Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

CAS Proxy OWA to different sites

Posted on 2011-02-22
14
Medium Priority
?
3,478 Views
Last Modified: 2012-05-11
I have a problem with proxying OWA that doesn't work between sites.

This is my setup:
1: Site A/CAS/Mailbox/DAG
2: Site A/CAS

3: Site B/CAS/Mailbox/DAG
4: Site B/CAS

Between all server there is connection and connection with a VPN link between Site A and Site B. I have only one Mailbox that is on the DAG and mounted on Server 1.

Server 1 has OWA internal url set to the host and authentication to integrated. Sames goes for Server 3. External url is left empty. These servers are only internal.

Server 2 and 4 have both external url and internal url set to the same name https://webmail.comany.com/owa. Log in is form based. They are both internet facing.

So to my problem. If a user logs in on Server 2 everything works fine since they are proxyed to the same site to server 1.

However if a user enter Server 4 they get a error message:
"A server configuration change is temporarily preventing access to your account. Please close all Internet Explorer windows and try again in a few minutes. If the problem continues, contact your helpdesk."

If I do a swithcover so that the mailbox is situated at Server 3 then it works great to log on to Server 4 and the same problem as before if you log on to Server 2.

Can somebody tell me where I can start looking for a solution? Don't really find any logs that helps me.
0
Comment
Question by:Findwise
  • 7
  • 4
  • 3
14 Comments
 
LVL 33

Expert Comment

by:Busbar
ID: 34950363
external name should be different and internal name should point to the internal CAS server FQDN. set it like that, reset IIS and try again
0
 

Author Comment

by:Findwise
ID: 34950471
If I set them to different external names I get a redirect. Can't I always get it to proxy to the cas on the mailbox server? When Server 4 is searching for a CAS server that can connect to the mailbox why cant it just return Server 1 instead och Server 2?
0
 
LVL 33

Expert Comment

by:Busbar
ID: 34950482
you will have it from a single site, you cannot have it in 2 sites. you can do that by removing the external name of the FQDN from server 2.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:Findwise
ID: 34950524
Can't I trick Server 4 in someway so that it doesn't find server 2 and instead finds Server 1?
0
 

Author Comment

by:Findwise
ID: 34950617
I think I got it working. I removed the internal url on Server 2 and Server 4 and have the same url on external for them. It looks like its working now actually.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 34950638
but how external traffic will be sent.
0
 

Author Comment

by:Findwise
ID: 34950693
Or not. After doing a swithcover to Server 3 it stoped working again :-(. I guess that some settings where saved for a short time and not updated. However when the sitchover accured it updated it and now it stoped working :-(.

Why should it be so hard :-(. I don't want to have different urls exposed the users they should only know about one (what ever site they are on or if they are internally or externally). Think how easy it would be if Server 4 looked for a CAS in the other site that has integrated authentication/no external url enabled which would be Server 1. Then everything would work. Don't understand why it returns the  CAS Server 2.

0
 
LVL 33

Expert Comment

by:Busbar
ID: 34950705
it is hard because it is not designed to work like that. it simply won't
0
 

Author Comment

by:Findwise
ID: 34950831
Will it always just look for one CAS? And if that fails everything fails? I cant stop access between Server 2 and Server 4? So it will go for the next CAS in the Site? How come it always chose Server 2?
0
 
LVL 12

Expert Comment

by:Nenadic
ID: 34950846
Findwise, the simple way to look at it is that you are trying to use the same street address in two different countries and you expect the same people to live there. It's not possible.

Any attempt to trick servers, will backfire at site failover. The simple approach is as follows:
While the databases are on Server 1, keep external OWA coming from that site. Server 2 should have External URL configured and your external DNS record for webmail.company.com should point to Site A's external addresses.
If you have a site failure, configure External URL on Server 4, repoint your DNS and users will be able to access the database.  That way, your network traffic is always optimised and site failure is handled with relative ease.
The alternative is to go back to original statement from busbar. Your need a separate namespace and you redirect.
0
 
LVL 12

Expert Comment

by:Nenadic
ID: 34950883
What do you have on the network edge that translates external requests for webmail.company.com to internal servers?  ISA, TMG, firewall NAT? That determines which server is connected to.
0
 

Author Comment

by:Findwise
ID: 34950920
Bummer bu thanks for you help.

Is it the same behavior for ActiveSync and EWS webservice? Because I guess they can't return a redirect link for you?
0
 
LVL 12

Accepted Solution

by:
Nenadic earned 1500 total points
ID: 34950962
A few differences:
First of all, you need to configure ECP in the same manner as OWA.
EWS will be returned based on OA configuration, as per user's mailbox, so no redirection.
ActiveSync perform redirection for 6.1+ clients by relying on Error 451 in HTTP.
0
 

Author Closing Comment

by:Findwise
ID: 35034407
It did not really help me but explained good how it works
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question