When you want you use Forefront Threat Management Gateway to publish Exchange 2010 you must do the following things
1. Get a SAN Certificate.
I my case I have the following URL’s registered with the certificate.
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl
casarray.wardvissers.local
2. Import the Certificate in to Exchange 2010.
How to check HERE
3. Create on the Exchange 2010 Server a Client Access Array.
How you must do it I spoke it Configuring Client Access Array. I this case a used casarray.wardvissers.local for the client acces array.
4. Setting the internal & external url’s
Set-ClientAccessServer -Identity ward-ex01 -AutoDiscoverServiceInternalUri https://casarray.wardvissers.local/Autodiscover/Autodiscover.xml
Set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -InternalUrl https://casarray.wardvissers.local/ews/exchange.asmx -ExternalUrl https:// webmail.wardvissers.nl/ews/exchange.asmx
Set-OABVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -InternalUrl http:// casarray.wardvissers.local/oab -ExternalUrl https://webmail.wardvissers.nl/oab
Enable-OutlookAnywhere -Server ward-ex01 -ExternalHostname “webmail.wardvissers.nl” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False
Set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://casarry.wardvissers.local/Microsoft-Server-Activesync
-ExternalURL https://webmail.wardvissers.nl/Microsoft-Server-Activesync
Set-ECPVirtualDirectory –Identity ward-ex01\ECP (default web site) -InternalURL https://casarry.wardvissers.local/ECP -ExternalURL https://webmail.wardvissers.nl/ECP
5. Configure Exchange 2010 for basic authentication
Set-OwaVirtualDirectory -id ward-ex01\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true
set-EcpVirtualdirectory –Identity ward-ex01\ECP (default web site) -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
set-OabVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true
set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -BasicAuthentication $true
6. Import the SAN certificate in to the TMG server.
1. Click Start –> Run –> Type MMC
2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
3. Click Personal –> certificates
4. Right Click certificates –> all task –> import –> next –> select the *.pfx file –> next –> Password –> next –> next –> Finish
7. Publish OWA
1. Publish Exchange Web Client Access
2. Exchange Publishing rule name: OWA 2010 
3. Choose Exchange Server 2010 & Outlook Web Access
4. Next ( I have only Single TMG Server) 
5. Next 
6.Internal Site Name: Client Access Array name. My Case casarray.wardvissers.local 
7. Public Name: webmail.wardvissers.nl 
8. At this moment I have no Web Listener so we gone create them
9. Weblister Name: HTTPS 
10. Next 
11. I choise for All Networks (and local host) because the Server has one NIC. 
12. Select the Certificate that you just imported. 
13. Choise for LDAP (Active Directory) 
14. SSO Domain name: my case wardvissers.nl (External Domain name) 
15. Finish 
16. Next 
17. Next 
18. Next 
19. Finish 
8. Publish Active Sync
1. Publish Exchange Web Client Access
2. Exchange Publishing rule name: Active Sync 2010 
3. Exchange Server 2010 & Exchange ActiveSync 
4. Next 
5. Next 
6. Internal Site name: CasArray name 
7. Public Name: I my case webmail.wardvissers.nl 
8.Choise the HTTPS web listerner 
9. Next 
10. Next 
11. Finish 
Next Time I will publish how to deploy a Legacy Exchange Server 2003 & 2007 with TMG