Many of us are now publishing OWA using the Microsoft Forefront Threat Management Gateway, to ensure maximum protection. In these couple of articles I tried to cover how you can do the following,
Publish Exchange 2010 OWA on TMG 2010
Before you start creating the publishing rule in TMG, there are some authentication changes needs to be completed on the Exchange Server 2010 which will be used as the internal CAS server in TMG configuration.
Set-OwaVirtualDirectory -id <CASServer>\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
set-EcpVirtualdirectory -id <CASServer>\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
Note - It is always recomended to take the existing cofiguration using "Get-" command before changing the authentication settings, so that you can always set it back to the previous authentication settings in case if you encounter an issue during the publishing rule creations.For e.g. for OWA Virtual directory, run "Get-OwaVirtualDirectory |fl name,*auth*" to get the current authentication settings. Likewise other as well.Also if you have more than one virtual directories in each, ensure that you give the correct identity details instead of "*" symbol that I used in my LAB.
You also need to import the certificate to TMG server certificate store. You need to generate the certificate from an Exchange server, I will not be covering the details here.
You may ignore SSO settings, because you can configure Basic Authentication on Exchange OWA and the double authentication can be bypassed. Continue wizard click on Finish. The Listener is created, now select it.
Now you have finished the publishing of OWA on TMG. The publishing rules can be now tested as shown below,
All Looks fine
It is time to create the OWA redirection rules in TMG, Part 2 of this article will cover the OWA redirection rule creation.