Hello, I have a challenge that has come about as we set out to provide OWA for company use.
During setup, I configured TMG with one listener that has a public cert for (example) wmail.company.com that includes a SAN for autodiscover.company.com knowing that at some point in the future we'd want to enable Activesync and or Outlook Anywhere. I configured RSA authentication and everything works well. Once this was done, the powers that be said they wanted to be able to receive e-mail on all types of phones now. I then set out to stand up activesync and, while I was at it, Outlook Anywhere. Here is where the issues comes in.
Activesync and Outlook Anywhere can not use RSA authentication on the TMG so I changed the listener to Basic Authentication and got activesync to work.
So my problem now is to get OWA running again with RSA. As I see it, I need to make the public IP for wmail.company.com specific for Activesync and Outlook Anywhere and split off the OWA part to another public IP address so I can set up a different listener specifically for OWA so as to be able to allow RSA authentication.
If I understand it correctly, that leads to either buying another certificate just for OWA or redoing the existing certificate for wmail.company.com to include another SAN for say Omail.company.com.
Can anyone tell me if I'm on the correct track or if I'm completely lost and that there's an easier way to allow RSA authentication on OWA and basic on Activesync and Outlook Anywhere?
Thanks
Jim