Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Availability service Exchange 2007

Posted on 2011-02-16
12
Medium Priority
?
241 Views
Last Modified: 2012-08-13
We have 2 cas servers one internet facing one is internal.
autodiscover is working this question is more of trying to understand..

our internal domain is different than our external domain name.
so internal alias would be user@test.lcl
external would be user@testexternal.com


From a computer added to the domain and connected to network if i run the test auto-configuration using my email address user@testexternal.com  it populates with the external urls correctly using the intenet facing cas server.

If i use my ad credentials user@test.lcl   it pulls the services from the internal client access server not the internet facing cas server.

I do not understand how outlook/ exchange determines which CAS server to use internally or if there is a way to specify one over the other ?
Why doesnt it use the external facing cas server ?

the reason i ask is if we have a computer that is not a member of the domain but is on the network  when a user with a valid account tryies to authenticate and open outlook they are getting a cert error to trust the cert. which is self signed cert of the internal cas server rather than hitting the internet facing cas server.
if the computer external and not connected to the domain trys to access outlook using autodiscover or outlook anywhere it works fine.
0
Comment
Question by:mndthegap1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
12 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34909490
Basically the non domain joined client can't trust the internal cert because it is not in the same domain as the CAS server. Have you got internal DNS for your external domain name that resolves your cert name to the internal IP address of your Internet CAS server? Also add a SRV record to that internal zone that points at your internal Internet facing CAS server.
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 2000 total points
ID: 34909539
So in short:
1.) create the testexternal.com DNS zone on your internal DNS
2.) add any names (A records)  you need to resolve internally. Like mail.testexternal.com
3.) add a SRV record in the zone you created in Step 1, pointing at your Internet CAS server, where the name is internal or resolves to the internal IP address

More info on SRV record:
http://support.microsoft.com/kb/940881
0
 

Author Comment

by:mndthegap1
ID: 34909670
we do have dns configured with both intenal and external dns zones.
i do have an A record for my mail.testexternal.com pointing to the internet facing cas server.
i will try adding the srv record thank you.

but can you explain or let me know how when internally which CAS server is selected ?
i just cant grasp that
thanks for the help.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:mndthegap1
ID: 34909751
one other thing. i need to add the SRV record to the internal dns zone correct
the test.lcl zone ?  because if i am using the internal credentials alias@test.lcl

or do i need to add it to both the internal test.lcl zone and my external zone ?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34909759
A non domain joined client will resort to DNS to find Autodiscover service and the URLs

The SRV article I posted will explain that. Whereas the domain joined client will query AD for Service Connection Points and will connect to whichever CAS server in it's AD site was created first.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34909855
More info on the Autodiscover service:
http://technet.microsoft.com/en-us/library/bb332063(v=exchg.80).aspx

Add the SRV record to your internal DNS testexternal.com zone, that way if someone internal uses a nondomain joined machine they will get connected to exchange with no cert error.
0
 

Author Comment

by:mndthegap1
ID: 34909871
okay so if the internal cas server was created in the site before the internet facing cas server outlook will attempt to try that server first then the intenet facing as a 2ndary is basically how it works ?

but i get the srv record fix o i will do that.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34909898
I thought you said that @test.lcl worked correctly? Wouldn't be easier for users to enter their external email address and password?
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34909946
Yep, you got the idea, have a read of the whitepaper it might explain things a bit better or make them a bit clearer...
0
 

Author Comment

by:mndthegap1
ID: 34910030
thanks so much for your help i appreciate it.
one last question regarding it. is there a way to modify the SCP list to change the order ?
or would that require using adsi edit or what not.
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34910141
ADSiedit and reinstalling your CAS server ;-)
Are both of your CAS servers in the same AD site?
Upgrade to exchange 2010 for CAS arrays
0
 
LVL 31

Expert Comment

by:MegaNuk3
ID: 34951951
Thanks for the points, did the SRV record and internal DNS resolve your issue?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
The core idea of this article is to make you acquainted with the best way in which you can export Exchange mailbox to PST format.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question