duartelazaro
asked on
Cas Proxying error.
I´m having this error on my CAS, this is the scenario:
1 CAS, webmail.contoso.com (cas1.contoso.com);
2 mailbox server srv1.contoso.com & srv2.contosol.com
If i have a mailbox on srv1, then i can access the email via OWA, but if the mailbox on srv2, then i get this error:
Outlook Web Access is not currently available for the user mailbox that you are trying to access. If the problem continues, contact technical support for your organization and tell them the following: Outlook Web Access could not establish a Secure Sockets Layer (SSL) connection to the Microsoft Exchange Client Access server that should be used to access the mailbox.
Request
Url: https://webmail.contoso.com:443/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest
User host address: 10.0.0.1
User: User
EX Address: /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
SMTP Address: user@contoso.com
OWA version: 8.1.359.2
Second CAS for proxy: https://srv2.contoso.com/owa
Exception
Exception type: Microsoft.Exchange.Clients
Exception message: The CAS server is most likely not configured for SSL (it returned a 403)
Call stack
No callstack available
-----------------------
on the Cas server i view this errors on eventvwr:
Event Type: Error
Event Source: MSExchange OWA
Event Category: Proxy
Event ID: 42
Date: 12-04-2010
Time: 8:54:44
User: N/A
Computer: cas
Description:
Microsoft Exchange Client Access server "https://webmail.contoso.com/owa" attempted to proxy Outlook Web Access traffic to Client Access server "https://srv2.contoso.com/owa". This failed because one of these configuration problems was encountered:
1. "https://srv2.contoso.com/owa" has been set to use "http://" (not using SSL) instead of "https://" (using SSL). You can modify this by setting the InternalUrl parameter of the Outlook Web Access virtual directory this proxy traffic is going to. You can set that parameter using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell.
2. The destination virtual directory returned an HTTP 403 error code. This usually means it is not configured to accept SSL access. You can change this configuration by using Internet Services Manager on the Client Access server "https://srv2.contoso.com/owa".
If you do not want this proxy connection to use SSL, you need to set the registry key "AllowProxyingWithoutSSL" on this Client Access server and set the InternalUrl and SSL settings for the Outlook Web Access virtual directory this proxy traffic is going to accordingly.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------
i have https, configured on the srv2.contoso.com;
i have https, configured on iis on the server srv2.contoso.com.
Any more ideias?
Thanks,
Duarte
1 CAS, webmail.contoso.com (cas1.contoso.com);
2 mailbox server srv1.contoso.com & srv2.contosol.com
If i have a mailbox on srv1, then i can access the email via OWA, but if the mailbox on srv2, then i get this error:
Outlook Web Access is not currently available for the user mailbox that you are trying to access. If the problem continues, contact technical support for your organization and tell them the following: Outlook Web Access could not establish a Secure Sockets Layer (SSL) connection to the Microsoft Exchange Client Access server that should be used to access the mailbox.
Request
Url: https://webmail.contoso.com:443/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest
User host address: 10.0.0.1
User: User
EX Address: /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recip
SMTP Address: user@contoso.com
OWA version: 8.1.359.2
Second CAS for proxy: https://srv2.contoso.com/owa
Exception
Exception type: Microsoft.Exchange.Clients
Exception message: The CAS server is most likely not configured for SSL (it returned a 403)
Call stack
No callstack available
-----------------------
on the Cas server i view this errors on eventvwr:
Event Type: Error
Event Source: MSExchange OWA
Event Category: Proxy
Event ID: 42
Date: 12-04-2010
Time: 8:54:44
User: N/A
Computer: cas
Description:
Microsoft Exchange Client Access server "https://webmail.contoso.com/owa" attempted to proxy Outlook Web Access traffic to Client Access server "https://srv2.contoso.com/owa". This failed because one of these configuration problems was encountered:
1. "https://srv2.contoso.com/owa" has been set to use "http://" (not using SSL) instead of "https://" (using SSL). You can modify this by setting the InternalUrl parameter of the Outlook Web Access virtual directory this proxy traffic is going to. You can set that parameter using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell.
2. The destination virtual directory returned an HTTP 403 error code. This usually means it is not configured to accept SSL access. You can change this configuration by using Internet Services Manager on the Client Access server "https://srv2.contoso.com/owa".
If you do not want this proxy connection to use SSL, you need to set the registry key "AllowProxyingWithoutSSL" on this Client Access server and set the InternalUrl and SSL settings for the Outlook Web Access virtual directory this proxy traffic is going to accordingly.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
----------------
i have https, configured on the srv2.contoso.com;
i have https, configured on iis on the server srv2.contoso.com.
Any more ideias?
Thanks,
Duarte
Akhater
do you have CAS role installed on server 2?
ASKER
Yes,
[PS] C:\>Get-ExchangeServer | fl name,serverrole
Name : srv2
ServerRole : Mailbox, ClientAccess, HubTransport
if i go to https://srv2.contoso.com/owa/, i can access the mailbox, but if i try to access via CAS server, i got the error.
Thanks,
Duarte
[PS] C:\>Get-ExchangeServer | fl name,serverrole
Name : srv2
ServerRole : Mailbox, ClientAccess, HubTransport
if i go to https://srv2.contoso.com/owa/, i can access the mailbox, but if i try to access via CAS server, i got the error.
Thanks,
Duarte
well remove CAS role from server2 this will solve your issue,
I assume the 3 servers are in the same AD site
I assume the 3 servers are in the same AD site
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you say the "cas server had domain rights" where did you see that and what did you do to fix it?
Thanks
Thanks