TNet,
I posted a picture below of the Connection Denied message I receive from Forefront TMG when connecting to OWA from an external network via CAC card. It works without CAC. I have tried recreating the rule in every combination possible and receive no errors on the "rule test" however, the logging options shows Connection Denied after inputting my PIN. It never seems to pass it off to the TMG server inside address but does hit the TMG outside private address. What I find weird is that the website is HTTPS as you can see the request but the GET statement in the embeded picture shows GET HTTP. We aren't sure if that's where our problem lies. I don't believe it to be a rule issue as it stopped working without user intervention. Also, the logs don't show what rule it's hitting unless it doesn't get far enough
Some things I've tried
1) Check time/date of both client/server
2) Removed the firewall GPO conflicting with the TMG firewall
3) Enable CAPI2 and look at application logs
Any help is appreciated
The CACI log shows the below error:
Error Description: 0x800B010F: The certificate's CN name does not match the passed value
In case you can't see the embeded file, it says Status:12302 The server denied the specified Unform Resource Locater (URL). Contact the server administrator
Request: GET http://webmail/OWA