Configure TMG to work with AD FS 3.0 (Server 2012 R2)

Our current environment contains two Server 2012 Domain Controllers running AD FS 2.0.  We are using TMG, installed in our perimeter network, to load balance the servers in a server farm and make the connection with Office 365.  This has been
working great for almost a year now.  The decision was made recently to upgrade the domain controllers to Server 2012 R2 (with AD FS 3.0).  We have replaced one of the servers and have AD FS 3.0 installed on it and configured.  It is working
okay to connect our internal users to Office 365.  The problem is in getting TMG reconfigured to work with AD FS 3.0.  The problem appears to be that with the current version we configured IIS to allow us to use Windows Authentication when connect
externally to Office 365.  AD FS 3.0 does not use IIS and it's Authentication Policy for the extranet does not permit Windows Authentication.
Is there anyone who has run into this same scenario and found a way to configure TMG to work correctly?  We know that we could set up a Windows Application Proxy to handle this, but we would prefer not to have to set up an additional server in
our perimeter network, if possible.

Hi,
Maybe you can refer to the thread and article below:
TMG 2010 publish ADFS 2.2 (server 2012 R2)
ADFS Publishing Rule in TMG
Best regards,
Susie

Similar Messages

  • How to configure Ogone for working with business catalyst ?

    How to configure Ogone for working with business catalyst ?
    In france ogone seems to be the only solution for seamless payment and there's no explications on the forum to configure it.
    Thx for your answers

    Hi ,
    [Configuration Guide SAP adapter for SAP Quality Center by HP|https://websmp101.sap-ag.de/~sapdownload/011000358700000612662007E/Adapter_Configuration_.pdf] might be useful.
    Check [Master guide|https://websmp201.sap-ag.de/~sapdownload/011000358700000612672007E/Adapter_Master_Guide.pdf]  also.
    Regards
    Naveen
    Edited by: Naveen kumar Palanichamy on Feb 19, 2009 6:38 AM

  • Our software vendor tells to use FF 3.5.1. because of some printer issues with their web based program. How safe is it to work with FF 3.5.1 in 2012?

    Our software vendor tells to use FF 3.5.1. because of some printer issues with their web based program. How safe is it to work with FF 3.5.1 in 2012?

    Thanks for the reply. I'll have a look at your solution.

  • Prepare sharepoint 2010 with sp2 environment on windows server 2012 R2

    HOw  prepare sharepoint 2010 with sp2 environment how i  install sharepoint 2010 with sp2 in a windows server 2012 
    i mean
    from scratch  i just prepared a windows server 2012 R2 vm
    and i set all required  roels (Appserver,webserver etc) according to this link
    http://social.technet.microsoft.com/wiki/contents/articles/12502.how-to-install-and-configure-windows-server-2012-for-sharepoint-2010.aspx
    and i have sharepoint 2010 set up, and i downloaded sharepoint 2010 sp2
    from this link
    http://www.microsoft.com/en-us/download/details.aspx?id=39672
    now should i install sp2 and install sharepoint 2010 binaries?
    adil

    SharePoint 2010 has no supportability statement for Server 2012 R2.  I would not use it until Microsoft releases a supportability statement.
    Even it  has no supportability for server 2012, but sharepoint 2010 running fine in my server 2012 test environment
    adil
    You indicated you were using 2012 R2.  SharePoint 2010 supports Server 2012 (non-R2) with SP2 media, but has no supportability statement for Server 2012 R2.
    Trevor Seward, MCC
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Database mail configuration is not working with office365

    Hi there!
    I' looking for some help debugging a blocking error in our DEV environment.
    We're currently using Windows 2008 R2 Standard, with IIS 7.5 and MS SQL Server 2012 Standard.
    We're experiencing troubles while trying to use database mail in conjunction with Office365 SMTP.
    We've generated our self-signed certificate, via IIS, and configured SMTP Virtual Relay Server with local (machine-name) and remote domain, following a step-by-step tutorial from configureoffice365.com.
    We've also checked at the original MSDN tutorial, but it's been of little use (at least for us).
    We would like to use our Office365 SMTP server to send out notifications and we're currently using Office365 working credentials to try the SMTP authentication, but we're stuck with this error (x is used to hide sensible data):
    OutboundConnectionCommand [12/May/2014:13:35:08 +0100] "STARTTLS - SMTP" 0 8
    OutboundConnectionResponse [12/May/2014:13:35:08 +0100] "- -?220 2.0.0 SMTP server ready SMTP" 0 27
    OutboundConnectionCommand [12/May/2014:13:35:08 +0100] "EHLO -?SQLDEVxxxxx SMTP" 0 4
    OutboundConnectionResponse [12/May/2014:13:35:08 +0100] "- -?250-xxxxx.outlook.office365.com Hello [x.x.x.x] SMTP" 0 58
    OutboundConnectionCommand [12/May/2014:13:35:08 +0100] "AUTH - SMTP" 0 4
    OutboundConnectionResponse [12/May/2014:13:35:08 +0100] "- -?334 xxxxx SMTP" 0 16
    OutboundConnectionResponse [12/May/2014:13:35:14 +0100] "- -?535 5.7.3
    Authentication unsuccessful SMTP" 0 37
    Any idea or suggestion?
    Thank you.

    Hi giovannizuccaro,
    According to your description, when you configure database mail in your SQL Server Management Studio,
     Please note that you enter the server to send to as localhost and the email address as the email you have on the office 365 Exchange online for the same account you used to configure the delivery configuration of the local SMTP server. And
    you should choose anonymous authentication for SMTP authentication. Once finished the configuration, you can test the email sending, check if you are able to send emails to any external recipient using you Exchange online.
    For more information, there is detail about how to configure SQL Database mail so send emails using Office 365 (Exchange Online):
    http://blogs.msdn.com/b/momalek/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx
    If there are still some errors, I recommend you post your error message on the Office 365 forums (https://community.office365.com/en-us/f/default.aspx ), It is appropriate and more experts
    will assist you.
    Regards,
    Sofiya Li
    Sofiya Li
    TechNet Community Support

  • Configuring IIS to work with Tomcat - I can't find a good help document

    Hello All,
    I am relatively new with Java and I am just now trying to learn Tomcat and servlet technologies. I can get the servlets working on my personal computer, yet I cannot get it configured for the server. From all the forum posts and web sites I have researched, it is my understanding that there is a configuration process that needs to be done to allow IIS to request the Tomcat servlet. However, maybe I'm just plain dumb, but I can't understand all the how-to's that I have found.
    I am assuming I DLed the appropiate .dll file and I placed it in Tomcat's bin folder.
    But then I have to create a properties file? I have no clue how to do this.
    I am still messing with the instructions, etc., but if anyone has any suggestions, or maybe a link to a dummie-fied How-to page, that would be extrememly helpful.
    I am currently running IIS on a win2k server.
    Thanks guys.
    (btw, for people who are having trouble setting the environment variable, with win2k, I was trying to do it with DOS, and it did not work. However, using the control panel > system > I was able to do it and the setting "stuck")

    No, you don't need Apache to make Tomcat work with ISS.
    There's a Wrox book entitled "Professional Apache Tomcat" that has a chapter on how to mate Tomcat with IIS. It gives step-by-step instructions that I've followed successfully a number of times.
    There are a few Tomcat books on the market now. I'd be surprised if they didn't address this. Go to Borders and pick one up. - MOD

  • Trying to configure wrt160N to work with WRT600N

    the WRT600N doesn't have enough range in my home.  I have bought a WRT160N to extend this.  Previously I was able to use a Belkin 54g without problem.
    The sowrtware set up for the 160N picks all of this up and then errors with internal error 302 when it trys to configure this scenario. 
    Any ideas I have tried soem of the posts when you have the wrt160N linked to non Linksys routers but no joy.  The wrt600N doesn't recognise the device.
     All firmware has been updated.
    any help gratefully received.
    A
    Solved!
    Go to Solution.

    How you are trying to Connect your WRT160N to WRT600N Router ? As your WRT600N Router is already configured and its working, then you just need to connect the Ethernet cable from WRT600N Lan Port  to the Linksys Router WRT160N on the LAN Port 1.
    Click Here and follow the instructions how to configure 2 routers to each other. 

  • Configuring SG500 to work with UCAC-CE and BE3K for multicast paging

    I need help configuring multicast on my SG500 swtiches. One is L3 no router involved. The Attendant works fine paging in Unicast. but I need to set it up for Multicast. I have no experience working with Multicast and I'm not sure what to do.. I dont even know if I need a router.. since the Switch is acting as a L3.

    Hello,
    While I've not personally set this up, I did run across Smart Tip that may aid in your quest.
    https://supportforums.cisco.com/docs/DOC-13461
    Good luck,
    Albert

  • Xorg -configure don't work with PB DotM

    hello folks
    i got a brand new packardbell dotM netbook , how i use arch in my worksation i decided to install arch in the netbook
    every goes fine exept when i want to configure Xorg.
    i installed the xf86-video-intell package, and tryed to make a "Xorg -configure" that work with the screen ( by the way the screen is very special http://www.tecnologiait.com.ar/?p=7315 the standart resolution is 1204x600 !!
    what recommend me do to guys?, use Xorg -configure don't work ( even show tvm) , and intel doesn't provide a tool like the nvidia-xconfig,
    or should i write my own xorg.conf file?
    ohh yes and could you make me a suggestion for a DE, i tried kdemod in the netbook ( i am kde-lover) but without a big Gpu kdemod goes slow, which DE to do recommend for a netbook, i am between E17 and LXDE
    thanks in advance

    Hello Slacknatcher!
    You can port a working configuration file, from another working distribution, or from livecd like Chakra, Ubuntu, Sushe.
    Can it work if you try without any xorg.conf file? Can you try out another drivers, like binary nvidia from nvidia, or opensource nv? And in the last case vesa?

  • Can't get Desktop Software configured properly to work with Outlook 2007 and Blackberry 8703E

    I have a Blackberry 8703E and I have Outlook 2007 on my laptop. I keep trying to install the Desktop software but don't know what option to choose, how to configure it to recognize Outlook, etc. My goal is to be able to sync my contacts, appointments, tasks, etc. between the laptop and my Blackberry. I have no clue what I am doing or how to install and configure the software to work.
    Also, I am going to uninstall the Desktop software and want to know what the link is to download the most current version that will work with my phone and my laptop (running Vista). I do not subscribe to the Blackberry service but only want to sync between my computer and the phone.
    PLEASE HELP! I am not knowledgeable in this stuff and any detailed instructions would be greatly appreciated!
    Thanks a bunch!
    Wade Rearic

    Don't know if you got your answer by now, but thought I'd try to help.
    First, let me preface by saying I use Vista, not XP, but my Outlook is 2007.
    Next, you need to be careful as to which versions of the software you use both (a) on your Blackberry desktop and (b) on your Blackberry itself.  For example, I use the 8703e via Verizon, but so far the phone's software only goes up to 4.2, which is two iterations short of Blackberry's latest smartphone software.  Why do they do this?  Because they typically introduce the new software via a new phone via an "exclusive" with a certain carrier, leaving all other users to either salivate or switch to the "exclusive" carrier.  Over time (6 months to a year) the "new" software may get rolled out to patient users with (by then) "older" phones, but they clearly want to incentivize consumers to just upgrade to new phones via special carriers.
    As for the Desktop software, it is easy to get tripped up here, as Blackberry's download site in not very intuitive for this.  Your problem could be that you downloaded and installed a Blackberry Desktop Software that is too advanced a version for your phone.  (To add further confusion, the desktop software tends to have version numbers similar to the the phone software, such as "4.2.")
    Bottom line: call your help number of your carrier to get the correct info for both sets of software for your phone.
    Once all the right software/drivers are installed, the Desktop interface si fairly user-friendly.  From a few choices you can backup your Blackberry data; synchronize it (if you are not already doing that wirelessly), etc.
    Hope this helps.

  • How do I configure TB to work with Filemaker 10?

    Hi,
    Thanks for any help you can offer.
    I'm on a Macbookpro on 10.6.8. I want to send email via Filemaker Pro 10.0v1. Thunderbird 31.0 is my default email client. I think I must also configure mac Mail somewhere in this process. These emails will go out on 5wcw.featheredpipe.com which is on webmail through my website. Will this complicate things?
    Please excuse me if I'm not using correct jargon here - this is new to me. FM support advises to use Eudora - hopefully that is just old info and Thunderbird will work.
    Thanks for any assistance,
    Linda

    Sounds like the real question is how to configure File maker to work with Thunderbird. Most applications like that just use the default email client. If that is not working you should ask the File Maker people how their software works.

  • Can't get OWA to work on Essentials 2012 R2 with Exchange 2013 on second server 2012 R2 std.

    I have previously with success setup a working solution with server 2012 essentials, and a second server 2012 std. with exchange 2013, I did it following this guide: http://technet.microsoft.com/en-us/library/jj200172.aspx
    Unfortunately I lost the server due to a cooling error which led to an un-repairable essentials 2012, since this was a new setup and also a test setup I didn't have any working backup solution setup at the time...tsk.tsk.
    Since I had to make a complete do over I chose to try out the new R2 server editions, and set it up following the same guide, when it came to this part:
    Download KB2732764 for ARR 2.5, and then install the update on the server that is running Windows Server 2012 Essentials.
    Copy the SSL certificate file for Exchange Server to the server that is running Windows Server 2012 Essentials. The certificate file must contain the private key, and it must be in the PFX file format.
    Note
    If you are using a self-issued certificate, follow the instruction in the Exchange Server article Export an Exchange Certificate to export the certificate.
    Open a command window as an administrator, and then open the %ProgramFiles%\Windows Server\Bin directory.
    Based on you installation scenario, follow one of these steps to configure ARR:
    If you are performing a clean setup, run the following command:
    ARRConfig config –cert “path to the certificate file” –hostnames “host names for Exchange Server”
    I noticed that the version of "Application request routing" had changed to version 3, so obviously I didn't need to dl the 2.5 update.. When I came to the part where I wa instructed to run arrconfig config etc. I noticed
    that the ARRconfig file no longer where placed where the setup guide indicated, I then went ahead and tried som manual configuration regarding certificates and such. In the end I have a working solution where Exchange and OWA is working locally but OWA isn't
    working outside my local domain, the link get's placed in the RWA and is indicating the correct link for the exchange server www.remote.clinten.dk I have a certificate which include to separate domain names aforementioned and remote.clinten.dk and
    I get no errors indicating certificate errors, when I try to connect to www.remote.clinten.dk/owa from outside I get a 404 error, and when I connect to www.remote.clinten.dk I get the RWA login screen for the essentials RWA. Obviously I need to set up something
    in ISS probably in the url rewrite section, but I can't seem to find the right setting.. Can someone help with this?
    Btw. I have found the missing arrconfig file in c:\windows\system32\essentials" and tried to run the command as described in the guide "ARRConfig config –cert “path to the certificate file” –hostnames “host
    names for Exchange Server”" but it doesn't seem to work, it just prompts with a guide for using the arrconfig command and examples of correct use, I also tried removing the "" from the guide, like this "ARRConfig
    config –cert path to the certificate file –hostnames host names for Exchange Server",
    when I ran it without the "" It didn't prompt me with anything nor did It indicate any errors, it did not however make my OWA work either..
    I am aware that exchange 2013 atm. isn't officially supported on the R2 server, but the exchange works fine inside my domain, and the pop3/smtp also works from outside, since this Is a test environment, using only my own private domain and not a company
    domain I figured it would be ok to run the risk.. ;)

    Hi
    found this on
    https://social.technet.microsoft.com/Forums/en-US/1f099068-b3ed-44f3-a8c4-c22d760a8621/arr-broken-or-bad-syntax-exchange-2013-essentials-2012-r2?forum=winserveressentials
    "Ok just an update for anyone else how has this issue.
    The problem has been solved by Microsoft and I have included their findings below, but basically it comes down to a typo!
    I often use notepad to have all the commands I need on hand, and I must have copied the command direct from the TechNet article or other website and customised the required fields. The issue with this is one of the characters did not “convert” - for want
    of a better word. I should have retyped the whole command from scratch and it would have been right!
    Thanks for everyone’s input and for Microsoft for getting to the bottom of it.
    From Microsoft:
    We have tested on your environment and here is the investigation result from our senior engineer:
    ================================================================
    Basically the command fails due to invalid parameter, the invalid one is the ‘-‘. I think the one customer used is copied from the online document sample which translate to the unicode is 0x8211 means “en dash”, it
    can’t be input by normal keyboard, so I pretty sure it is from web (mostly HTML document).
    The one we check (compare) is ‘-‘ which has the code 0x45.
    So it always failed to compare the parameter and ARRconfig.exe thought it is invalid parameter.
    The solution is quite simple, just using keyboard to retype the command, using normal ‘-‘ and I have tried the password prompt shows
    Best Regards,
    Johnny Chen
    Microsoft Partner Support Community Technical Support Engineer
    Microsoft Global Partner Services"

  • Configuring Lync 2010 Mobility with Front end and Edge Server

    I have been racking my brain the past week trying to figure out how to get the lync edge server working properly and how to get the mobility service working properly.
    Currently I have 1 front end server that is configured and working.  I have one edge server that has been configured according to nearly every online help I could find along with public CERT.
    If I use microsoft's online connectivity test and I run the test for
    Lync Server Remote Connectivity Test everything passes.  I am also able to connect to lync using a windows lync client from outside of the internal network however I have to specify the server name as being sip.ourdomain.com I cannot get connected using
    autodiscover.
    When I run the Lync Autodiscover Web Service Remote Connectivity Test it fails due to SSL error to lyncdiscover.ourdomain.com which then lead me down the path that I needed to install
    the Mobility service but it also tells me that I may need to update our SSL cert as well.
    This is where I am getting confused and would like to be pointed in the correct direction.
    When I installed mobility service on the front end server it created the autodiscover section in IIS.  If I am inside our network I can browse to it without any issue.  Where I am confused at this point is how to either setup DNS or how to configure
    the edge server to use autodiscover.
    Do I need to setup an additional public IP and point lyncdiscover.ourdomain.com to the IP of our front end server or to our edge server?  If I have to point this to our front end server then that would mean that I use one public IP that goes to 443,
    444 and 5061 for our edge server and then I would need one public IP that goes to ports 443 and 80 that get redirected to ports 4443 and 8080 on our front end server?  If that is the case then do I have to get an external cert for the front end server
    that contains lyncdiscover or can clients connect if it is just using the self signed cert from the domain?
    This is where I am getting confused at and hopefully some nice folks out there can clarify this for me so I can get this resolved.
    Thank you
    KK

    You need an additional public IP to point to a reverse proxy, which will listen on port 443 and proxy requests to your front end server on port 4443 (notice the extra 4).  You can use IIS ARR, Web Application Proxy, or whatever else you may have for
    this purpose, but you need to ensure you redirect port 443 to port 4443.  This reverse proxy cannot be collocated on your front end server or edge, you'll need a separate box or appliance. 
    Beyond Lyncdiscover, you'll want to do this for your external web services FQDN as defined in the topology builder and your meet and dialin URLs too.  You'll want a third part cert for all of this (though it doesn't need to be installed on the front
    end, just the reverse proxy) so that you don't need to install any internally signed root certs on anyone's smartphone.
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications
    This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Working with Websphere 5.1 Application Server pooled connection

    Hi,
    We use Oracle Connection Pool Data Source as an implementation of JDBC driver, configured at Websphere 5.1 AS. But it looks like the standard JDBC way of getting connection from data source, using it and closing it, doesn't work.
    After casting from IBM types to standard APIs, using IBM utilities, it behaves strange. Look like it needs explicit pool initialization and/or some spesial way of resources release.
    Are there any documentation of AS Websphere 5.1 configuration and/or code examples found?
    Best regards,
    Gal

    1. I will try to access
    2. DataSource object gives me connection of type: WSJdbcConnection which I cast to Connection interface using WSJdbcUtil object.
    3. Agreed
    4. It is well explained, but it is just working with the standard JDBC examples.
    The concrete questions are:
    1. What suppose to be the right implementation class for Oracle DB Data Source ? (Currently using: oracle.jdbc.pool.OracleConnectionPoolDataSource)
    2. What suppose to be the right implementation class for MS SQL DB Data Source ? (Currently using: com.microsoft.sqlserver.jdbc.SQLConnectionPoolDataSource)
    3. What is the way to identify against MS SQL ? Existing DB user, fails at login (after the machine and the DB found), at Data Source test, at WAS 5.1 Admin. Console. Shall it be local/remote machine user ?
    4. What is the correct way to get connections from pool defined at WAS 5.1? ( DataSource replies with IBM prprietry objects)
    5. How to release WAS 5.1 resources ? ( ... is it just .close() ?)

  • Can the WCC mobile app (iOS and Android) work with an SSO protected content server?

    We have just configured Single Sign On with Oracle Access Manager for our WebCenter Content server (and also for the WCC ADF UI). Everything works fine, even the Desktop Integration, except that now we cannot connect anymore from the WCC mobile apps.
    Is there a solution or is it really not possible to combine mobile access with SSO?

    I just found the solution:
    Add the following resource (type: excluded) to the wcc application domain in OAM:
    /cs/idcplg/**

Maybe you are looking for

  • How do I create rotating news stories on a web page?

    I need to create rotating news stories on a Home page -- where there is an image with text that users can click to access the story they want to read. I have been using Dreamweaver MX for years and was forced to switch to Dreamweaver CS4 when I start

  • Portlet could not be contacted error in content area

    hi everybody, i've developed an application using Portal Content Area.And i am accessing the content Area like "http://<servername>/pls/portal30/url/folder/<Content area name>". But when i access it shows "Error : Portlet could not be Contacted".then

  • Counter In XSLT

    Hi, Can somebody please let me know how I can create counter in XSLT. When I have multiple line item of certain segment in an idoc, I want to put the counter on the segment attribute as shown below. The scenario should be, Field                     

  • Vertical text in JComponents... here is a solution!!

    Hi all, I saw a posting on the subject of vertical Strings in JComponent and a guy gave a so usefull solution that I could not keep it for me self...Thats from R2D2 on the forum question http://forum.java.sun.com/thread.jsp?forum=54&thread=137301&sta

  • Add 2 same fields in O7Z4 (maintain line layout configuration)

    Dear expert, I would like to customize a new line layout for f-44 & f-58 when select on process open item. I want to have 2 field of text field (table: RFOPS, field name: SGTXT), but when i select on insert after... only 1 text field can add in the n