Exchange 2010 Publishing via TMG 2010 DMZ 1 NIC

Hi All

I have a forefront 2010 box sitting in my DMZ this uses a 172.x.x.x address.

Outside -> Cisco ASA -> TMG 2010 DMZ -> Same Cisco ASA -> Internal

Essentially a 3 leg with TMG in the DMZ

I have successfully setup and tested OWA/ActiveSync externally no problem.

Getting ExRCA failed to obtain an Autodiscover XML response. I can see
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).

The problem I am having is setting up auto discover/OA as I can only setup one type of Authentication on my HTTPS listener and only the 1 HTTPS listener.

Any ideas on how to get around this.

This is also preventing my autodiscover from working.

Thanks
MediaMonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

HeshamMousaCommented:
are you sure that you published autodiscover through tmg ?
0
MediaMonAuthor Commented:
Hello

I actually can't as I can only use one HTTPS listener. I have a listener that listens for outlook.domain.com which is my OWA. So I am not sure how I can add autodiscover to this as well.

Thanks
0
HeshamMousaCommented:
create a new publishing rule with internal site name autodiscover.domain.com from anywhere to your cas servers using the same https listener and with public domain name autodiscover.domain.com and in paths tab ensure that the following are in place
/OAB/*
/EWS/*
/Autodiscover/*
/
0
MediaMonAuthor Commented:
Thanks I have done that.

So now when I externally hit

https://autodiscover.domain.com/Autodiscover/Autodiscover.xml

I get the TMG login screen looks like it using forms based Authetication (as that is what my HTTPS listener is configured too as I need it for OWA), once i enter my details I get.

<?xml version="1.0" encoding="utf-8" ?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response>
<Error Time="10:25:52.1190436" Id="624335843">
<ErrorCode>600</ErrorCode>
<Message>Invalid Request</Message>
<DebugData />
</Error>
</Response>
</Autodiscover>

The rule looks ok but still getting the same result from ExRCA

ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.com/AutoDiscover/AutoDiscover.xml for user paul.test@domain.com.

ExRCA failed to obtain an Autodiscover XML response.

Additional Details

An HTTP 403 error was received because ISA Server denied the specified URL.

Its complete madness That Autodiscover has to be published externally for my Internal clients to work !!

Thanks test Result
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MediaMonAuthor Commented:
No solution provided
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.