Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Forefront TMG 2010 OWA publishing

Beantwortet Forefront TMG 2010 OWA publishing

  • Tuesday, October 02, 2012 12:47 PM
     
     
    Sign In to Vote
    0
    We have a Forefront TMG 2010 for publishing Exchange 2007 OWA. It was working fine but when we change the IP Address of our HUB/CAS Server, it is not able to communicate with the server on port 443. It can ping & telnet on port 80 but not on port 443. Any suggestion would be appreciated.

    Fazal Ur Rehman Shah | Senior Consultant

     

All Replies

  • Tuesday, October 02, 2012 1:06 PM
     
     
    Sign In to Vote
    0
    Certificate working?
     
  • Tuesday, October 02, 2012 6:15 PM
     
     
    Sign In to Vote
    0
    As you are able to connect on port 80. Looks like its a certificate issue.
     
  • Tuesday, October 02, 2012 8:20 PM
     
     
    Sign In to Vote
    0
    There should not be any issue with the certificate as it was working fine till we changed IP address. I would be glad if any one can point out what should I check for in the certificate. Even now we are able to redirect OWA traffic to one of the 2 Hub/CAS which is NLBed.

    Fazal Ur Rehman Shah | Senior Consultant

     
  • Thursday, October 04, 2012 2:18 AM
     
     Proposed
    Sign In to Vote
    0

    Hi,

    Please check your rule, you may created the OWA publilshing rule which using Server Farm, please change the IP addresses of CAS in the publishing rule.

    As you said: "It can ping & telnet on port 80 but not on port 443", You could first create a rule of allowing TMG localhost to CAS server, then try to telnet CAS server on 443. If it does not work at all, it's purely network issue rather than certificate issue, you should check from the intermediate devices between TMG and CAS server.

    Regards,


    James
    • Proposed As Answer by JamesYi Thursday, October 04, 2012 2:18 AM
    •  
     
  • Saturday, October 06, 2012 5:19 AM
     
     
    Sign In to Vote
    0
    Done that. The access rule on the firewall is configured to allow port 443. 

    Fazal Ur Rehman Shah | Senior Consultant

     
  • Monday, October 08, 2012 2:11 AM
     
     
    Sign In to Vote
    0

    Hi,

    From TMG, you could try to telnet CAS server on 443. If it does not work at all, it's purely network issue rather than certificate issue, you should check from the intermediate devices between TMG and CAS server.

    Regards,

    James

     
  • Monday, October 08, 2012 5:36 AM
     
     
    Sign In to Vote
    0

    I can telnet both the CAS servers on 443 but not the NLB. Had asked the network team to check the firewall. They are telling me that they cannot see any request from Forefront TMG for NLB on 443. But when I ping the NLB, they can see the hits on the firewall.

    Also when I see the packet captured by Microsoft Network Capture, it shows that traffic from Forefront TMG to CAS server is going through Internal NIC whereas when I ping CAS Server, the traffic is sent through External/Internet NIC. How can I make sure that my traffic to CAS Server or NLB is through External/Internet NIC.

    Fazal Ur Rehman Shah | Senior Consultant


     
  • Tuesday, October 09, 2012 2:25 AM
     
     Answered
    Sign In to Vote
    0
    You can collect the Netmon trace on internal NIC, if you see what you want, the traffic is going through internal NIC.

    Yes, I belelieve the issue is not on TMG,  it should be on intermediate devices between TMG and CAS server, it does not allow NLB port 443.

    James