CAS Proxy OWA to different sites

I have a problem with proxying OWA that doesn't work between sites.

This is my setup:
1: Site A/CAS/Mailbox/DAG
2: Site A/CAS

3: Site B/CAS/Mailbox/DAG
4: Site B/CAS

Between all server there is connection and connection with a VPN link between Site A and Site B. I have only one Mailbox that is on the DAG and mounted on Server 1.

Server 1 has OWA internal url set to the host and authentication to integrated. Sames goes for Server 3. External url is left empty. These servers are only internal.

Server 2 and 4 have both external url and internal url set to the same name https://webmail.comany.com/owa. Log in is form based. They are both internet facing.

So to my problem. If a user logs in on Server 2 everything works fine since they are proxyed to the same site to server 1.

However if a user enter Server 4 they get a error message:
"A server configuration change is temporarily preventing access to your account. Please close all Internet Explorer windows and try again in a few minutes. If the problem continues, contact your helpdesk."

If I do a swithcover so that the mailbox is situated at Server 3 then it works great to log on to Server 4 and the same problem as before if you log on to Server 2.

Can somebody tell me where I can start looking for a solution? Don't really find any logs that helps me.
FindwiseAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
NenadicConnect With a Mentor Commented:
A few differences:
First of all, you need to configure ECP in the same manner as OWA.
EWS will be returned based on OA configuration, as per user's mailbox, so no redirection.
ActiveSync perform redirection for 6.1+ clients by relying on Error 451 in HTTP.
0
 
BusbarSolutions ArchitectCommented:
external name should be different and internal name should point to the internal CAS server FQDN. set it like that, reset IIS and try again
0
 
FindwiseAuthor Commented:
If I set them to different external names I get a redirect. Can't I always get it to proxy to the cas on the mailbox server? When Server 4 is searching for a CAS server that can connect to the mailbox why cant it just return Server 1 instead och Server 2?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
BusbarSolutions ArchitectCommented:
you will have it from a single site, you cannot have it in 2 sites. you can do that by removing the external name of the FQDN from server 2.
0
 
FindwiseAuthor Commented:
Can't I trick Server 4 in someway so that it doesn't find server 2 and instead finds Server 1?
0
 
FindwiseAuthor Commented:
I think I got it working. I removed the internal url on Server 2 and Server 4 and have the same url on external for them. It looks like its working now actually.
0
 
BusbarSolutions ArchitectCommented:
but how external traffic will be sent.
0
 
FindwiseAuthor Commented:
Or not. After doing a swithcover to Server 3 it stoped working again :-(. I guess that some settings where saved for a short time and not updated. However when the sitchover accured it updated it and now it stoped working :-(.

Why should it be so hard :-(. I don't want to have different urls exposed the users they should only know about one (what ever site they are on or if they are internally or externally). Think how easy it would be if Server 4 looked for a CAS in the other site that has integrated authentication/no external url enabled which would be Server 1. Then everything would work. Don't understand why it returns the  CAS Server 2.

0
 
BusbarSolutions ArchitectCommented:
it is hard because it is not designed to work like that. it simply won't
0
 
FindwiseAuthor Commented:
Will it always just look for one CAS? And if that fails everything fails? I cant stop access between Server 2 and Server 4? So it will go for the next CAS in the Site? How come it always chose Server 2?
0
 
NenadicCommented:
Findwise, the simple way to look at it is that you are trying to use the same street address in two different countries and you expect the same people to live there. It's not possible.

Any attempt to trick servers, will backfire at site failover. The simple approach is as follows:
While the databases are on Server 1, keep external OWA coming from that site. Server 2 should have External URL configured and your external DNS record for webmail.company.com should point to Site A's external addresses.
If you have a site failure, configure External URL on Server 4, repoint your DNS and users will be able to access the database.  That way, your network traffic is always optimised and site failure is handled with relative ease.
The alternative is to go back to original statement from busbar. Your need a separate namespace and you redirect.
0
 
NenadicCommented:
What do you have on the network edge that translates external requests for webmail.company.com to internal servers?  ISA, TMG, firewall NAT? That determines which server is connected to.
0
 
FindwiseAuthor Commented:
Bummer bu thanks for you help.

Is it the same behavior for ActiveSync and EWS webservice? Because I guess they can't return a redirect link for you?
0
 
FindwiseAuthor Commented:
It did not really help me but explained good how it works
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.