I have 2 TMG servers on a DMZ AD domain, 2 Exchange 2010 CAS servers in the production AD domain and a RSA server v7.1 in the production domain. The domains arecompletely separate. I followed the documentation on setting up RSA with TMG. The TMG servers are configured with 1 NIC. All the servers are on the latest service packs and rollups.
TMG is set with form based authentication and Exchange CAS servers has basic authentication. When I enter a the user's name in the user name field under remote access credential in username format (no domain), RSA authentication works and AD authentication fails. If I enter the user's name in domain\username format then RSA authentication will fail and AD authentication will work. If I enter the user name (no domain) and then check use a different user name under internal network credentials and enter the user's name in the domain\username format then I am able to successfully authenticate.
We would like for the user to just enter the username (no domain), RSA passcode and AD password.
I have read adding the TMG servers to the production domain would fix this issue but I am trying to avoid that.
Any help would be appreciated. Thanks.