Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Publish Exchange OWA with SSL in TMG

318 views
Skip to first unread message

Floris Verstegen

unread,
Jun 14, 2010, 6:02:23 AM6/14/10
to
I can't get Forefront TMG to create an HTTPS listener that uses form based
authentication for publishing Microsoft Exchange Outlook Web App 2010.

Forefront is running on Windows Server 2008 R2 64 Bit Enterprise Edition.
The machine is member of the domain and I use a wildcard certificate from my
own domain certificate service. The certificate is imported into the Personal
store of the Computer and appears as a valid selectable certificate in TMG.
When I publish OWA 2010 with a Web Listener I select the certificate and
select form based authentication. When browsing to my public IP Address from
a remote system I get a page cannot be displayed error from Internet Explorer.
In the logging on Forefront I do see two entries indicating a connection
attempt from the remote system:

Initiated Connection SVTMG01 6/13/2010 12:16:50 PM
Log type: Firewall service
Status: The operation completed successfully.
Source: External (xxx.xxx.xxx.xxx:2304)
Destination: Local Host (xxx.xxx.xxx.xxx:443)
Protocol: HTTPS

Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: xxx.xxx.xxx.xxx

Closed Connection SVTMG01 6/13/2010 12:16:50 PM
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process
with a three-way FIN-initiated handshake.
Source: External (xxx.xxx.xxx.xxx:2304)
Destination: Local Host (xxx.xxx.xxx.xxx:443)
Protocol: HTTPS

Additional information
Number of bytes sent: 584 Number of bytes received: 4367
Processing time: 0ms Original Client IP: xxx.xxx.xxx.xxx

I can get this to work fine when using HTTP, but not with HTTPS and a
certificate. I already did a reinstall of the entire machine, tried a
different port for HTTPS and a non wild-card certificate.

Phillip Windell

unread,
Jun 14, 2010, 10:55:32 AM6/14/10
to
"Floris Verstegen" <FlorisV...@discussions.microsoft.com> wrote in
message news:0C631785-5AED-4EB8...@microsoft.com...

> select form based authentication. When browsing to my public IP Address
> from
> a remote system I get a page cannot be displayed error from Internet
> Explorer.


Does that mean you are using the IP#? You cannot do that,...you have to use
the actual correct FQDN.


--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


Floris Verstegen

unread,
Jun 14, 2010, 1:15:55 PM6/14/10
to
@Phillip Windell

No I am using the FQDN with the configured subdomain. I just wanted to point
out that I do connect to the machine on it's public network interface.

Floris Verstegen

unread,
Jun 21, 2010, 3:07:13 AM6/21/10
to
I can't get Forefront TMG to create an HTTPS listener that uses form based
authentication for publishing Microsoft Exchange Outlook Web App 2010.

Forefront is running on Windows Server 2008 R2 64 Bit Enterprise Edition.
The machine is member of the domain and I use a wildcard certificate from my
own domain certificate service. The certificate is imported into the Personal
store of the Computer and appears as a valid selectable certificate in TMG.
When I publish OWA 2010 with a Web Listener I select the certificate and

select form based authentication. When browsing to my public IP Address from
a remote system I get a page cannot be displayed error from Internet Explorer.

In the logging on Forefront I do see two entries indicating a connection
attempt from the remote system:

Initiated Connection SVTMG01 6/13/2010 12:16:50 PM
Log type: Firewall service
Status: The operation completed successfully.
Source: External (xxx.xxx.xxx.xxx:2304)
Destination: Local Host (xxx.xxx.xxx.xxx:443)
Protocol: HTTPS

Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: xxx.xxx.xxx.xxx

Closed Connection SVTMG01 6/13/2010 12:16:50 PM
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process
with a three-way FIN-initiated handshake.
Source: External (xxx.xxx.xxx.xxx:2304)
Destination: Local Host (xxx.xxx.xxx.xxx:443)
Protocol: HTTPS

Additional information
Number of bytes sent: 584 Number of bytes received: 4367
Processing time: 0ms Original Client IP: xxx.xxx.xxx.xxx

I can get this to work fine when using HTTP, but not with HTTPS and a
certificate. I already did a reinstall of the entire machine, tried a
different port for HTTPS and a non wild-card certificate.


P.S. This is a re-post because I did not correctly configure my no-spam
alias for correct Technet Subscription support.

SBSC

unread,
Jun 29, 2010, 5:38:53 AM6/29/10
to
Hello,

Thanks for posting in our community!

From your description, it appears you enabled FBA on TMG, but didn't
disable it in Exchange server.

Please disable FBA and SSL in Exchange first and make sure Windows
authentication is enabled.

For more information, please refer to the following Microsoft articles:

Configuring access for Outlook Web Access clients
http://technet.microsoft.com/en-us/library/cc441538.aspx

Troubleshooting OWA 2007 Publishing Rules on ISA Server 2006
http://blogs.technet.com/isablog/archive/2008/04/29/troubleshooting-owa-2007
-publishing-rules-on-isa-server-2006.aspx

Redirection to OWA 2007 Directory in ISA 2004/2006
http://blogs.technet.com/isablog/archive/2009/08/24/redirection-to-owa-2007-
directory-in-isa-2004-2006.aspx

Hopefully my reply is helpful. If you have any question on my reply, please
feel free to let me know.

Regards,
Brandon

0 new messages