Solved

CAS Proxy OWA to different sites

Posted on 2011-02-22
14
3,464 Views
Last Modified: 2012-05-11
I have a problem with proxying OWA that doesn't work between sites.

This is my setup:
1: Site A/CAS/Mailbox/DAG
2: Site A/CAS

3: Site B/CAS/Mailbox/DAG
4: Site B/CAS

Between all server there is connection and connection with a VPN link between Site A and Site B. I have only one Mailbox that is on the DAG and mounted on Server 1.

Server 1 has OWA internal url set to the host and authentication to integrated. Sames goes for Server 3. External url is left empty. These servers are only internal.

Server 2 and 4 have both external url and internal url set to the same name https://webmail.comany.com/owa. Log in is form based. They are both internet facing.

So to my problem. If a user logs in on Server 2 everything works fine since they are proxyed to the same site to server 1.

However if a user enter Server 4 they get a error message:
"A server configuration change is temporarily preventing access to your account. Please close all Internet Explorer windows and try again in a few minutes. If the problem continues, contact your helpdesk."

If I do a swithcover so that the mailbox is situated at Server 3 then it works great to log on to Server 4 and the same problem as before if you log on to Server 2.

Can somebody tell me where I can start looking for a solution? Don't really find any logs that helps me.
0
Comment
Question by:Findwise
  • 7
  • 4
  • 3
14 Comments
 
LVL 33

Expert Comment

by:Busbar
ID: 34950363
external name should be different and internal name should point to the internal CAS server FQDN. set it like that, reset IIS and try again
0
 

Author Comment

by:Findwise
ID: 34950471
If I set them to different external names I get a redirect. Can't I always get it to proxy to the cas on the mailbox server? When Server 4 is searching for a CAS server that can connect to the mailbox why cant it just return Server 1 instead och Server 2?
0
 
LVL 33

Expert Comment

by:Busbar
ID: 34950482
you will have it from a single site, you cannot have it in 2 sites. you can do that by removing the external name of the FQDN from server 2.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Findwise
ID: 34950524
Can't I trick Server 4 in someway so that it doesn't find server 2 and instead finds Server 1?
0
 

Author Comment

by:Findwise
ID: 34950617
I think I got it working. I removed the internal url on Server 2 and Server 4 and have the same url on external for them. It looks like its working now actually.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 34950638
but how external traffic will be sent.
0
 

Author Comment

by:Findwise
ID: 34950693
Or not. After doing a swithcover to Server 3 it stoped working again :-(. I guess that some settings where saved for a short time and not updated. However when the sitchover accured it updated it and now it stoped working :-(.

Why should it be so hard :-(. I don't want to have different urls exposed the users they should only know about one (what ever site they are on or if they are internally or externally). Think how easy it would be if Server 4 looked for a CAS in the other site that has integrated authentication/no external url enabled which would be Server 1. Then everything would work. Don't understand why it returns the  CAS Server 2.

0
 
LVL 33

Expert Comment

by:Busbar
ID: 34950705
it is hard because it is not designed to work like that. it simply won't
0
 

Author Comment

by:Findwise
ID: 34950831
Will it always just look for one CAS? And if that fails everything fails? I cant stop access between Server 2 and Server 4? So it will go for the next CAS in the Site? How come it always chose Server 2?
0
 
LVL 12

Expert Comment

by:Nenadic
ID: 34950846
Findwise, the simple way to look at it is that you are trying to use the same street address in two different countries and you expect the same people to live there. It's not possible.

Any attempt to trick servers, will backfire at site failover. The simple approach is as follows:
While the databases are on Server 1, keep external OWA coming from that site. Server 2 should have External URL configured and your external DNS record for webmail.company.com should point to Site A's external addresses.
If you have a site failure, configure External URL on Server 4, repoint your DNS and users will be able to access the database.  That way, your network traffic is always optimised and site failure is handled with relative ease.
The alternative is to go back to original statement from busbar. Your need a separate namespace and you redirect.
0
 
LVL 12

Expert Comment

by:Nenadic
ID: 34950883
What do you have on the network edge that translates external requests for webmail.company.com to internal servers?  ISA, TMG, firewall NAT? That determines which server is connected to.
0
 

Author Comment

by:Findwise
ID: 34950920
Bummer bu thanks for you help.

Is it the same behavior for ActiveSync and EWS webservice? Because I guess they can't return a redirect link for you?
0
 
LVL 12

Accepted Solution

by:
Nenadic earned 500 total points
ID: 34950962
A few differences:
First of all, you need to configure ECP in the same manner as OWA.
EWS will be returned based on OA configuration, as per user's mailbox, so no redirection.
ActiveSync perform redirection for 6.1+ clients by relying on Error 451 in HTTP.
0
 

Author Closing Comment

by:Findwise
ID: 35034407
It did not really help me but explained good how it works
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question