Hi,
I'm migrating a customer from Exchange 2007 towards Exchange 2013.
The customer wants to use TMG to publish the Exchange 2013 environment.
Outlook.customer.com is configured to point to the VIP address of the HW loadbalancer (Kemp).
Internal loadbalancing is correctly configured via this VIP address.
The customer wants to use form based authentication for OWA internally + externally.
Since we'll be publishing via TMG, in Ex2010 for example, it was required to change the authentication of the OWA virtual directory to basic authentication.
This would cause authentication popups for users when connecting to OWA internally.
I was thinking about creating a seperate OWA/ecp vdir for internal connections.
In Ex2013 however this doesn't seem to be required anymore : https://blogs.technet.microsoft.com/exchange/2015/02/11/configuring-multiple-owaecp-virtual-directories-on-the-exchange-2013-client-access-server-role/
Relating to this article, we're in scenario 1.
I've added an extra ip address for the TMGn and added it on the network card.
Afterwards I've created a seperate listener for Ex2013, on which I tried "basic" and "windows authentication" in the "authentication delegation" tab.
These settings don't work however, and I still receive these errors when testing the rule :
"the authentication delegation method defined in the rule does not match the authentication mehod selected for the published directory on the server hosting the site"
"Publishing rule authentication delegation mehod : Basic"
"Published server authentication methods: Forms-Based Authentication"