Publishing Exchange OWA 2010 with Forefront TMG 2010

Posted on 2011-10-18
Last Modified: 2012-05-12
We are just trying to publish our OWA through an Exchange Edge server using HTTPS.  Not trying to redirect HTTP to HTTPS or anything fancy.  Running Exchange 2010 with NLB (two MB servers, two CAS servers that are NLBed).  Right now, our OWA is pointing directly to the CAS NLB IP address using only HTTPS, and everything works fine, both internally and externally.  

When we try to set up the Edge server with Forefront TMG to redirect or proxy the requests from Edge to CAS, we end up getting a blank web page.  I can see the SSL certificate (the same one from CAS, I exported and imported to Edge) on that blank page, so I know we're getting to the Edge server.  

When I run the rule test on the Exchange Web Client Access Publishing rule in Forefront, it comes back all green.  I can access the OWA web page from the Edge server with no problems.  We have tried changing to both forms-based and basic auth on the CAS servers, changing the corresponding settings in Forefront, and though the rule still tests green on everything, we still get a blank white page when we point the OWA address at the Edge/Forefront server.

Currently we are using the same domain name for both internal and external access to the OWA (using internal DNS to point it to the CAS).  We are only using a single NIC in the Edge server because we aren't going to use it as anything but a DMZ proxy for OWA and other Exchange services.  We are considering using two NICs (one in DMZ, one inside) to see if this helps anything, but we really need some direction as we are running out of options.  For reference, this is the guide that we've been using so far:

Please help!
Question by:hachemp
    LVL 8

    Accepted Solution

    Hi Hachemp,

    I have attached a document, see if this helps you.

    Assisted Solution

    Vinsvin, thanks for the document.  I shall award you the points for responding.  We ended up calling MS and opening a support ticket, and turns out the issue was about as simple as can be....

    We needed to disable the IIS service on the TMG server.  It was hijacking the requests to TMG.

    Hope this helps someone else in the same boat.

    Author Closing Comment


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    26 Experts available now in Live!

    Get 1:1 Help Now