[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1222
  • Last Modified:

Publishing Lync IIS with Forefront TMG on Non Domain Joined PCs

I successfully setup the reverse proxy for my lync server with forefront TMG.  When I test the published IIS pages externally on a laptop that is joined to the domain it works with no issues as per the instuctions i followed from technet to create reverse proxy.

If I try connecting from a non domain pc i get the cert error.  I have tried exporting the CA chain and public edge cert with still no luck.

Is there a security setting that is blocking this somewhere?

1 Solution
The Edge Server certificate has nothing to do with the TMG server.  See this article for a deeper explanation of the proper setup: http://blog.schertz.name/2012/07/lync-edge-server-best-practices

If the certificate on the TMG server is public then you don't need to export any of the chain to the external workstations.  But the fact that the domain-joined computer work while the others do not tells me that something about your TMG configuration is most likely leveraging internal certificates and not public certificates.

What is your certificate setup in TMG?
brandywineAuthor Commented:
when I created the reverse proxy I chose the external cert that was for the edge server - Do I need another public cert for the TMG and if so, how do I create it?


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now