2 TMG servers - back TMG member of the domain, front TMG not a member of the domain, both running 2008R2 and TMG 2010. Trying to publish Exchange OWA, Active Sync, etc. OWA works internally. Create OWA publishing rule on both TMG server, back end rule tests fine, front end errors out. On the back TMG I get the following two events each time I test the rule:
Description: The Web Proxy filter failed to bind its socket to 172.24.0.4 port 443. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft
Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
The failure is due to error: An attempt was made to access a socket in a way forbidden by its access permissions.
Description: A problem preventing the Web Proxy filter from binding its sockets was resolved.
And in the log I see:
Denied Connection TUSPROXY2 10/31/2012 8:34:27 AM
Log type: Firewall service
Status: The policy rules do not allow the user request.
Rule: Default rule
Source: External (172.24.0.1:11498)
Destination: Local Host (172.24.0.4:443)
Protocol: HTTPS
I have OWA working between my Exchange 2007 server and the default IP on two servers. I added new IP addresses to the NICs and created Web Listeners on each using a certificate created by our internal PKI. No issues with the certificate chain. Wierd thing is it was working and then stopped while I was trying to resolve and issue getting Active Sync to work but I don't know what changed. Both TMG are using forms and "No delegation but client may authenticate directly" It seems like the publishing rule on the back TMG isn't opening the port so the connection is denied by the default rule. My gut feeling is the rules can't be identical because one server is in the domain and the other isn't but I am not sure what to change.
Thanks in advance
eburch@lasertel.com