Hey Kevin - role based certificate assignment is a little funky. The browser cert is only check at realm login time. So even though you are not authenticating to the realm via a cert you need to modify the settings under "User Realms / Authentication Policy / Certificate" Set the radio button to the middle selection "Allow all users and remember certificate information while the user is logged in" - this will store the cert information for use in role validation. Works like a charm! ... View more

Managed to sort this out. The Net Connect profile wasnt assigned to the role I was using. Doh! All working now - just have another problem with Host Checker. ... View more

Hey Guys, Can you help me with the solution that will meet the underlisted requirements: Minimal requirement for to meet the deadline is for Forefront TMG to be able to publish the CAS server for web access to email, and also SMTP (depends if this is preffered option) However in the broader picture, here is the list of what is expected of the Forefront TMG to do in the larger scope of this project, as we hope to offer users more options for accessing their mailboxes. 1. Publish Microsoft Office Outlook Web App using forms-based authentication 2. Publish Outlook Anywhere using Basic or NTLM authentication. 3. Publish Microsoft Exchange ActiveSync using Basic authentication 4. Provide load balancing for HTTP-based protocol accessing from the Internet. 5. Support two-factor authentication for Outlook Web App. 6. Support two-factor authentication for Exchange ActiveSync 7. Provide certificate-based authentication for Exchange ActiveSync, Outlook Web App. 8. Perform mail hygiene for Exchange with installation of Microsoft Forefront Protection 2010 for Exchange Server let me know how the SSL can achieve this. Thanks ... View more

this remains unresolved. I have submitted an RFC to juniper to change the way SAM works on these type of applications. ... View more