How To Publish OWA - ActiveSync - Outlook Anywhere (Exchange 2010) With Microsoft Forefront TMG - Exchange - WWW - Windows-Noob PDF

3/23/2015
HowtopublishOWA/ActiveSync/OutlookAnywhere(Exchange2010)withMicrosoftForefrontTMGExchangewww.windowsnoob.com
www.windowsnoob.com servernoob Exchange
HowtopublishOWA/ActiveSync/OutlookAnywhere(Exchange2010)with
MicrosoftForefrontTMG
StartedbyAndersson,Jan16201107:24AM
Posted16January201107:24AM
Andersson
Published:20100301(ontestlabs.se/blog)
Updated:20100727
Version:1.1
Installation
ThiswillbeacompletewalkthroughtosetupupcertificatebasedonaCAserveronaDC.
Myenvironmentlookslikethis
1xWindows2003(DC/DNS/CA)
1xForefrontTMG
1xExchange2010CAS/HUB/MBX
EverythingisrunningasvirtualmachinesinVMwareWorkstation.
MyTMGserverisinstalledwithWindows2008R2x64with2Nics(E1000),runningwithaninternalNicsetup
IP:172.16.2.18
Subnet:255.255.255.0
DNS:172.16.2.11(pointingtotheDC)
http://www.windowsnoob.com/forums/index.php?/topic/3124howtopublishowaactivesyncoutlookanywhereexchange2010withmicrosoftforefronttmg/
1/8
3/23/2015
(http://www.windowsnoob.com/forums/uploads/monthly_01_2011/post82160540404001295162860.png)
TheexternalNicissetupwith
IP:192.168.0.1
Subnet:255.255.255.0
DNS:ExternalIP
DefaultGateway:Pointingtomyexternalgateway
OntheTMGserverinthehostsfileIhaveediteditwithnotepadandpointedouttheCASserver
172.16.2.12owa.target.se
Justtogetthenameresolutionworkingfinewiththeruleandcertificate.
FirstthingtodoistoimportthecertificatethatisgeneratedfromtheCASserverinmycaseit'saCAserverontheDC
thatgeneratedthiscertificate.Bestpracticeistobuythecertificatefroma3rdpartthatistrustedrootinmostdevices
(godaddy.com,digicert.com,comodo.com,verisign.cometc).
Thecertificateimportiseasy,startammcconsoleandaddcertificatesforthelocalcomputer.
GotoPersonalandrightclick,chooseimportandpointatthefile.Whenit'sdoneitshouldlooklikebelow.
2/8
3/23/2015
NextstepistocreatetheWeblistener,itwillbedoneinTMGConsoleunderFirewallPolicy,chooseToolboxand
rightclickWebListenerstocreateanewweblistener.
Giveitafriendlyname,Icalledit"SSLListener",setituptorequireSSL,selectthesourceswhereitshouldlistento
trafficfrom.InmycaseIlistenonExternalandInternal,alsoselectaspecificIPaddressontheExternalandInternal
interface.Nextscreenselect'AssignacertificateforeachIPaddressandpointouttheimportedcertificate.
TheauthenticationsettingthatwillbeusediscalledHTMLFormAuthentication,makesurethatWindows(Active
Directory)isselected.
IntheSSO(SingleSignOn)typeinthe.domain.localifyouwanttousethefunction.
(OrelseyouwillneedtologontwotimesforusingtheOWA.)
Whenthecreatingiscompleteditshouldlooklikebelow.
Don'tforgettoapplythechanges.
3/8
3/23/2015
OWA
NextstepistocreatethepublishingruleitwillbedoneundertheTaskstabcalled'PublishExchangeWebClient
Access'.
Awizardwillstart,setupafriendlynamelikeOWA(Basic)andselecttheappropriateExchangeversion,inmycaseit's
Exchange2010.
Selecttheoption'publishessingleserver'andrequireSSL.
Inthesettingregardinginternalsitename,giveittheexternalsitename(owa.target.se)andselecttheoptionbelow
andbrowsefortheCASserver.
Inthepublicname,giveityourexternalsitename(owa.target.se).
Nextthingittoselectthenewlycreatedweblistener,forauthenticationdelegationsettingsselectBasic
AuthenticationandfinallyAllAuthenticatedUsers.
OWARedirect
AniceonetocompletethepublishingoftheOWAistocreatea'PublishWebSites'ruleandsetittodeny,publishitas
asingleserverandrequireSSL.
Pointouttheinternalsitenametobetheexternalsitename(owa.target.se)andbrowsefortheCASserver.Inthe
pathselectionjusttype/aswillindicatethewholesite.
Forthepublicname,typeintheexternalsitename(inmycaseowa.target.se)towork.
Selecttheweblistenerandtheauthenticationmethodshouldbesetto'Nodelegation,andclientcannotauthenticate
directly'.RemovetheAllAuthenticatedUsersandreplaceitwithAllUsers.
Openuptheruleafteritiscreated,gototheActiontabandselecttheoption'RedirectHTTPrequeststothisweb
page'andtypein'https://owa.target.se/owa'.(https://owa.target.se/owa%27.)
ThisruleiscreatedsotheendusercanreachtheOWAwithouttypingin/owaintheaddressbar.
Nowthisiscompletedandshouldlooklikebelow.
4/8
3/23/2015
OutlookAnywhere
NexttodoistopublishOutlookAnywhere,itwillbedonethruthesamewizard.
SelecttheappropriateExchangeversionandthefunctionyouwanttopublish,inthiscaseit'stheOutlookAnywhere
(earliercalledRPCoverHTTP(s)
PublishingusingBasicAuthentication
JustlikethepublishingruleabovethisisasingleserverpublishingruleanditrequiresSSL.
Andpointouttheinternalsitenamelikebefore,itshouldbetheexternalsitename(owa.target.se)andbrowseforthe
CASserver.
Thepublicnameshouldbetheexternalsitename(owa.target.se).
Thenselecttheweblistenerthathasbeencreatedearlier.
Basicauthenticationisusedastheauthenticationmethod.
VerifythatthecorrectauthenticationmethodisselectedinExchangeManagementConsole(EMC),ifusingBasicit
shouldlooklikethis.
5/8
3/23/2015
Also,verifytherulesinTMGbyselectingtheruleandpress"TestRule"
Itshouldthenlooklikebelow,ifyouhaveanyissuesitwillgiveyoutheinfoincleartextlikeauthenticationmethodsis
notcorrectlyconfigured,likeamismatch.
TimeforverificationsothepublishingruleworksforBasicAuthbyusingOutlookAnywherefunctionandtypingin
address:owa.target.sethatpointstoTMG.
Itseemstoworkfine
6/8
3/23/2015
ActiveSync
Thisisalmostthesameasabove,besidesActiveSyncwilluseBasicastheAuthenticationmethod.
SothenexttodoistopublishtheActiveSyncfunction,itwillbedonethruthesamewizard.
SelecttheappropriateExchangeversionandthefunctionyouwanttopublish,inthiscaseit'stheActiveSyncfunction.
JustlikethepublishingruleabovethisisasingleserverpublishingruleanditrequiresSSL.
Andpointouttheinternalsitenamelikebefore,itshouldbetheexternalsitename(webmail.testlabs.se)andbrowse
fortheCASserver.
Thepublicnameshouldbetheexternalsitename(webmail.testlabs.se).
Thenselecttheweblistenerthathasbeencreatedearlier.
Basicisusedastheauthenticationmethod.
Sometimesintestingpurposesyouneedtoturnofspoofdetection,orelseitwillnotwork.
Ihavehadthatproblem,ifyouneedtoturnitoff,checkthislink
7/8
3/23/2015
http://support.microsoft.com/kb/838114(http://support.microsoft.com/kb/838114)
Copyandpastefromthelinkabove
ClickStart,clickRun,typeregedit,andthenclickOK.
Locateandthenclickthefollowingregistrysubkey:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/FwEng/Parameters
IftheParameterssubkeyisnotdisplayed,followthesestepstocreatethissubkey:
ClicktheFwEngsubkey.
OntheEditmenu,pointtoNew,andthenclickKey.
Tonamethekey,typeParameters,andthenpressENTER.
RightclickParameters,pointtoNew,andthenclickDWORDValue.
Tonamethevalue,typeDisableSpoofDetection,andthenpressENTER.
RightclickDisableSpoofDetection,andthenclickModify.
IntheValuedatabox,type1,andthenclickOK.
BacktoExchange
www.windowsnoob.com servernoob Exchange
8/8

How To Publish OWA - ActiveSync - Outlook Anywhere (Exchange 2010) With Microsoft Forefront TMG - Exchange - WWW - Windows-Noob PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

How To Publish OWA - ActiveSync - Outlook Anywhere (Exchange 2010) With Microsoft Forefront TMG - Exchange - WWW - Windows-Noob PDF

Transféré par

Droits d'auteur :

Formats disponibles

3/23/2015

www.windowsnoob.com servernoob Exchange

www.windowsnoob.com servernoob Exchange

Vous aimerez peut-être aussi