Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Publishing Exchange 2010 on TMG 2010 properly!

Posted on 2012-12-26
9
1,438 Views
Last Modified: 2012-12-30
Hi,

I have an Exchange Server 2010 on a dedicated box with all roles on it. I also have another box, TMG 2010 server and Exchnage Edge role installed. At the moment OWA working with no problem but ActiveSync and Outlook Anywhere is not working (never worked since the installation). Iphone or other mobile devices not able to connect Exchange services from outside of the organization.
I wanna solve that cronic issue now.

Do I have to publish Active Sync in a seperate rule?
Do I have to publish Outlook Anywhere in a seperate rule?

Your help much appreciated.
0
Comment
Question by:teomcam
  • 5
  • 3
9 Comments
 
LVL 15

Accepted Solution

by:
Rajkumar-MCITP earned 250 total points
ID: 38722123
If you are going to set basic authentication for all the client access protocols, then one rule its enough

Please refer this guide to successfully publish OWA\EAS\OA using TMG

http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8946
0
 
LVL 8

Author Comment

by:teomcam
ID: 38722192
I stuck at the Kerberos.

Time reported by the Microsoft Forefront TMG Firewall Service: 0.000 seconds
Testing https://mail.domain.com:443/Microsoft-Server-ActiveSync/
Category: KCD error
Error details: This Forefront TMG computer doesn't have the required trust for Kerberos Constrained Delegation.
Action: Kerberos Constrained Delegation requires the Forefront TMG computer to be trusted for delegation for any authentication protocol and the Service Principal Name (SPN) used by Forefront TMG must be added to Active Directory. For additional information see http://www.microsoft.com/technet/isa/2006/kcd.mspx.

Open in new window


I went to the given link and there is a statement says
The Active Directory domain in which the ISA Server computer, the published Exchange server (or servers in a server farm), and the domain controller that issues the Kerberos service tickets for constrained delegation reside must be set to the Windows Server 2003 functional level.

At the moment we are on Windows 2003 level no rpoblem with that but next week we have scheduled to raise domain and forest function level to Win 2008 R2!
0
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 250 total points
ID: 38722334
is your TMG server joined to the domain ?
yes create each in a different rule, it is not a requirement but makes troubleshooting easier
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 8

Author Comment

by:teomcam
ID: 38722434
Yes its domain joined TMG 2010. When I create Active Sync and Outlook Anywhere rules and test the rule its giving error about the Kerberos Contrains. I did delegation under AD-Computer TMG for http for Exchange server but it still giving error. Do I have to do anything at the Exchange Server?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 38723249
this document has everything you need http://www.microsoft.com/en-us/download/details.aspx?id=8946

since it is joined to the domain why are you using KDC ?
0
 
LVL 8

Author Comment

by:teomcam
ID: 38723301
Yeah I am reading that document since 3 days.

since it is joined to the domain why are you using KDC ?
The document says that!
0
 
LVL 49

Expert Comment

by:Akhater
ID: 38723304
ok then :) do you mind doing it my way ?
0
 
LVL 8

Author Comment

by:teomcam
ID: 38724451
Sorry I must missed. If you meant creating rule for every each of it, yes I did and receiving the same error that I gave above.
0
 
LVL 8

Author Comment

by:teomcam
ID: 38730468
Found the problem. Actually I was following whitepaper correctly. But there was a glitch on the Test Rule button whihc is known problem according to link below. Since test was failing I wasn't saving the configuratyion and was continuing to the battle :)) Ignored the test rule result and saved ActiveSync work perfectly fine now.


http://blogs.technet.com/b/isablog/archive/2012/04/24/another-behavior-of-the-test-rule-button-in-threat-management-gateway-2010.aspx
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question