Hi Joseph, I've done similar, most recently on Exchange 2010 using the following steps:
* Leave the default OWA virtual directory web site using forms-based authentication (which internal users will access) * Create a new web site, e.g. "TMG Site" on each Exchange client access server, listening on a different port - say 8080 (if using SSL offload) or 8443 (if using the same SSL cert on the second OWA site) * Create a new OWA and ECP virtual directory , using New-OWAVirtualDirectory -WebSiteName "TMG Site" and New-OWAVirtualDirectory -WebSiteName "TMG Site" * Configure those new OWA and ECP virtual directories to use Windows/Basic authentication instead of forms based, run iisreset as usual and test you can access the new OWA/ECP virtual directories on the new site (eg https://internal.host:8443) * In the TMG policy for Outlook Web App, open the properties and use the Bridging tab to redirect requests to the new site's port (eg 8443) This should result in TMG using it's forms-based pre-authentication for external users and internal users prompted for Exchange's forms-based authentication. Steve From: Joseph Heaton [mailto:jhea...@dfg.ca.gov] Sent: 17 November 2011 19:37 To: MS-Exchange Admin Issues Subject: OWA question I'm setting up an OWA listener in TMG. The blog I'm following says to turn off FBA in the Exchange console, and let TMG do the forms based authentication. But, if I do this, then users internally hitting the OWA site don't get forms based auth, just the normal authentication window that comes up connecting to any network resource. Is there a way to have both, without making the external users log in twice? --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
