Then select the web listener that has been created earlier.īasic authentication is used as the authentication method. The public name should be the external site name (). Just like the publishing rule above this is a single server publishing rule and it requires SSL.Īnd point out the internal site name like before, it should be the external site name () and browse for the CAS server. Select the appropriate Exchange version and the function you want to publish, in this case it's the Outlook Anywhere (earlier called RPC over HTTP(s) Next to do is to publish Outlook Anywhere, it will be done thru the same wizard. Now this is completed and should look like below. This rule is created so the end-user can reach the OWA without typing in /owa in the addressbar. Open up the rule after it is created, go to the Action tab and select the option 'Redirect HTTP requests to this web page' and type in ''. Remove the All Authenticated Users and replace it with All Users. Select the web listener and the authentication method should be set to 'No delegation, and client cannot authenticate directly'. In the path selection just type / as will indicate the whole site.įor the public name, type in the external site name (in my case ) to work. Point out the internal site name to be the external site name () and browse for the CAS server. Next thing it to select the newly created web listener, for authentication delegation settings select Basic Authentication and finally All Authenticated Users.Ī nice one to complete the publishing of the OWA is to create a 'Publish Web Sites' rule and set it to deny, publish it as a single server and require SSL. In the public name, give it your external site name (). In the setting regarding internal site name, give it the external site name () and select the option below and browse for the CAS server. Select the option 'publishes single server' and require SSL. Next step is to create the publishing rule it will be done under the Tasks tab called 'Publish Exchange Web Client Access'.Ī wizard will start, setup a friendly name like OWA (Basic) and select the appropriate Exchange version, in my case it's Exchange 2010. When the creating is completed it should look like below.
(Or else you will need to logon two times for using the OWA.) domain.local if you want to use the function.
MICROSOFT FOREFRONT TMG 2010 WIKI WINDOWS
The authentication setting that will be used is called HTML Form Authentication, make sure that Windows (Active Directory) is selected. Next screen select 'Assign a certificate for each IP address and point out the imported certificate. In my case I listen on External and Internal, also select a specific IP address on the External and Internal interface. Give it a friendly name, I called it "SSL Listener", set it up to require SSL, select the sources where it should listen to traffic from. Next step is to create the Web listener, it will be done in TMG Console under Firewall Policy, choose Toolbox and right click Web Listeners to create a new web listener. When it's done it should look like below. Go to Personal and right click, choose import and point at the file. The certificate import is easy, start a mmc console and add certificates for the local computer. Best practice is to buy the certificate from a 3 rd part that is trusted root in most devices (,, , etc). Just to get the name resolution working fine with the rule and certificate.įirst thing to do is to import the certificate that is generated from the CAS server in my case it's a CA server on the DC that generated this certificate. On the TMG server in the hosts file I have edited it with notepad and pointed out the CAS server My TMG server is installed with Windows 2008 R2 圆4 with 2 Nics (E1000), running with an internal Nic setupĭefault Gateway: Pointing to my external gateway This will be a complete walkthrough to setup up certificate based on a CA server on a DC.Įverything is running as virtual machines in VMware Workstation.
0 kommentar(er)
