Announcement

Collapse
No announcement yet.

Exchange 2010 Activesync using TMG not working well

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2010 Activesync using TMG not working well

    hi

    i have a new deployment that have some problems.

    the servers are :

    Exchange 2010 on server 2008 R2
    the domain controllers are server 2003 STD
    the TMG is on server 2008 64bit

    the tmg is located in the DMZ an has 1 NIC.
    I've setup according to bunch of articles i found, and it's working fine only if I'm not forcing the use of SSL certificate.

    when i turn on the "require client certificate" the TMG log shows Allowed connection using my active sync rule, but the HTTP status code is "403 forbidden"

    i appreciate any help

    almost forgot, the certificate is issued from the CA on the domain controller.
    I've tested the connection internally using "exchange ActiveSync MD" tool, and it's working.

    thanks
    Yaniv
    Last edited by Yaniv Hoobian; 28th June 2010, 13:29.

  • #2
    Re: Exchange 2010 Activesync using TMG not working well

    tmg works better with two nics.. otherwise you're not necessarily getting the benefit of the firewall
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Exchange 2010 Activesync using TMG not working well

      i have two other firewalls outside the DMZ.

      the only purposes of the TMG is to publish the exchange

      Comment


      • #4
        Re: Exchange 2010 Activesync using TMG not working well

        a google search for tmg publish exchange one nic found this as one of the first responses


        http://social.technet.microsoft.com/...0-5c8b96e9efe7
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Exchange 2010 Activesync using TMG not working well

          thanks, but i read it before.
          it's something related to the way the TMG act when a certificate is used.

          Comment


          • #6
            Re: Exchange 2010 Activesync using TMG not working well

            I'm re-reading your post.

            "require client certificate"

            To me, it sound likes that option is requiring that the CLIENT Present a certificate to authenticate itself.

            The SSL Certificate for the Exchange websites should be bound to the HTTPS listener on the ISA server.
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: Exchange 2010 Activesync using TMG not working well

              done that already.

              i searched some more and i think the problem is bigger.
              i don't see the exchage virtual directorys in ADSIEDIT.

              i wanted to recreate the microsoft-server-activesync virtual directory, but it woulsn't let me reomove it, becuase the dc don't recognize it as existed.
              but when i wanted to create it, it says ut is already created.
              so i opened the ADSIEDIT based on what i've found here http://www.experts-exchange.com/Soft..._26185316.html

              if you can't read it here it is :

              "Navigate to the following: CN=Configuration, DC=dommainname, DC=com -> CN=Services -> CN=domainname -> CN=Administrative Groups -> CN=Exchange Administrative Group (FYDIBOHF23SPDLT) -> CN=Servers -> CN=Netbios name of the exchange server -> CN=Protocols -> CN=HTTP
              and under HTTP found only OWA"



              any ides?

              Comment


              • #8
                Re: Exchange 2010 Activesync using TMG not working well

                An update

                i changed the external ip address to port forward to the exchange server directly.
                and i came to the same result.

                so the problem is with the exchange or active directory and not the TMG


                Yaniv

                Comment


                • #9
                  Re: Exchange 2010 Activesync using TMG not working well

                  ok, has it EVER worked as it is supposed to?

                  If so, what was changed recently. If it worked, and now doesn't, something changed. Vdirs don't just delete themselves.

                  Have you tried reinstalling the CAS role ?
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment


                  • #10
                    Re: Exchange 2010 Activesync using TMG not working well

                    its a new sever. installed 3 months ago

                    now when the time come to use activesync i face this problems.

                    today i mange to recreat the microsoft-server-activesync virtual directory.
                    and now ADSIEDIT shows some records for the virtual directorys.
                    but it's not like I'm familiarize with ( on exchange 2003 )

                    now under HTTP, i have only one folder for the OWA.
                    ( CN=OWA (default web site))


                    and rows for each virtual directory, that looks like a text file.


                    Yaniv

                    Comment


                    • #11
                      Re: Exchange 2010 Activesync using TMG not working well

                      anyone?


                      yaniv

                      Comment

                      Working...
                      X