Publish Exchange 2010 With TMG (Forefront Threat Management Gateway)

When you want you use Forefront Threat Management Gateway to publish Exchange 2010 you must do the following things

1. Get a SAN Certificate.

I my case I have the following URL’s registered with the certificate.
webmail.wardvissers.nl
autodiscover.wardvissers.nl
legacy.wardvissers.nl
casarray.wardvissers.local

image

2. Import the Certificate in to Exchange 2010. 
How to check HERE

3. Create on the Exchange 2010 Server a Client Access Array.
How you must do it I spoke it Configuring Client Access Array. I this case a used casarray.wardvissers.local for the client acces array.

4. Setting the internal & external url’s

Set-ClientAccessServer -Identity ward-ex01 -AutoDiscoverServiceInternalUri https://casarray.wardvissers.local/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -InternalUrl https://casarray.wardvissers.local/ews/exchange.asmx -ExternalUrl https:// webmail.wardvissers.nl/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -InternalUrl http:// casarray.wardvissers.local/oab -ExternalUrl https://webmail.wardvissers.nl/oab

Enable-OutlookAnywhere -Server ward-ex01 -ExternalHostname “webmail.wardvissers.nl” -ClientAuthenticationMethod “Basic”-SSLOffloading:$False

Set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://casarry.wardvissers.local/Microsoft-Server-Activesync
-ExternalURL https://webmail.wardvissers.nl/Microsoft-Server-Activesync

Set-ECPVirtualDirectory –Identity ward-ex01\ECP (default web site) -InternalURL https://casarry.wardvissers.local/ECP -ExternalURL https://webmail.wardvissers.nl/ECP

5. Configure Exchange 2010 for basic authentication

Set-OwaVirtualDirectory -id ward-ex01\* -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-WebServicesVirtualDirectory -Identity “ward-ex01\EWS (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-EcpVirtualdirectory –Identity ward-ex01\ECP (default web site) -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false

set-OabVirtualDirectory -Identity “ward-ex01\oab (Default Web Site)” -WindowsAuthentication $true -BasicAuthentication $true

set-ActiveSyncVirtualDirectory -Identity “ward-ex01\Microsoft-Server-ActiveSync (Default Web Site)” -BasicAuthentication $true

6. Import the SAN certificate in to the TMG server.

1. Click Start –> Run –> Type MMC
2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
3. Click Personal –> certificates
4. Right Click certificates –> all task –> import –> next –> select the *.pfx file –> next –> Password –> next –> next –> Finish

7. Publish OWA

1. Publish Exchange Web Client Access

2. Exchange Publishing rule name: OWA 2010
image

3. Choose Exchange Server 2010 & Outlook Web Access

image

4. Next ( I have only Single TMG Server)
image

5. Next
image

6.Internal Site Name: Client Access Array name. My Case casarray.wardvissers.local
image

7. Public Name: webmail.wardvissers.nl
image

8. At this moment I have no Web Listener so we gone create them

image

9. Weblister Name: HTTPS
image

10. Next
image

11. I choise for All Networks (and local host) because the Server has one NIC.
image

12. Select the Certificate that you just imported.
image image
image
13. Choise for LDAP (Active Directory)
image
14. SSO Domain name: my case wardvissers.nl (External Domain name)
image
15. Finish
image

16. Next
image

17. Next
image

18. Next
image

19. Finish
image

8. Publish Active Sync

1. Publish Exchange Web Client Access

2. Exchange Publishing rule name: Active Sync 2010
image

3. Exchange Server 2010 & Exchange ActiveSync
image

4. Next
image

5. Next
image

6. Internal Site name: CasArray name
image

7. Public Name: I my case webmail.wardvissers.nl
image

8.Choise the HTTPS web listerner
image

9. Next
image

10. Next
image

11. Finish
image

Next Time I will publish how to deploy a Legacy Exchange Server 2003 & 2007 with TMG