close

Crypto-virus Ransomware Oregon

Using Forefront UAG (Unified Access Gateway) for publishing OWA 2010

Posted the July 18, 2010 by Jonas Andersson -   Published: 2010-07-18 Updated: – Version: 1.0 Installation   This will be a complete walkthrough to setup up certificate based on a CA server on a DC. My environment looks like this 1 x Windows 2003 (DC/DNS/CA) 1 x Forefront UAG 1 x Exchange 2010 CAS/HUB/MBX Everything is running as virtual machines in VMware workstation. Just to mention, this is done in a lab and no reality allocation with memory, the machines are just for this post and not serving any production environment. Before doing anything with UAG we need to configure the network with correct ip addresses. My UAG server is installed with Windows 2008 R2 x64 with 2 Nics (E1000), running with an internal Nic setup IP: 172.16.2.17 Subnet: 255.255.255.0 DNS: 172.16.2.11 (pointing to the DC) The external Nic is setup with IP: 192.168.0.1 Subnet: 255.255.255.0 DNS: External IP Default Gateway: Pointing to my external gateway On the TMG server in the hosts file I have edited it withnotepad and pointed out 172.16.2.12    owa.target.se Just to get the name resolution to working fine with the rule and certificate. It time to launch the installation wizard for Forefront UAG It will take some time for the installation to finish. The first thing to do when the installation is done is to export the certificate from my Exchange server and import it on the UAG server. For creating and requesting certificates on Exchange, have a look at this link: The export and import of the existing certificate is really easy, start Exchange Management Console (EMC) and go to Server configuration, select the certificate and right click, choose export exchange certificate. The certificate import is easy, go to the UAG server and start an mmc console and add the snapin for certificates (computer) for the local computer. Then select Personal and right click on that and select all tasks -> import and point out the certificate that was just exported from Exchange server. When it’s done itshould look like below. Notice: If you’re using own CA server like I do in this example, make sure that the trusted root certificate is installed on UAG server before you’re trying to import the certificate. Configuration   First time when UAG is started, it will give you a wizard and configure the network settings for it. Define the internal ip addresses. Configuration selection, in my case I only have one server so I select single server. Then after these steps it’s time to active these settings. Now it’s time for the configuration of the UAG Start with creating a HTTPS trunk by right clicking the HTTPS connections I will create a HTTPS trunk just for this purpose. The trunk type should be set to “portal trunk” and select to publish exchange applications via the portal. Step 2, give the trunk a name and a public name, this name should match the name on the certificate and in my case I was also adding this name into the hostfile of the UAG server. My name in the lab is: owa.target.seWe need to add an authentication server (AD server) so I did like the picture below shows. Select the server and then go further to next step. It’s time to choose the correct certificate so the name matches each other, in my case it’s: owa.target.se. Step 5 will be to select endpoint security, I don’t have any NAP servers so I’ll select Forefront UAG. Step 6, Endpoint policy’s, let the default policy’s stay there Step 7, select Exchange version and which services that should be published. Step 8, Configure Application Give it a friendly name. Step 9, Select Endpoint Policies Let the default policy’s stay there. Step 10, Deploying an Application Select to Configure an application server Step 11, Select Web servers In address field I type in; owa.target.se, or could be fqdn of the server. This name will be resolved on the UAG to my Exchange server since it’s added to the host file. Double check so the Public host name is configured correctly; owa.target.se Step 12, Authentication In hereI select 401 request, with that means the UAG will check the credentials and if they are correct the users will be authenticated and forwarded to the correct instance. Step 13, Outlook Anywhere, the authentication method I will use is; Basic Authentication Double check so the public host name is correct For autodiscover I will use; Basic Authentication Step 13 (14), Portal Link (Yes I know, it’s the same number as before, but it’s says so in the application) Portal name; portal Application URL; Step 15, Authorization Select Authorize all users When all steps are configured it will look like this Don’t forget to save and active the settings, or else it will not work J Verifying   It’s time for the testing of the solution with a Windows 7 machine. On the Windows 7 machine in the hosts file I have edited it with notepad and pointed out 172.16.2.17    owa.target.se This is done since I don’t have target.se as a DNS zone internally so the client can find the UAG/publishing portal. Let’sstart IE and go to I went successfully into the OWA Successfully authenticated and logged on! Feel free to give feedback on the post, hope it will help someone Kategorier: Taggar:

endpoint security controls     endpoint security by bitdefender removal tool

TAGS

CATEGORIES