I'm still hitting my head against this one, so I'm just asking one more time if anyone may have some ideas out there. I modified the post a little to hopefully offer some clarity. Thanks.
Previous Post: I have an Exchange 2010 SP3 CAS that is protected by an Ex2010 Edge Transport server with TMG 2010 sitting in our DMZ on the perimeter. These servers belongs to Company B (domain2.org) but we are hosting them in our, Company A, datacenter (domain1.org). We, Company A, use 2FA via RADIUS OTP for OWA connections. For Company B, we setup their web listener for RADIUS OTP with our Company A RADIUS server providing that validation. Everything is working as expected except the login experience. For Company A, when we perform 2FA at OWA, it takes users directly to their mailbox. With Company B, it takes users to a second OWA login page, without the 2FA requirement (as if hitting OWA internally). I have tried specifying separate Internal Network Credentials on the main 2FA OWA page but it still prompts a second time, even though the domain username/password are identical to what works on the second OWA login page. I searched around and compared the TMG rules on Company B to what we have at Company A but am not getting anywhere worthwhile. Any ideas? Confidentiality Notice: This is a transmission from Community Hospital of the Monterey Peninsula. This message and any attached documents may be confidential and contain information protected by state and federal medical privacy statutes. They are intended only for the use of the addressee. If you are not the intended recipient, any disclosure, copying, or distribution of this information is strictly prohibited. If you received this transmission in error, please accept our apologies and notify the sender. Thank you.
