Note: This article was originally published in 2012. Some steps, commands, or software versions may have changed. Check the current Exchange documentation for the latest information.

In this step-by-step guide, you’ll learn publish exchange 2010 - outlook web access (owa) - with tmg. Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft, used for enterprise email, calendar, contacts, and task management.

Prerequisites

Before you begin, make sure you have:

  • Exchange Server installed and configured
  • Administrative access to Exchange Management Console/Shell
  • Active Directory environment

Publishing Outlook Web Access (OWA) using (http://www.microsoft.com “Microsoft”) Threat Management Gateway (TMG)

Publishing Outlook Web Access (OWA) is a usual step in the enterprise. You want to be able to provide access to your corporate emails via a web interface users can access anywhere with an (http://en.wikipedia.org/wiki/Internet_access “Internet access”). Below are some steps and recommendations for making OWA available to your users. First we will start with some basic pre-requisites and best practices, proceed to prepare the Exchange server and finalize with publishing through TMG (previously known as (http://www.microsoft.com/forefront/threat-management-gateway/en/us/ “Microsoft Forefront Threat Management Gateway”)). Noteworthy is the fact that if you are using Microsoft’s Small Business Server OWA tends to come pre-configured so you can skip that step (just make sure in the Exchange console it appears as active and that the configuration meets your needs).   Here are some pre-requisites to keep in mind :

  1. Ideally you want at least 2 External IPs. You can deal with one for (http://en.wikipedia.org/wiki/Basic_access_authentication “Basic access authentication”) (OA, EWS, EAS) but if you get another one then you can do forms based (OWAECP).
  2. A multi-name trusted (http://en.wikipedia.org/wiki/Public_key_certificate “Public key certificate”) with all applicable names. I would recommend using your own CA to issue certificates as getting this right might be tricky. Once you got a handle on this then you can use a third party that is more accepted globally.
  3. TGM can authenticate with AD already (either domain joined or authentication configured)

  Preparing the exchange server

  1. Configure(http://www.microsoft.com/exchange “Microsoft Exchange Server”) for basic authentication (Not needed for SBS)
    1. Run the following on the (http://en.wikipedia.org/wiki/Central_Authentication_Service “Central Authentication Service”)server that will be published
      • Set-OwaVirtualDirectory -id * -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
      • set-WebServicesVirtualDirectory -id * -WindowsAuthentication $true -BasicAuthentication $true
      • set-EcpVirtualdirectory -id * -BasicAuthentication $true -WindowsAuthentication $true -FormsAuthentication $false
      • set-OabVirtualDirectory -id * -WindowsAuthentication $true -BasicAuthentication $true
      • set-ActiveSyncVirtualDirectory -id * -BasicAuthentication $true
  2. Copy the 3rd party certificate to the TMG server. (Not needed for SBS)
    1. Click Start –> Run –> Type MMC
    2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
    3. Click Personal –> certificates
    4. Right Click on 3rd party certificate and click all tasks –> export
    5. Click Next –> Yes, Export (http://en.wikipedia.org/wiki/Public-key_cryptography “Public-key cryptography”) –> (http://en.wikipedia.org/wiki/Base64 “Base64”) –> next –> Browse for file location.
    6. Next-> finish
    7. Copy certificate file to the TMG server
    8. Click Start –> Run –> Type MMC
    9. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-> Next –> finish-> ok
    10. Click Personal –> Right Click certificates –> all task –> import –> next –> select file –> next –> next finish
  3. Configure OWA Rule on TMG
    1. Open Forefront TMG
    2. Click on Firewall Policy
    3. In the Action Pane under Task launch the wizard “Publish Exchange (http://en.wikipedia.org/wiki/World_Wide_Web “World Wide Web”) Client Access”
    4. Give the rule a Name based on your enterprise standards.
    5. Select Exchange 2010 from the DropDown and enable (http://www.microsoft.com/exchange/2010/en/us/outlook-web-app.aspx “Outlook Web App”)
    6. Make the appropriate selections on the next screen, defaults are acceptable.
    7. The Internal Site Name should be your CAS server (http://en.wikipedia.org/wiki/Fully_qualified_domain_name “Fully qualified domain name”) (needs to be on the certificate of the site hosting exchange)
    8. The external name is what you use to access OWA (Needs to be on the certificate as well and on the listener used by TMG)
    9. Select your listener. Remember you can use one with forms or one that delegates authentication depending on your needs.
    10. You´re done!

(http://img.zemanta.com/zemified_h.png?x-id=19932a2e-80ed-452e-a535-0c32c1d1727b)](http://www.zemanta.com/?px “Enhanced by Zemanta”)

Summary

You’ve successfully learned publish exchange 2010 - outlook web access (owa) - with tmg. If you run into any issues, double-check the prerequisites and ensure your Exchange environment is properly configured.