Publishing Lync IIS with Forefront TMG on Non Domain Joined PCs

I successfully setup the reverse proxy for my lync server with forefront TMG.  When I test the published IIS pages externally on a laptop that is joined to the domain it works with no issues as per the instuctions i followed from technet to create reverse proxy.

If I try connecting from a non domain pc i get the cert error.  I have tried exporting the CA chain and public edge cert with still no luck.

Is there a security setting that is blocking this somewhere?

Thanks
nondomain-external.PNG
domainPC-External.PNG
brandywineAsked:
Who is Participating?
 
Jeff_SchertzConnect With a Mentor Commented:
The Edge Server certificate has nothing to do with the TMG server.  See this article for a deeper explanation of the proper setup: http://blog.schertz.name/2012/07/lync-edge-server-best-practices

If the certificate on the TMG server is public then you don't need to export any of the chain to the external workstations.  But the fact that the domain-joined computer work while the others do not tells me that something about your TMG configuration is most likely leveraging internal certificates and not public certificates.

What is your certificate setup in TMG?
0
 
brandywineAuthor Commented:
when I created the reverse proxy I chose the external cert that was for the edge server - Do I need another public cert for the TMG and if so, how do I create it?

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.