I've made an IIS 10 with ARR on a DMZ windows server 2019 not domain joined to reverse proxy to OWA (exchange 2016) with client certificate authentication.
I get error 402.1. Here's some details. On ISS ARR side, In GENERAL_SET_REQUEST_HEADER, i can see the client certificate. Compared thumbprint and it's the good certificate. On ISS OWA side, i can see in GENERAL_REQUEST_HEADER my X-ARR-ClientCert with the same good certificate.
But, OWA do not seems to see it, because i'm redirected to NTLM authentication (with 402.1 error on my logs).
I've seen that SSL settings and binding to https shall be disabled on backend. but when i bind only on http, OWA does not work. i seems to work only on https.
From lan address, when ssl settings ask for certificate, it works.
What should i do to make client certificate authentication working from ARR? I can put logs if needed to help me. Thanks.
[EDIT] Followed this page : https://blogs.msdn.microsoft.com/asiatech/2014/01/27/configuring-arr-with-client-certificate/
My problem is this :
4. And the certificate can be retrieved from backend server in this way: System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding(); string cert = Request.Headers["X-ARR-ClientCert"]; X509Certificate2 x509Cert2 = new X509Certificate2(encoding.GetBytes(cert));
I don't know where to put those code lines.
In fact it works. Client is asked for certififcate from ARR, then ARR let me join backend server. Works with OWA and Activesync. Thanks.