Publish Exchange 2010 With TMG (Forefront Threat Management Gateway)

When you want you use Forefront Threat Management Gateway to publish Exchange 2010 you must do the following things

1. Get a SAN Certificate.

I my case I have the following URL’s registered with the certificate.
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl
casarray.wardvissers.local

2. Import the Certificate in to Exchange 2010.
How to check HERE

3. Create on the Exchange 2010 Server a Client Access Array.
How you must do it I spoke it Configuring Client Access Array. I this case a used casarray.wardvissers.local for the client acces array.

4. Setting the internal & external url’s

Set-ClientAccessServer -Identity ward-ex01 -AutoDiscoverServiceInternalUri https://casarray.wardvissers.local/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -InternalUrl https://casarray.wardvissers.local/ews/exchange.asmx -ExternalUrl https:// webmail.wardvissers.nl/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -InternalUrl http:// casarray.wardvissers.local/oab -ExternalUrl https://webmail.wardvissers.nl/oab

Enable-OutlookAnywhere -Server ward-ex01 -ExternalHostname “webmail.wardvissers.nl” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://casarry.wardvissers.local/Microsoft-Server-Activesync
-ExternalURL https://webmail.wardvissers.nl/Microsoft-Server-Activesync

Set-ECPVirtualDirectory –Identity ward-ex01\ECP (default web site) -InternalURL https://casarry.wardvissers.local/ECP -ExternalURL https://webmail.wardvissers.nl/ECP

5. Configure Exchange 2010 for basic authentication

Set-OwaVirtualDirectory -id ward-ex01\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-EcpVirtualdirectory –Identity ward-ex01\ECP (default web site) -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-OabVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -BasicAuthentication $true

6. Import the SAN certificate in to the TMG server.

1. Click Start –> Run –> Type MMC
2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
3. Click Personal –> certificates
4. Right Click certificates –> all task –> import –> next –> select the *.pfx file –> next –> Password –> next –> next –> Finish

7. Publish OWA

1. Publish Exchange Web Client Access

2. Exchange Publishing rule name: OWA 2010

3. Choose Exchange Server 2010 & Outlook Web Access

4. Next ( I have only Single TMG Server)

5. Next

6.Internal Site Name: Client Access Array name. My Case casarray.wardvissers.local

7. Public Name: webmail.wardvissers.nl

8. At this moment I have no Web Listener so we gone create them

9. Weblister Name: HTTPS

10. Next

11. I choise for All Networks (and local host) because the Server has one NIC.

12. Select the Certificate that you just imported.

13. Choise for LDAP (Active Directory)

14. SSO Domain name: my case wardvissers.nl (External Domain name)

15. Finish