+ Post New Thread
Results 1 to 3 of 3
Windows Thread, [Windows7/Server 2008R2/Exchange 2010/IIS/Forefront TMG] Internal OWA website blocked in Technical; Working in a test environment prior to deployment. 1 x Windows 7 client, 3 x Windows Server 2008R2 Servers (2 ...
  1. #1

    Join Date
    Mar 2010
    Location
    Surrey, UK
    Posts
    120
    Thank Post
    20
    Thanked 3 Times in 3 Posts
    Rep Power
    9

    [Windows7/Server 2008R2/Exchange 2010/IIS/Forefront TMG] Internal OWA website blocked

    Working in a test environment prior to deployment. 1 x Windows 7 client, 3 x Windows Server 2008R2 Servers (2 virtual), Exchange Server 2010/3, Forefront TMG 2010/SP1, Forefront Security for Exchange Server.

    I am trying to access the Exchange Web OWA website but I am having mixed results.

    Fore the purpose of this test, the everything is in AD domain xyz.school except Forefront (and edge transport) which is in a non AD workgroup.

    All dns is name.xyz.school so:
    office1.xyz.school - Windows 7 client - 192.168.3.101
    griffin.xyz.school - Server 2008R2, AD DC and RRAS LAN routing - 192.168.3.1, 192.168.2.1
    leo.xyz.school - Virtual 2008R2, Exchange Server and OWA on IIS - 192.168.2.21
    eagle.xyz.school - Virtual 2008R2, Workgroup - Forefront TMG, Exchange EdgeServer, Forefront Security for Exchange Server - 192.168.2.11

    On the Windows 7 client:
    https://leo/owa - works but gets certificate error - certificate is for LEO.abc.school. Cannot se any logs in Forefornt TMG
    https://leo.xyz.school/owa - times out. TMG indicates ssl tunnel is blocked by default rule. Everything looks fine in TMG. Domains setup, even excemption of domain from malware and ssl inspection.
    https://192.168.2.21/owa - times out. Again, ssl tunnel is blocked as above
    The SSL denied message is:
    Log type: Web Proxy (forward)
    Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL)
    Source/Destination: Internal
    Request: leo.xyz.school:443
    Protocol: SSL tunnel
    User: Anonymous

    On griffin AS server
    As above

    On eagle Forefront TMG
    No access via any method. Blocked by 'branchcache - advertise' rule!!!

    On leo Exchange server
    Seems to work as expected - seems because I have scripts blocked in IE so cannot use OWA otherwise access is not logged in tmg nor denied


    ----------------------------------------------
    If this wasn't for the fact that this should work, I would probably setup an ssl tunnel allow rule. But I think there is an underlying problem. Especially when accessing from Windows 7 client via netbios name, it works.

    My guess is something to do with certificates, but I scratch my head over these. Prior to moving eagle (edge transport / forefront ) to a workgroup, it was part of the AD domain and it worked fine. Just decided fairly late in the day that, due to a change in ISP, it would be better to move edge transport out of AD domain. leo and eagle build largely from scratch - full reinstall of OS and rollback to earlier snapshot.

    Not sure if adding am exchange web client access rule in tmg will help since I had this in an earlier build and I was still having problems. But it has worked when eagle was part of the AD domain.

    Any suggestions please?

  2. #2

    Join Date
    Mar 2010
    Location
    Surrey, UK
    Posts
    120
    Thank Post
    20
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    This issue is now resolved.

    Its been a while since I put the fix in place, but IIRC that I needed to add the internal web sites for access through TMG using the FQDN - think using netbios name, TMG was bypassed so no issue. Setup a computer group of 'Internal Web Servers' in TMG and gave HTTP/HTTPS access to this group from all protected networks.

  3. Thanks to ianh64 from:

    eejit (5th January 2012)

  4. #3
    eejit's Avatar
    Join Date
    Jun 2005
    Location
    Ireland
    Posts
    606
    Thank Post
    52
    Thanked 12 Times in 12 Posts
    Rep Power
    22
    Thanks for posting this - had the exact same issues accessing OWA internally.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 7
    Last Post: 5th July 2010, 08:30 AM
  2. Replies: 5
    Last Post: 23rd June 2010, 10:40 PM
  3. Forefront TMG Default Gateway
    By teejay in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 26th January 2010, 02:34 PM
  4. anyone using forefront TMG live yet?
    By HMCTech in forum Windows Server 2008
    Replies: 2
    Last Post: 9th October 2009, 07:40 AM
  5. Forefront TMG (Beta) and Server 2008?
    By Zimmer in forum Windows Server 2008
    Replies: 2
    Last Post: 19th January 2009, 02:00 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •