host / Allow Web access - HTTP/HTTPS - from Internal - to Internal
Network Rules - Allow Traffic - Route - source All Networks - destination All Networks
I've got a test network/domain setup similar to our production network, and was able to get this working without this many issues.
What am I missing?
Thanks!
Last Comment
ASKER
Thanks for the response. The only differences between what I did and the blogs you posted were that they used the IIS console to generate the cert request, etc. I just used the EMC for it. The other difference was that when establishing the listener, they used Windows Active Directory for authentication, i used LDAP and directed to a specific DC in our site.
Unfortunately, after I made this change to the listener authentication, still no dice. Same result after a reboot of the TMG server as well.
Unfortunately, after I made this change to the listener authentication, still no dice. Same result after a reboot of the TMG server as well.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
fixed it myself.
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
http://www.isaserver.org/tutorials/publishing-exchange-outlook-web-app-owa-microsoft-forefront-threat-management-gateway-tmg-2010-part1.html
http://www.isaserver.org/tutorials/Publishing-Exchange-Outlook-Web-App-OWA-Microsoft-Forefront-Threat-Management-Gateway-TMG-2010-Part2.html