We are just trying to publish our OWA through an Exchange Edge server using HTTPS. Not trying to redirect HTTP to HTTPS or anything fancy. Running Exchange 2010 with NLB (two MB servers, two CAS servers that are NLBed). Right now, our OWA is pointing directly to the CAS NLB IP address using only HTTPS, and everything works fine, both internally and externally.
When we try to set up the Edge server with Forefront TMG to redirect or proxy the requests from Edge to CAS, we end up getting a blank web page. I can see the SSL certificate (the same one from CAS, I exported and imported to Edge) on that blank page, so I know we're getting to the Edge server.
When I run the rule test on the Exchange Web Client Access Publishing rule in Forefront, it comes back all green. I can access the OWA web page from the Edge server with no problems. We have tried changing to both forms-based and basic auth on the CAS servers, changing the corresponding settings in Forefront, and though the rule still tests green on everything, we still get a blank white page when we point the OWA address at the Edge/Forefront server.
Currently we are using the same domain name for both internal and external access to the OWA (using internal DNS to point it to the CAS). We are only using a single NIC in the Edge server because we aren't going to use it as anything but a DMZ proxy for OWA and other Exchange services. We are considering using two NICs (one in DMZ, one inside) to see if this helps anything, but we really need some direction as we are running out of options. For reference, this is the guide that we've been using so far: