none
Forefront TMG not Forwarding OWA Traffic to Exchange 2010 Server

    Question

  • Ok So here is my current set up, pretty simple setup.

    1- I installed Forefront TMG in a Front Firewall type setup with Two Interfaces (One external interface: 10.8.*.* and One internal: interface 10.7.*.*)
    2-I have a static Public IP address 63.144.*.* registered as the IP for a DNS record mail.mycompany.com
    3- Traffic on coming on 63.144.*.* over 443 is NAT'ed to my TMG's External Interface at 10.8.*.*
    4- Installed SAN Certificate (*.mycompany.com) to the Exchange Server as well as to the TMG Server.
    5- Added to TMG the following two rules:

    5.1 - Allow HTTPS between Internal Network of the TMG Server and the Internal Network and Vice Versa. Tested Access to my Exchange Server from TMG server Successfully.
    5.2 - Created a Web Publishing Rule for OWA and Listener following one of the many articles online.
    5.3 - Right clicked on the Rule and chose Properties, then tested it successfully.

    Now, when trying to access and test OWA from outside, i watch the logs and i see a connection initiated from the public IP address i'm testing from destined for 10.8.*.*, however i don't see TMG forwarding traffic at all from the TMG's internal interface 10.7.*.* to the exchange server internally, and the connection after few tries closes with the following status : " A connection was abortively closed after one of the peers sent an RST packet" (0x80074e21 FWX_E_ABORTIVE_SHUTDOWN)

    I really don't see what i'm missing here, this is very simple rule that should just work.

    Any suggestions are much appreciated as i've been banging my head against this for couple days now.

    Monday, April 23, 2012 1:55 PM

Answers

  • Well it turned out my rule was setup correctly. However the routing done on the networking level was incorrect and wasn't allowing the TMG server answer outside requests so the TCP session doesn't even get a chance to build. after making the necessary changes on the network level, i started seeing stuff working.
    Tuesday, April 24, 2012 3:33 AM

All replies

  • Hi,

    please compare your setup with this article:

    http://www.isaserver.org/tutorials/publishing-outlook-web-access-microsoft-forefront-tmg.html
    Do you get the FBA page from your TMG Server? FBA is deactivated on the internal Exchange CAS Server?

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Monday, April 23, 2012 5:24 PM
  • Well it turned out my rule was setup correctly. However the routing done on the networking level was incorrect and wasn't allowing the TMG server answer outside requests so the TCP session doesn't even get a chance to build. after making the necessary changes on the network level, i started seeing stuff working.
    Tuesday, April 24, 2012 3:33 AM
  • What did you have to change on your routing?  I'm running into what I think is the same issue trying to publish OWA 2010 w/ TMG 2010.

    Views expressed do not represent those of my employer.

    Friday, April 27, 2012 10:57 PM
  • What did you have to change on your routing?  I'm running into what I think is the same issue trying to publish OWA 2010 w/ TMG 2010.
    Monday, October 15, 2012 9:15 AM
  • Hello I am running the same problem from past two days. I have done all research and I think my rules are working fine Could you help with the network related changes that you did Please
    Thursday, February 8, 2018 4:29 AM
  • Hello Did you get the resolution for this. Please share I am stuck from two days
    Thursday, February 8, 2018 4:30 AM