Dear All,
we're having the following strange situation:
our setup is 2008R2 AD, Sharepoint 2010 STD with accounts sync to/from AD set, TMG2010.
Access rights on Sharepoint are set using AD groups.
In particular, group Domain Users is giving read access to a top level site.
We have our SP website posted via TMG for some time already.
Authentication for web publishing rule has been set to NTLM.
There are no issues with standard users (who are members of Domain Users group).
However, if I create a user who's not a member of Domain Users group, but a specially create group Share, problem begins.
Group Share (Global-Security) is also given read access to a top level site.
Until we are within internal network, users from group Share can access website without any issues.
When they're trying to do the same from outside via TMG, all they've got is:
- Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
On TMG Default rule is hit with a message: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Same time users from Domain Users can access site from outside without issues.
If I move user from group Share to Domain Users, that user can also access site.
To me that looks like an issue from TMG side. Maybe somewhere at a level of authenticating user against AD.
Thank you in advance for any help.
Regards,
Denis
