OWA Publishing Rule - Cannot Log in

All replies

• 

  

  0

  Sign in to vote

  Hi,

  if TMG Server is a member of a workgroup you can't use Windows (AD) auth. You must use LDAP for authentication. Please keep in mind when TMG is a workgroup member you cannot use KCD (if you want to do this - normally not needed for basic publishings).
  So please change your Listener to LDAP, create a LDAP set and LDAP expressions:
  http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-Using-LDAP-RADIUS-Authentication.html

  ---

  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

  • Proposed as answer by Nick Gu - MSFTModerator Wednesday, October 12, 2011 6:46 AM
  • Marked as answer by Nick Gu - MSFTModerator Thursday, October 13, 2011 6:21 AM

  Friday, October 7, 2011 6:12 PM
• 

  

  0

  Sign in to vote

  That is what I was looking for! Thanks. Also, do you have any information on exactly how to setup KCD for Outlook Anywhere and then also get OWA and ActiveSync to work? I would prefer to have KCD configured, but it seems complex...just can't get the right info to configure it.

  Friday, October 7, 2011 6:23 PM
• 

  

  0

  Sign in to vote

  I made the LDAP changes. Things have improved, but not 100%. I now get an error: "The page cannot be displayed."

  I do have IIS redirection setup on the CAS server. The Test Rule comes back all Green.

  Friday, October 7, 2011 6:52 PM
• 

  

  0

  Sign in to vote

  You say you have redirection set up on your CAS server. Are you talking about redirection for people that try to go to the root directory on the CAS?

  If so, have you add the / in as a Path in the Paths tab on the OWA rule? If you have not added that path in they will be denied.

  I have a blog on the easiest way to do a redirect using TMG.

  http://blogs.technet.com/b/keithab/archive/2011/06/13/setting-up-an-owa-redirect-in-forefront-tmg-2010-the-easy-way.aspx

  Keith

  Friday, October 7, 2011 8:29 PM

  Answerer
• 

  

  0

  Sign in to vote

  Tried those settings and I still get a page cannot be displayed error when trying to log in. I am using the LDAP authentication on the Web Listerner. Does the account specified need to have certain rights in the domain? I just setup a regular user account. As for the redirection, I used the method described here: http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/

   

  Monday, October 10, 2011 12:41 PM
• 

  

  0

  Sign in to vote

  On your OWA rule in TMG are you allowing them to your root directory on the CAS Server? There should be a Path in the rule that specifies /

  If you do not have that path specified you will never get to your redirect.

  Monday, October 10, 2011 1:03 PM

  Answerer
• 

  

  0

  Sign in to vote

  I have that rule in place for the OWA Redirect rule. However, it is not in place for the Original OWA Publishing rule. Do I need to change the original rule?

  Monday, October 10, 2011 1:08 PM
• 

  

  0

  Sign in to vote

  You really need to decide if you want the redirect to happen on the TMG server or you want that job to fall to the CAS server. Personally I would do it on TMG. Your redirect rule should not require authentication. The only path that should be in your redirect rule should be /

  People make the mistake of using /* which is everything below the root.

   

  • Proposed as answer by Nick Gu - MSFTModerator Wednesday, October 12, 2011 6:46 AM
  • Marked as answer by Nick Gu - MSFTModerator Thursday, October 13, 2011 6:21 AM

  Monday, October 10, 2011 3:21 PM

  Answerer