Skip to main content

configuration to Publish Exchange through TMG Back-end - Front-end method

 Can you believe it I finally got this done! This process can be used for Exchange 2007 or 2010.



This is a basic walkthrough on getting OWA published through a TMG Front-end\Back-end scenario.
Well lets get started!
First we have to establish the basic configuration
The lab will be configured as shown

First Obviously we need physical connectivity as defined.

  • 2 TMG servers with 2 NICs each
  • Each with a NIC on the DMZ network.
  • The Frontend connected to the ISP
  • The Backend connected to the LAN

Backend server

  1. Configure NICs
    1. DMZ NIC = IP: 192.168.1.2/24, Gateway: 192.168.1.1, , DNS: Null
    2. Inter NIC = IP: 192.168.2.1/24 Gateway: Null, DNS: 192.168.2.10 (Internal Domain DNS)

  2. Join to domain
  3. Install TMG
  4. Configuration
    1. Getting Started Wizard
    2. Configure Network Settings
      1. Next
      2. Next
      3. Important: Choose Private at the Bottom so the BE can route.
      5. Finish

    3. Configure System Settings
      1. I make sure mine is connected to the domain (just makes permissions easier)

    4. Define Deployment options
      1. This is a preference but for this Lab I disable all updates or NIS updates

    5. Remote Access Wizard (again preference But I limit config as this is a publishing lab not client access)
      5. This one can make troubleshooting difficult if configured any other way

    6. Network Rule Creation
      1. Edit the Internal to Perimeter Rule

    7. Firewall Rule Creation





Front-end server

  1. Configure NICs
    1. DMZ NIC = IP: 192.168.1.1/24, Gateway: 192.168.1.1, , DNS: 192.168.2.10 (Internal Domain DNS)
    2. Inter NIC = IP: ISP assigned Gateway: ISP assigned, DNS: null

  2. Install TMG
  3. Configuration
    1. Getting Started Wizard
    2. Configure Network Settings
      1. Next
      3. Be sure to add the additional route for the LAN network behind the back-end server.
        This also adds the internal LAN network to the Internal Network object(networking\networks), and adds a static route for the Internal network as well (Networking\routing tab)
      4. In my case I have a dynamic IP in my lab, but this would be your ISP provided IP
      6. At this point you should have routing connectivity to the domain.

    3. Configure System Settings
      1. I make sure mine is connected to the domain (just makes permissions easier)

        You can join the domain here

    4. Define Deployment options
      1. This is a preference but for this Lab I disable all updates or NIS updates

    5. Remote Access Wizard (again preference But I limit config as this is a publishing lab not client access)
      5. This one can make troubleshooting difficult if configured any other way

    6. Publishing Rules (Same as previous Posts, sample here see other posts for more details)
      2. This is a basic auth listener that will work for OWA\EAS\OLA but doesn’t include forms
      7. Make sure this Name is accessible from the FE server (the name also needs to be on the trusted certificate on the exchange server)
      17. This may change based on your scenario
      19. Finish

    7. Apply Changes and Test!!!

Comments

Post a Comment

Popular posts from this blog

Integration with vCloud Director failing after NSXT upgrade to 4.1.2.0 certificate expired

  Issue Clarification: after upgrade from 3.1.3 to 4.1.2.0 observed certificate to be expired related to various internal services.   Issue Verification: after Upgrade from 3.1.3 to 4.1.2.0 observed certificate to be expired related to various internal services.   Root Cause Identification: >>we confirmed the issue to be related to the below KB NSX alarms indicating certificates have expired or are expiring (94898)   Root Cause Justification:   There are two main factors that can contribute to this behaviour: NSX Managers have many certificates for internal services. In version NSX 3.2.1, Cluster Boot Manager (CBM) service certificates were incorrectly given a validity period of 825 days instead of 100 years. This was corrected to 100 years in NSX 3.2.3. However any environment originally installed on NSX 3.2.1 will have the internal CBM Corfu certs expire after 825 regardless of upgrade to the fixed version or not. On NSX-T 3.2.x interna...
Post a Comment
Read more

Calculate how much data can be transferred in 24 hours based on link speed in data center

  In case you are planning for migration via DIA or IPVPN link and as example you have 200Mb stable speed so you could calculate using the below formula. (( 200Mb /8)x60x60x24) /1024/1024 = 2TB /per day In case you have different speed you could replace the 200Mb by any rate to calculate as example below. (( 5 00Mb /8)x60x60x24) /1024/1024 =  5.15TB  /per day So approximate each 100Mb would allow around 1TB per day.
Post a Comment
Read more

Device expanded/shrank messages are reported in the VMkernel log for VMFS-5

    Symptoms A VMFS-5 datastore is no longer visible in vSphere 5 datastores view. A VMFS-5 datastore is no longer mounted in the vSphere 5 datastores view. In the  /var/log/vmkernel.log  file, you see an entry similar to: .. cpu1:44722)WARNING: LVM: 2884: [naa.6006048c7bc7febbf4db26ae0c3263cb:1] Device shrank (actual size 18424453 blocks, stored size 18424507 blocks) A VMFS-5 datastore is mounted in the vSphere 5 datastores view, but in the  /var/log/vmkernel.log  file you see an entry similar to: .. cpu0:44828)LVM: 2891: [naa.6006048c7bc7febbf4db26ae0c3263cb:1] Device expanded (actual size 18424506 blocks, stored size 18422953 blocks)   Purpose This article provides steps to correct the VMFS-5 partition table entry using  partedUtil . For more information see  Using the partedUtil command line utility on ESX and ESXi (1036609) .   Cause The device size discrepancy is caused by an incorrect ending sector for the VMFS-5 partition on the ...
Post a Comment
Read more