Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1284
  • Last Modified:

Publishing Exchange OWA 2010 with Forefront TMG 2010

We are just trying to publish our OWA through an Exchange Edge server using HTTPS.  Not trying to redirect HTTP to HTTPS or anything fancy.  Running Exchange 2010 with NLB (two MB servers, two CAS servers that are NLBed).  Right now, our OWA is pointing directly to the CAS NLB IP address using only HTTPS, and everything works fine, both internally and externally.  

When we try to set up the Edge server with Forefront TMG to redirect or proxy the requests from Edge to CAS, we end up getting a blank web page.  I can see the SSL certificate (the same one from CAS, I exported and imported to Edge) on that blank page, so I know we're getting to the Edge server.  

When I run the rule test on the Exchange Web Client Access Publishing rule in Forefront, it comes back all green.  I can access the OWA web page from the Edge server with no problems.  We have tried changing to both forms-based and basic auth on the CAS servers, changing the corresponding settings in Forefront, and though the rule still tests green on everything, we still get a blank white page when we point the OWA address at the Edge/Forefront server.

Currently we are using the same domain name for both internal and external access to the OWA (using internal DNS to point it to the CAS).  We are only using a single NIC in the Edge server because we aren't going to use it as anything but a DMZ proxy for OWA and other Exchange services.  We are considering using two NICs (one in DMZ, one inside) to see if this helps anything, but we really need some direction as we are running out of options.  For reference, this is the guide that we've been using so far:



Please help!
  • 2
2 Solutions
Hi Hachemp,

I have attached a document, see if this helps you.
hachempAuthor Commented:
Vinsvin, thanks for the document.  I shall award you the points for responding.  We ended up calling MS and opening a support ticket, and turns out the issue was about as simple as can be....

We needed to disable the IIS service on the TMG server.  It was hijacking the requests to TMG.

Hope this helps someone else in the same boat.
hachempAuthor Commented:

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now