I have had a few requests for publishing everything on one listener, so here is it (this is an addendum to the rest of the articles not a re-write)
OA\EWS and OAB should be able to use the form based listener because it is supposed to change to basic, this is based on information provided by outlook when connecting. (it doesn’t always work but here is how to make it)
To make this work every time here are the steps:
- Publish OWA using the following article.
https://exchangemaster.wordpress.com/2010/04/09/publish-exchange-2010-with-tmg-forefront-threat-management-gateway/ - Publish OA\EWS\OAB using the this article
NOTE: This Method moves the authentication from the TMG to the Exchange server eliminating Pre-authentication for Outlook Anywhere.
This will also work for publishing ADFS 2.0 for Office 365 using a single listener (Coming Soon)
Configure Outlook anywhere rule on TMG
- Open Forefront TMG
- Click on
![image_thumb5[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb51_thumb1.png?w=110&h=22 "image_thumb5[1]")
- In the Action Pane under Task click
![image_thumb6[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb61_thumb1.png?w=138&h=32 "image_thumb6[1]")
- Give the rule a Name ill name mine “2010 OA”
- Next –> Next
![image_thumb8[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb81_thumb.png?w=404&h=379 "image_thumb8[1]")
- Internal Site Name should be your CAS server FQDN (needs to be on the cert)
![image_thumb9[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb91_thumb.png?w=396&h=373 "image_thumb9[1]")
- The external name is what you use to access OA (Also needs to be on the cert)
- Click –> Next –> Finish –> Select the Listener. (Choose the OWA listener you created before)
This step moves the auth from the TMG server and moves it to the Exchange
- Modify the User set to include “all users” and remove “all authenticated users”.
- You may get the following error you can click ok and ignore it. (Do not check require users to authenticate check box on the listener or this method will not work)
![clip_image002[5]](https://exchangemaster.files.wordpress.com/2011/08/clip_image0025_thumb.jpg?w=340&h=173 "clip_image002[5]")
- Finish
- Now Outlook anywhere is published using the same listener as OWA! (Albeit without pre-auth)
![image_thumb5[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb511.png "image_thumb5[1]"){kind=small}
![image_thumb6[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb611.png "image_thumb6[1]"){kind=small}
![image_thumb8[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb81.png "image_thumb8[1]")
![image_thumb9[1]](https://exchangemaster.files.wordpress.com/2010/04/image_thumb91.png "image_thumb9[1]")
![clip_image002[5]](https://exchangemaster.files.wordpress.com/2011/08/clip_image0025.jpg "clip_image002[5]")
Troubleshooting Exchange 
Pingback: Walkthrough Series: Threat Management Gateway Exchange publishing « Troubleshooting Exchange
Hello,
This same setup can be done for EAS, right?
On the exchange server we only need to change OWA y ECP to be as windows authentication. The rest can stay like they are?
I’m trying to avoid the use of a second TMG on my network.
Was is included with the outlook anywhere rule, so you you can do EAS also.
Perfect! I’ll try it later today. Thank you!!