I've setup Exchange 2010 thru TMG and everything seems to work fine except that when accessing OWA there are 2 screens where you have to enter login and pass. The first one looks exactly the same as the normal one but it says Security: Microsoft Forefront Threat Management Gateway. If i give wrong password on the first screen it says Can't login to Forefront TMG so it seems like this is double verification... Is this normally expected or just misconfiguration of TMG?
Asked
Active
Viewed 647 times
0
MadBoy
- 3,703
- 13
- 61
- 93
1 Answers
2
It means your publishing rule is set up (correctly!) to only allow authorized users.
When you connect to the OWA server the TMG first needs to find out who you are to work out what you are allowed to do with respect to the firewall e.g. what publishing rules apply etc.
Once that is done the request is passed on to Exchange Server which then shows you the standard login page.
If you want to you can set up TMG to forward the credentials to Exchange so you only get asked once but its not a simple thing to enable and configure as there are many variables to consider in terms of authentication methods etc.
Phil
- 3,138
- 1
- 21
- 27
-
Do you know some links that could explain how to forward credentials as I believe having 2 times authentication will be just a bit too much security? – MadBoy Nov 04 '11 at 14:23
-
This is correct for the most part. You'll want to enable SSO, and make sure you match the Authentication Delegation to what you're using on your OWA vdir in the CAS Array. – Tatas Nov 04 '11 at 15:25
-
@Tatas got some good documentation on that ? – MadBoy Nov 28 '11 at 18:06
-
The TMG whitepaper from MS should have that in it. Also check technet, that should have it as well. I'll try and find the link. – Tatas Nov 29 '11 at 18:39
-
The following document is an excellent resource for setting up Exchange 2010 with TMG. http://www.microsoft.com/download/en/details.aspx?id=8946 – Tatas Nov 30 '11 at 21:17