Outlook via TMG VPN to F5 balanced CAS
I have question regarding Outlook via TMG VPN to F5 balanced CAS.
I will briefly describe my configuration. We have Ex2010SP1 CAS array, which because of WNLB issues, I switch to F5 (v 11.0) balancing. I’ve used iApp to configure F5 (using manual http://www.f5.com/pdf/deployment-guides/microsoft-exchange2010-iapp-dg.pdf) I’ve published all services on single virtual server (AS, OWA, Autodiscover, RPC). On CAS servers in IIS everything was the same as previous except using manual I moved SSL offloading to F5 (http://social.technet.microsoft.com/wiki/contents/articles/how-to-configure-ssl-offloading-in-exchange-2010.aspx.) .
Now my configuration looks like this, internal/external client for OWA comes to FBA on TMG then TMG forward it to F5, and everything works fine. On TMG, OWA and AS are only published not OutlookAnywhere because we don’t need this, if user want’s use Outlook externally he needs to use VPN over TMG. And now here we have the problem, we have clients that use domain joined laptops to connect internally and now Outlook constantly prompts for password. Prior moving NLB to F5 everything was working fine.
I don’t have any clue where I did go wrong, so any help would be appreciated. If I configured something wrong I presume that Outlook internally also would not work?