While deploying on Forefront TMG Outlook Web App with RSA SecurID authentication, I was surprised to see that the RSA Authentication manager was replaced by a Web interface on the new versions.
You will found on this article how to generate the required files on RSA, and the main steps on Forefront TMG. Follow the guide :)
1/ Generating the required file on RSA SecurID
- Security Domain: setup on the RSA infrastructure
- Hotsname: the full name of the Forefront TMG server (DNS/FQDN).
Attention : one agent per Forefront TMG server if you want to build a server farm.
- IP Address: if everything goes fine this field will be automatically fill when we click on the Resolve IP button.
- Agent Type: Standard Agent.
- Then we validate with the Save button.
2/ Forefront TMG configurations
On this chapter I will not focus on the setup, the getting started wizard and basics configuration of Forefront TMG. Furthermore I will focus on the main steps of publishing Outlook Web App. If you want to know how to do the others steps you could read the following white paper: Publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010.
- C:\Program Files\Microsoft Forefront Threat Management Gateway\sdconfig
Then on the registry we update or create the PrimaryInterfaceIP key with the internal IP of our Forefront TMG server as a value. We could found this key on HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\AceClient.
3/ Publishing Outlook Web App
- HTML Form Authentication
- Collect additional delegation credentials in the form
- RSA SecurID
4/ Authentication problems: common source
- The setting file of the RSA agent is missed on one or both location
and / or
- Some rights are missing on the registry
and / or
- The IP address providing on the registry is invalid