No announcement yet.

Publishing Ms Exchange 2003 FE via TMG 2010

  • Filter
  • Time
  • Show
Clear All
new posts

  • Publishing Ms Exchange 2003 FE via TMG 2010

    Looking to sort this issue up:

    I appreciate a great job well done by Cruachan; my issue a little dissimilar - Allow me to kindly illustrate it.

    Ms Exchange FE and Ms Exchange BE both on Win2K3 SPII and Ms Exchange 2K3 spII

    TMG 2010 SP1 roll-up update1 on Win2K8 RII sp1.
    TMG installed as a back end firewall, while the front one is cisco 800 doubling both as a router and firewall.

    TMG 2010 has two legs (internal same lan ip as exchange FE and BE i.e. 192.x.x.x; external leg is 172.x.x.x -- this external leg is NATed to the external firewall and to the internet IP 41.x.x.x

    I have published exchange FE with an anticipation of sending and receiving email (inbound and outbound) -- this works OK -- except that inbound emails with attachments NEVER GET delivered.
    --> although outbound email with attachments get's delivered.
    --> firewall rules:
    a) allow, smtp server, from external and local host to exchange FE, users -- all users
    b) allow smtp, from exchange fe and local host to external, users, all users

    Issue two:
    OWA never works - though I get the log in screen (while in the lan) and outside the internet -- i log in then get the page "site not available".

    I have no clue really what i need to do with TMG 2010 and why i cannot deliver emails with attachments.

    similarly - why owa never works - though when i click on test rules -- all tests are successful and have are "green"
    path: /public/* /exchweb/* /exchange/*

  • #2
    Re: Publishing Ms Exchange 2003 FE via TMG 2010

    For issue 1 I would first check if any mailguard feature is enabled and/or configured at the Cisco FW. Cisco firewalls are know to cause trouble in regards of mail traffic.
    For the second issue I would make sure that OWA is working internally first, so test OWA:
    • at backend server
    • at frontend server
    • finally through TMG from extern.


    • #3
      Re: Publishing Ms Exchange 2003 FE via TMG 2010

      in a bid to troubleshoot -- i did dissable all mail protection and related features (a TMG capability)...i went further and dissabled all SMTP filtering (another TMG feature) and still no incoming mail with attachments.

      I want to relook this issue with Cisco 800 -- never thought there'll be an issue before...allow me to look and revert.

      On the OWA issue:
      OWA internal does work i.e. the local OWA - native with exchange 2003 as opposed to using ms outlook to get mail -- this way am able to get email etc...
      the publishing is what is frustrating me: i.e. external published OWA for use of rich OWA experience outside lan/wan (not permitted to put URL..on this forum) ....this is what's not working and this means that internally and externally -- i do get a log in screen put the password e.g. [email protected] or domain\user and put the password ... it flips gets me a screen that says "page not available"!

      i really want to just re-install this whole solution -- after checking with Cisco 800 configuration.
      Oh by the way:
      same FE published on ISA 2006 sp1 on Windows 2003 RII works and OWA --- external works on the same Cisco 800.

      This is what i have done -- all in planning a seamless migration:
      Old setup:
      same exchange FE published on ISA 06 win2K3 RII sp1 -- different public IP -- same Cisco router/firewall on etherner port0 -- all works (OWA and smtp inbound and outbound with attachment loaded emails)

      Same Exchange FE published through TMG 2010 on same Cisco router/firewall 800 but on a different port -- ethernet port1 -- different public IP and different MX records from above -- results (smtp inbound and outbound works -- EXCEPT that inbound emails with attachments NEVER get delivered; and ofcourse OWA fails as i earlier mentioned)...
      From your sentiments -- perhaps the configurations of new setup towards TMG are filtering incoming smtp traffic? oh how i wish this is my problem... shall check with ISP (As they do manage this bit and revert)...

      Much Thanks!!


      • #4
        Re: Publishing Ms Exchange 2003 FE via TMG 2010

        Don't know which of my posts you are referring to, might be a help if you include that.

        Personally, I would get rid of the Cisco altogether. TMG is wasted as a back firewall, as was ISA: it really should have an external IP and be an edge device with no NAT to the internet from the external interface. The only scenario I would consider another firewall with ISA/TMG is when using it for reverse proxy, and I don't recommend that scenario anyway although it is a common way for ISA/TMG to be introduced to networks.

        One MAJOR change from ISA 2006 to TMG is that each distinct Exchange protocol must be published seperately, using the TMG wizards. In ISA 2006 it was common to add the paths for Outlook Anywhere and ActiveSync to the OWA publishing rule, this doesn't work in TMG.

        Re: OWA. Do you get the Exchange FBA page, or do you get an FBA page telling you that the site is secured by TMG?
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        Cruachan's Blog