• Home
  • My Tools
  • Visio Stencils
  • Online Tools
  • PS Scripts
  • PS One Liners
  • Downloads
  • Product Review
  • About

Smarter Together

~ by I.M.H.O.

Smarter Together

Category Archives: TMG

MCX Forbidden

05 Monday Aug 2013

Posted by Paul Bloem in MCX Forbidden, mobility, TMG

≈ Leave a comment

Problem
Can’t connect to Lync MCX service. Http Error 403 Forbidden, Lyncdiscover Http Authentication Test failed when testing https:///Mcx/McxService.svc
Also get Authentication Test failed from http://www.testocsconnectivity.com/
Solution
Error was the TMG rule
The error here says that the Credentials for the request to the site were deleted. It also explains how no delegation is set and user authentication isn’t enabled. Of course this needs to be enabled!!!
Advertisement

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)

Like this:

Like Loading...

TMG – Quick Reference Guide

25 Monday Mar 2013

Posted by Paul Bloem in Quick Reference Guide, TMG

≈ Leave a comment

Good old TMG..
Just a quick reference guide when the grey stuff gets fuzzy 🙂

  • The published site is the public external web FQDN
  • Use browse to find the internal Front End Pool, tests the DNS resolution that way
  • Check the box to forward the original host header
  • Set the radio button so that requests appear to come from TMG


Add the public names (of course these will match the public A records requested)
What you need is:-

  • meet and dialin (often times I’ll merge these two)
  • lyncdiscover for the 2013 and mobile clients
  • external web services (same as published site)

The TMG won’t be doing any pre-authentication, but client will need to authenticate directly to the Front End

Bridge the ports so that http traffic to port 80 goes to 8080 and https traffic to port 443 goes to 4443. If not using 80 you can ignore the http bridge.

On the listener ensure that the authentication is set to “No Authentication”
If you not using 80 then disable here

Remember
Even after publishing the firewall rule, check the Monitoring tab to make sure the configuration has been successfully synced


Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)

Like this:

Like Loading...

Configuring TMG for Lync

12 Thursday Apr 2012

Posted by Paul Bloem in Install Guide, Quick Reference Guide, TMG

≈ Leave a comment

Once TMG has been installed with 2 interfaces – one pointing to LAN and the other to the Internet you are ready to create the Web Publishing Rule for Lync.
This rule will be used to access GAL, ABS, Web Conferencing (Meet and Dial) as well as Lync Mobile. Of course all of these URLS need to be included in the Public Certificate and Public A record for each name needs to be configured.

So lets get started..

Select New – Web Site Publishing Rule

Give the new rule a logical name

 
 
 

 Since the Sites will be HTTPS we will use the SSL option


Now we add the internal URL as configured in the Topology Builder

Not required but I no harm in defining this

 

 For Path add /*


The Public name is what is published in Topology Builder as the external URL as well as a name in the SAN Cert. If using the same cert and rule for more URL’s like lyncdiscover then this will need adding later, see last step.


Since this is a brand new TMG no Web Listener exists so we select New and continue. The Web Listener Name is irrelevant but always good to use something descriptive


Select External as this is where the traffic will originate from


Important to note that the certificate actually needs to be in the local store Personal or it wont show up when you click on select Certificate

 

Select No Authentication as we don’t want the TMG dealing with that

 



Finishing the Web Listener and continuing on with the Web Publishing rule

Select No Delegation, and Client cannot authenticate directly


 And Finish, now you need to Apply the new Policy to TMG

Two more tweaks, one on the Publishing rule – go to Bindings and set the port redirections


 
The second on the Public Name Tab – to add additional URL’s eg LyncDiscover.
 

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to share on Skype (Opens in new window)
  • Click to email a link to a friend (Opens in new window)
  • Click to print (Opens in new window)

Like this:

Like Loading...

IMHO YouTube Channel

Follow Smarter Together on WordPress.com

Enter your email address to subscribe and receive notifications of new posts.

Join 674 other subscribers

Show your appreciation by donating

Archives

Category

ABS ABServer ADContacts Address Book AddressBook AddressBook Service Communicator contacts CX500 Devices DHCP DNS Edge Server Error Codes event id Exchange UM 2010 GAL Install Guide Lync 2013 Tools Lync Edge Lync Tools Microsoft Teams Monitoring Polycom Powershell Scripts Product Review QOS Quick Reference Guide Reskit RGS RTC Database SIP SIP Options Skype for Business Skype for Business Monitoring Skype for Business Tools SQL Teams TMG Tool Tools Troubleshoot Edge UC Sorted Tools UM Uncategorized Unified Messaging visio Visio Stencil voicemail

Blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Smarter Together
    • Join 63 other followers
    • Already have a WordPress.com account? Log in now.
    • Smarter Together
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: