UCPrimer
  • Tech Blog
  • About UCPrimer.com

Publishing Exchange2013 EWS using TMG2010

9/29/2013

0 Comments

 
Picture
Publishing Exchange 2013 Web Services (EWS) to clients on the external network is essential for Lync 2013 Unified Contact Store (UCS) and Lync 2013 Mobile clients to work properly. Without EWS available to clients on external networks, Lync 2013 Mobile clients will be unable to get Lync contacts when UCS has been enabled for users, since these contacts are now stored in Exchange. Lync 2013 Mobile clients will also not be able to retrieve calendaring information to join Lync online meetings. In order to enable these functions for the full Lync mobile experience, EWS must be published. This article provides configuration details for publishing Exchange 2013 EWS using Forefront TMG2010. Note that TMG2010 is no longer available for purchase but Forefront Unified Access Gateway (UAG) with Service Pack 3 (SP3) is still available and can be used for publishing Exchange 2013.

To begin use the "Publish Exchange Web Client Access" in the TMG 2010 Task pane to start the wizard. Give the rule a name and in the Select Services screen choose "Exchange Server 2010" and click on "Outlook Anywhere".
Picture
Picture
Next we can either choose to publish a single Exchange CAS server, which is the case in this lab, or if an array of CAS servers are deployed then the publishing type should be set to a server farm. Then we select to use SSL for the connection from TMG to CAS:
Picture
Picture
Next, the FQDN of the exchange CAS server is entered into the Internal site name. This should be resolvable by the TMG to an IP address either via DNS query or hostfile. Then the public name is entered in the next screen, which is the FQDN used when clients connect from the internet. This FQDN needs to be resolved to the public NAT'ed IP of the TMG server which the web listener listens on. At the same time, an autodiscover DNS A record needs to be created to point to the same IP. Note that this same public FQDN and autodiscover FQDN must be in the list of SANs for the certificate assigned to the web listener. eg. mail.domain.com and autodiscover.domain.com
Picture
Picture
Here we select the pre-configured web listener for the rule. If one has not yet been created, the "New.." button allows the creation of a new web listener. Note the settings of the web listener in particular the "No Authentication" setting as shown below. Next we choose to have "No delegation, but client may authenticate directly" setting for the Authentication Delegation setting:
Picture
Picture
Finally we leave the default User Sets of "All Users", not "All Authenticated Users". This happens when the web listener is configured with "No Authentication". To complete the wizard click "Finish":
Picture
Picture
After the rule has been created, we need to edit the rule again to configure 2 additional properties. First the Public Name tab should contain both the Public FQDN as well as the Autodiscover FQDN as shown below. Then in the Paths tab we should remove the "/rpc/*" entry and include the "/ews/*" and "/autodiscover/*" entries as shown below:
Picture
Picture
Now we can proceed to save the changes to the rule but before that, a validation test can be performed by clicking on the "Test Rule" button as shown below. This should return a "green" check for all tests performed to ensure that the rule is working properly. Once the changes are saved, open a browser to using a client connected to the internet and navigate to https://mail.domain.com/ews/exchange.asmx. A popup window should appear asking for user credentials which should then return a web page similar to the following picture below:
Picture
Conclusion
After completing the steps outlined above, Lync 2013 clients connecting from the internet should now be able to access the Exchange EWS via the TMG2010 server and be able to retrieve contacts stored in Exchange UCS as well as meeting information from the Exchange calendar for joining Lync Online meetings. Last but not least, this walkthrough should be used in-verbatim only in lab or testing environments.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Picture
    Picture

    Important Links

    Microsoft Teams Docs
    Microsoft Learn

    ​Microsoft MVP Blogs

    Michael Tressler’s Blog
    Michael’s MTR Quick Tip Videos
    Jimmy Vaughan’s Blog
    Jeff Schertz
    Adam Jacobs
    James Cussen
    ​Damien Margaritis

    Archives

    September 2022
    August 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    June 2021
    April 2021
    March 2021
    December 2020
    October 2020
    September 2020
    August 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    June 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    August 2017
    July 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    January 2016
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    September 2012
    August 2012

    Categories

    All
    Edge
    Exchange 2013
    Hybrid
    Lpe
    Lync 2010
    Lync 2013
    Mobility
    Oauth
    Office365
    Polycom
    Ucs

    RSS Feed

    This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies.

    Opt Out of Cookies