Exchange 2010 Publishing via TMG 2010 DMZ 1 NIC

Posted on 2011-10-25
Medium Priority
Last Modified: 2012-05-12
Hi All

I have a forefront 2010 box sitting in my DMZ this uses a 172.x.x.x address.

Outside -> Cisco ASA -> TMG 2010 DMZ -> Same Cisco ASA -> Internal

Essentially a 3 leg with TMG in the DMZ

I have successfully setup and tested OWA/ActiveSync externally no problem.

Getting ExRCA failed to obtain an Autodiscover XML response. I can see
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).

The problem I am having is setting up auto discover/OA as I can only setup one type of Authentication on my HTTPS listener and only the 1 HTTPS listener.

Any ideas on how to get around this.

This is also preventing my autodiscover from working.

Question by:MediaMon
  • 3
  • 2

Expert Comment

ID: 37029413
are you sure that you published autodiscover through tmg ?

Author Comment

ID: 37029703

I actually can't as I can only use one HTTPS listener. I have a listener that listens for outlook.domain.com which is my OWA. So I am not sure how I can add autodiscover to this as well.


Expert Comment

ID: 37030958
create a new publishing rule with internal site name autodiscover.domain.com from anywhere to your cas servers using the same https listener and with public domain name autodiscover.domain.com and in paths tab ensure that the following are in place

Accepted Solution

MediaMon earned 0 total points
ID: 37035019
Thanks I have done that.

So now when I externally hit


I get the TMG login screen looks like it using forms based Authetication (as that is what my HTTPS listener is configured too as I need it for OWA), once i enter my details I get.

<?xml version="1.0" encoding="utf-8" ?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Error Time="10:25:52.1190436" Id="624335843">
<Message>Invalid Request</Message>
<DebugData />

The rule looks ok but still getting the same result from ExRCA

ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user paul.test@domain.com.

ExRCA failed to obtain an Autodiscover XML response.

Additional Details

An HTTP 403 error was received because ISA Server denied the specified URL.

Its complete madness That Autodiscover has to be published externally for my Internal clients to work !!

Thanks test Result

Author Closing Comment

ID: 37609052
No solution provided

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Loops Section Overview
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month14 days, 21 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question