Hi All,
we have deployed TMG in our client environment for publishing their in-house SharePoint application on internet.
There are two domains in their environment say DOMAIN1 and DOMAIN2, both the domains are in bidirectional trust relationship. the SharePoint application is hosted in DOMAIN1.
We have deployed TMG with single network adapter topology with NO AUTHENTICATIONconfiguration at the web listener, so the authentication was handled at the SharePoint level. With this configuration, all the users from DOMAIN1 and DOMAIN2 were able to access the SharePoint site on internet.
Now, client wants to setup pre-authentication at TMG, so that authentication can be done at TMG level.
For this, we have modified the publishing rule configurations as:
- In web Listener Authentication tab, changed the authentication mechanism from NO AUTHENTICATION toHTML FORM AUTHENTICATION with LDAP.
- In validate LDAP configurations, created the two LDAP SETS for the two domains.
- In AUTHENTICATION DELEGATION tab, delegate the authentication withNTLM authentication.
The problem is that after the pre-authentication configurations, the users from DOMAIN1 (on which the application is hosted) are able to login to the SharePoint site on internet and the username is visible in TMG live logging, but the users from DOMAIN2
are unable to login to the site, getting access denied red colored logs in TMG live logging,and the username is getting displayed asanonymous user.
I am wondering why the users from DOMAIN2 are unable to login with pre-authentication configuration when they were able to login withNO AUTHENTICATION configurations.
Can anybody help me in identifying the issue for this? or please tell me if there is any limitation at TMG level to not to authenticate the users from the trusted domains of the host domain (on which the application is hosted)
Quick response will be really helpful.
Thanks,
Sanjog
