![forefront tmg 2010 owa publishing forefront tmg 2010 owa publishing](https://www.vkernel.ro/blog/wp-content/uploads/2012/01/Publish.OWA_.2010.with_.TMG_.2010-17-300x282.gif)
Although you can issue the server with its own certificate for this purpose you could also export the SSL certificate from the Client Access server and import it to the ISA server, provided that the license terms your issuing CA allow for that. The ISA server needs to be configured with an SSL certificate to accept the secure remote access connections. Configuring the ISA Server SSL Certificate
![forefront tmg 2010 owa publishing forefront tmg 2010 owa publishing](http://www.msserverpro.com/wp-content/uploads/2012/01/22.jpg)
You can of course import root certificates to make just about any certificate trusted by ISA but it is less effort and a better overall solution to use a public CA. Preferably this SSL certificate is from a public certificate authority but it can also be a private CA, as long as it is one that the ISA server trusts so that ISA considers the certificate to be valid. The Client Access server also needs to be configured with an SSL certificate. The Client Access server /OWA virtual directory has also been configured with the external URL to match the public DNS name.
FOREFRONT TMG 2010 OWA PUBLISHING HOW TO
This combination allows internal, domain-joined computers to seamlessly log on to Outlook Web App while also permitting the ISA server to use Basic delegation to authenticate the remote user.įor more details see this article on how to configure Outlook Web App authentication. In this example the /OWA virtual directory on the Client Access server is configured for both Basic and Integrated authentication.
![forefront tmg 2010 owa publishing forefront tmg 2010 owa publishing](http://www.msserverpro.com/wp-content/uploads/2012/01/10.jpg)
The Client Access server is then responsible for proxying the requests for the user’s mailbox to the appropriate Mailbox server using RPC connections.Ĭonfiguring the Exchange 2010 Client Access Server The remote user makes a connection over HTTPS (SSL) to the ISA firewall, which then reverse proxies the traffic over SSL to the Client Access server. This diagram provides an overview of how Outlook Web App is published using ISA Server 2006. Exchange 2010 Client Access and Mailbox servers deployed in the organization.An SSL certificate for Exchange Server 2010.An ISA Server 2006 (with Service Pack 1) firewall configured with an external interface and IP address corresponding to the above DNS record.A public DNS name for Outlook Web App (in this example is used).There are several parts of this solution that make it work. One way to make Exchange Server 2010 Outlook Web App (OWA) available for remote users is to publish it using ISA Server 2006.