Solved

Availability service Exchange 2007

Posted on 2011-02-16
12
233 Views
Last Modified: 2012-08-13
We have 2 cas servers one internet facing one is internal.
autodiscover is working this question is more of trying to understand..

our internal domain is different than our external domain name.
so internal alias would be user@test.lcl
external would be user@testexternal.com


From a computer added to the domain and connected to network if i run the test auto-configuration using my email address user@testexternal.com  it populates with the external urls correctly using the intenet facing cas server.

If i use my ad credentials user@test.lcl   it pulls the services from the internal client access server not the internet facing cas server.

I do not understand how outlook/ exchange determines which CAS server to use internally or if there is a way to specify one over the other ?
Why doesnt it use the external facing cas server ?

the reason i ask is if we have a computer that is not a member of the domain but is on the network  when a user with a valid account tryies to authenticate and open outlook they are getting a cert error to trust the cert. which is self signed cert of the internal cas server rather than hitting the internet facing cas server.
if the computer external and not connected to the domain trys to access outlook using autodiscover or outlook anywhere it works fine.
0
Comment
Question by:mndthegap1
  • 8
  • 4
12 Comments
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Basically the non domain joined client can't trust the internal cert because it is not in the same domain as the CAS server. Have you got internal DNS for your external domain name that resolves your cert name to the internal IP address of your Internet CAS server? Also add a SRV record to that internal zone that points at your internal Internet facing CAS server.
0
 
LVL 31

Accepted Solution

by:
MegaNuk3 earned 500 total points
Comment Utility
So in short:
1.) create the testexternal.com DNS zone on your internal DNS
2.) add any names (A records)  you need to resolve internally. Like mail.testexternal.com
3.) add a SRV record in the zone you created in Step 1, pointing at your Internet CAS server, where the name is internal or resolves to the internal IP address

More info on SRV record:
http://support.microsoft.com/kb/940881
0
 

Author Comment

by:mndthegap1
Comment Utility
we do have dns configured with both intenal and external dns zones.
i do have an A record for my mail.testexternal.com pointing to the internet facing cas server.
i will try adding the srv record thank you.

but can you explain or let me know how when internally which CAS server is selected ?
i just cant grasp that
thanks for the help.
0
 

Author Comment

by:mndthegap1
Comment Utility
one other thing. i need to add the SRV record to the internal dns zone correct
the test.lcl zone ?  because if i am using the internal credentials alias@test.lcl

or do i need to add it to both the internal test.lcl zone and my external zone ?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
A non domain joined client will resort to DNS to find Autodiscover service and the URLs

The SRV article I posted will explain that. Whereas the domain joined client will query AD for Service Connection Points and will connect to whichever CAS server in it's AD site was created first.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
More info on the Autodiscover service:
http://technet.microsoft.com/en-us/library/bb332063(v=exchg.80).aspx

Add the SRV record to your internal DNS testexternal.com zone, that way if someone internal uses a nondomain joined machine they will get connected to exchange with no cert error.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:mndthegap1
Comment Utility
okay so if the internal cas server was created in the site before the internet facing cas server outlook will attempt to try that server first then the intenet facing as a 2ndary is basically how it works ?

but i get the srv record fix o i will do that.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
I thought you said that @test.lcl worked correctly? Wouldn't be easier for users to enter their external email address and password?
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Yep, you got the idea, have a read of the whitepaper it might explain things a bit better or make them a bit clearer...
0
 

Author Comment

by:mndthegap1
Comment Utility
thanks so much for your help i appreciate it.
one last question regarding it. is there a way to modify the SCP list to change the order ?
or would that require using adsi edit or what not.
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
ADSiedit and reinstalling your CAS server ;-)
Are both of your CAS servers in the same AD site?
Upgrade to exchange 2010 for CAS arrays
0
 
LVL 31

Expert Comment

by:MegaNuk3
Comment Utility
Thanks for the points, did the SRV record and internal DNS resolve your issue?
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now