Home > Exchange 2010, Forefront TMG 2010, Windows 2008 (R2) > Install & Configure Forefront TMG Back to Back solution with Exchange 2010 Part 3

Install & Configure Forefront TMG Back to Back solution with Exchange 2010 Part 3


This is the last article of the three part series on how to to Install & Configure Forefront TMG Back to Back solution with Exchange 2010. In the first one I explained the network setup, network relationships, the TMG backend and TMG Frontend installations and some simple firewall rules. In the second part we went through on how to configure OWA for exchange 2010, web publishing rules, and incoming and outgoing SMTP mail. This last article will explain how to setup Exchange ActiveSync and Exchange Outlook Anywhere and autodiscover.

Configuring Exchange Outlook Anywhere and autodiscover

In Microsoft Exchange Server 2010, the Outlook Anywhere feature, formerly known as RPC over HTTP, lets clients that use Microsoft Office Outlook 2010, Outlook 2007, or Outlook 2003 connect to their Exchange servers from outside the corporate network or over the Internet using the RPC over HTTP Windows networking component. The Windows RPC over HTTP Proxy component, which Outlook Anywhere clients use to connect, wraps remote procedure calls (RPCs) with an HTTP layer. This allows traffic to traverse the TMG firewalls without requiring RPC ports to be opened.

requirements:

  • A SAN certificate with your companies webmail address should reside on the exchange 2010 and TMG-BE boxes. (the SAN certificate should include webmail.test.com AND autodiscover.test.com AND autodiscover.test.local AND exchange2010.test.local (exchange server name)
  • In the forward lookup zone test.com on the DC1 server create a new A record called autodiscover.test.com that points to 10.4.20.20
  • In the forward lookup zone test.local on the DC1 server create a new A record called autodiscover.test.local that points to 10.4.20.20
  • At your provider you should create a DNS record that points autodiscover.test.com to ISP IP4

Create the rules on the TMG-FE

  • Rule Name : Publish Exchange 2010 Autodiscover and Outlook Anywhere – HTTPS (non-web publishing rule)
  • Server IP : 10.6.0.3
  • Protocol : HTTPS Server
  • Listener IP Address : External Interface IP : ISP IP4 only
  • Make sure you enable : requests appear from original client

Create the rules on the TMG-BE

  • Name : Publish Exchange 2010 Autodiscover and Outlook Anywhere (Exchange Client Access rule)
  • Rule number : below OWA 2010 rule
  • Exchange version : exchange 2010
  • Mail services : Outlook Anywhere (RPC/HTTPs) and enable folders
  • Rule action : Allow
  • Publishing Type : single website
  • Server Connection Security : SSL
  • Internal Sitename : webmail.test.com
  • Ip Address : 10.4.20.20
  • Request appear to come from TMG
  • Public name details : autodiscover.test.com
  • Create New Listener
  • Web Listener Name : HTTPS Autodiscover
  • Client Connection Security : SSL (HTTPS)
  • Web Listener IP Address : Perimeter Interface IP : 10.6.0.3 only
  • Certificate : webmail.test.com
  • Authentication Settings : HTTP Form authentication
  • Validation : Windows (active directory)
  • SSO : disabled
  • Authentication Delegation : Basic authentication
  • User Set : All authenticated users group

Configuring Exchange ActiveSync

Exchange ActiveSync is a Microsoft Exchange synchronization protocol that’s optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML, lets mobile phones access an organization’s information on a server that’s running Microsoft Exchange. Exchange ActiveSync enables mobile phone users to access their e-mail, calendar, contacts, and tasks and to continue to be able to access this information while they’re working offline.

Create the rules on the TMG-FE

  • None needed

Create the rules on the TMG-BE

  • Name : Publish Exchange 2010 Activesync (Exchange Client Access rule)
  • Rule Number : Below OWA 2010 and Outlook Anywhere rule
  • Exchange version : Exchange 2010
  • Mail services : Activesync
  • Publishing Type : single website
  • Server Connection Security : SSL
  • Internal Sitename : webmail.test.com
  • Ip Address : 10.4.20.20
  • Request appear to come from TMG
  • Public name details : webmail.test.com
  • Listener : HTTP(S) OWA 2010 (created in part 2)
  • Authentication Delegation : Basic authentication
  • User Set : All authenticated users group

Now we are able to connect to our Exchange 2010 server via OWA, PDA/Smartphones and outlook 2003/2007/2010 clients. You can test your configuration by going to a microsoft test site and run some test here. You might have noticed i didn’t speak much on how to configure the exchange side of things. However there are some good sites that explain it all:

This concludes my three part article on how to install & configure Forefront TMG Back to Back solution with Exchange 2010. I hope its usefull for you and feel free to comment.

About these ads
  1. November 11, 2011 at 2:45 pm | #1

    Hello Richard this was a really nice post, I am not an expert in the subject but aparently our Microsoft expert technician is not so expert.

    We have a problem, after we upgraded from exchange 2003 to exchange 2010, and from isa 2006 to forefront tmg 2010 some services stoped workink, for example:

    - Phonebook wont load on owa
    - Autodiscover credentials popup in Outlook a docen times a day
    - Can´t configure mail on Blackberry’s, not even by owa
    - Out of office replys nos working on outlook 2010 clients
    - Can´t share calendar on outlook 2010 clients
    - Fails on almost every result from https://www.testexchangeconnectivity.com/

    Do you think it is posible you can help me in any way?

    Thank you in advance

    • November 21, 2011 at 9:40 am | #2

      we discussed this via mail and we concluded that you did not have a SAN certificate installed but a “normal” certificate with 1 URL in it (webmail.uhemisferios.edu.ec).

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: