Exchange 2010 and TMG 2010 - FBA Timeout issues (logs off in 10 min) RRS feed

  • Question

  • Guys,

    Just had one user reporting a problem with Outlook Web Apps published using TMG 2010. FBA is turned on on TMG and is configured to expire the cookie in 6 hrs. But when a user logs in to a computer and selects "Private Computer" option, he/she is logged off in EXACTLY 10 min. Going round in circles to find the answer but no avail.

    Logging on TMG server isn't revealing anything much. Examining the cookies on IE, it appears that the system keeps renewing the cookies once in every 30 secs to 1 min and after about 10 min of logging, the user is logged out. Even the last log says that the FBA Auth cookie is present and is valid. Any help is appreciated.

    Thursday, June 21, 2012 2:13 PM

All replies

  • Hi,

    Thank you for the post.

    Please refer to the thread and see if it helps: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/ed87399e-a959-4cf4-a947-c4bc508ec785.


    Nick Gu - MSFT

    Friday, June 22, 2012 2:49 AM
  • Thanks Nick

    But the hotfix described on this thread was released for ISA 2006. Wasn't this corrected when TMG2010 was released? Don't a script for ISA 2006 cause any issues with TMG 2010?

    Sunday, June 24, 2012 7:14 PM
  • Hi,

    Thank you for the update.

    To solve this problem in TMG 2010, we need to workaround it by running the script described under the “Reverting this hotfix” section from this other article:


    FIX: You receive a "Bad Request" error message when you try to access Outlook Web App in a Forefront Threat Management Gateway 2010 environment when you use RSA SecurID authentication delegation


    Nick Gu - MSFT

    Wednesday, June 27, 2012 2:34 AM
  • Will this still work? We don't use RSA!
    Wednesday, June 27, 2012 5:28 AM
  • Hi Nick,

    Think you haven't answered my earlier statement (we don't use RSA at all.).

    Btw, happened to stumble upon the time-out settings on the firewalls and NLB placed before the TMG servers and it appears that the problem is there. The time out settings for HTTPS on Kemp LTMs are set to be with 10 min and that was the cause of the issue. A change control in progress and will update the outcome soon.

    Monday, July 9, 2012 2:48 PM