SMSMSE Remote Console Access blocked connecting thru Forefront TMG
I have a Forefront TMG server with the Exchange 2010 Edge role installed to publish Web email apps and process SMTP - I'll call it the Edge server and it is not joined to the domain. SMSMSE 6.5 is installed.
Another Win2k8R2 server has the Exchange 2010 Client Access, Hub and Mailbox roles installed - I'll call it the Mailbox server and it is joined to the domain. SMSMSE 6.5 is installed.
My goal is to be able to manage settings on both the Edge server and Mailbox server using the SMSMSE Console Global Group - Exchange 2010 feature and do this from either server.
For SMSMSE Console connectivity I setup outbound and inbound access rules in Forefront TMG on the Edge server using port 8081. The theory being that I could use either the Mailbox or Edge servers to connect to and manage SMSMSE.
What works: From the Edge server I can use the SMSMSE console and connect to the Mailbox server by enter my domain login credentials in the form domain\username.
What doesn't work: From the Mailbox server I tried to use the SMSMSE console to connect to the Edge server by entering my local administrator credentials from the Edge server. I've tried just the user name and the form servername\username. I can't get access. Forefront logs show that the port 8081 access rule isn't working and access is being blocked by the default rule. On the Mailbox server the console access fails with a diaglog box: "Unable to connect to the remote server".
All the Symantec documentation says all I need is port 8081 to access a remote console. What am I missing for this to work?