Splitting CAS/HUB Post Install

After looking through all of the Google searches on splitting up the CAS/HUB roles post install, I went ahead and installed a new CAS server in our environment called EXCH-CAS-01 (Hub is EXCH-HUB-01).

At the same time, I decided it was time to change our OWA, ActiveSync, and Auto Discover URLs to match our new company name and domain.  I've generated a certificate for the new domain name and installed it on the new CAS server.

A few issues that I've run into.

Outlook 2010 no longer provides Mail Tips, if you setup an ActiveSync device with the new server address, the device receives messages, but will not fully download them, and a number of users using Outlook Anywhere cannot connect to the server.

Any ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

UALITGUYSAuthor Commented:
Also it turns out that users trying to use OWA through the new server receive "An unexpected error occurred and your request couldn't be handled." when trying to create a new e-mail message and expand their folder list.
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
So now you have a new CAS server on your org.

and you have the externalurl's configured only on the new cas server?
Also if that new casserver is going to be the only casserver in the org and if you are going to decomission the old one, have you changed the rpcclientaccessserver attribute on the old one?

do get-mailboxdatabase |ft name, rpcclientaccessserver to check what client accesserver is being used per mailbox database

the bottom line is, you must have the external url configured only on one client access server for him to proxy the request to the others, and if you have the mailbox databases using the other one the problem might be there.

are external url's you have:
autodiscover - get-autodiscovervirtualdirectory
owa - get-owavirtualdirectory
ecp - get-ecpvirtualdirectory
OAB - get-oabvirtualdirectory
web services(EWS) - get-webservicesvirtualdirectory
activesync - get-activesyncvirtualdirectory

check all of those and/or change the mailbox databases to point to the new cas (it will need an outlook restart)
UALITGUYSAuthor Commented:
The rpcclientaccessserver is still the old server.  Once I change this, will Outlook auto configure itself even though there is a new domain name involved?  Or will we have to reconfigure everyone's Outlook and ActiveSync phones?

When I do the 6 get commands, I see both the old server and the new server.

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
once you change this the outlook will pop up a message saying "administrative changes were made, please restart outlook"

be sure to have all the internal and external urls configured on the new server. also point the publishing services to the new server. what do you mean about new domain name? both new and old cas are on the same domain right?
also the phones are used internally for activesync or just from the internet? if its just from the internet you wont have a problem. just configure the urls on the new server (if not configured yet) and point the services there.

the 6 get commands should show both the internal and external urls for both servers. the ideal configuration is to have internalurls in the format:

(example for owa)

and the externalurls:
https://mail.domain.com/owa - on the new cas
null - on the old cas

this is what you need to get for your scenario. mail.domain.com is just an example of an external name used for the cas services.

add | ft name, internalurl, externalurl to the get commands to narrow down the output.
UALITGUYSAuthor Commented:
Our company changed its name.  With that, our external domain went from being OldDomain.com to NewDomain.com.

So on the old CAS, the internal and external urls are:

OWA - https://webmail.olddomain.com/owa
ECP - https://webmail.olddomain.com/ecp
ActiveSync - https://mail.olddomain.com/Microsoft-Server-ActiveSync
OAB - https://mail.olddomain.com/oab
EWS - https://mail.olddomain.com/ews/exchange.asmx
AutoDiscover - mail.olddomain.com

And then on the new CAS, the internal and external urls are:

OWA - https://mail.newdomain.com/owa
ECP - https://mail.newdomain.com/ecp
ActiveSync - https://mail.newdomain.com/Microsoft-Server-ActiveSync
OAB - https://mail.newdomain.com/oab
EWS - https://mail.newdomain.com/ews/exchange.asmx
AutoDiscover - autodiscover.newdomain.com
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
ok and what are the primary email addresses? @newdomain.com ??
and the url used for the external services? https://mail.newdomain.com/owa??

if that is the case, and if no one else is using the olddomain.com urls. just change the internalurls on the old cas to https://oldserver.domain.LOCAL/owa (for the owa service. put the internal old server fqdn on the internal urls for all the other services)
and set the old server external urls to NULL

on the new server the internal urls can match the external urls, or you can use the internal fqdn of the new server for the internal urls. it's your choise. depends if they are using owa internally and what name they want to type in the browser.

going to the begining of your post. the cas proxying is not working correctly and thats why some users dont access the services externally.

also dont forget to change the mailbox databases to point to the new cas. this will result on cas proxying not being needed. againg test all services pointing to the new CAS with that external urls.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
UALITGUYSAuthor Commented:
Alright, I'll give that a go later today/tonight.  And yes, our primary email addresses are @newdomain.com and the url for external services is https://mail.newdomain.com/owa (And then I have a http redirect on the root site to forward mail.newdomain.com to mail.newdomain.com/owa)

So 80% of the company uses OWA externally; then we have about 15% of the company that uses Outlook Anywhere; and then the other 5% is here in our Corporate office using Outlook locally.

Obviously for the ones using OWA I will need to make a redirection of webmail.olddomain.com to point to mail.newdomain.com; but for those using Outlook Anywhere, will they just automatically find the new servers?

Their settings in Outlook look like:

Server: EXCH-HUB-01.shortdomain.com (old CAS, that continues to be our HUB)

User Name: firstname.lastname@olddomain.com

Under More Settings > Connection > Exchange Proxy Settings we have:

Use this URL to connect to my proxy server for Exchange

Only connect to proxy servers that have this principal name in their certificate

Thanks for your help,
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
for outlook anywhere the url is configured on the outlook profile. they wont find new servers. you need to find a way to change it or to coexist with both names. if mail.newdomain.com and mail.olddomain.com share the same ip and if you are using TMG or ISA to publish the OA try adding both namespaces to that rule and test. Exchange will be able to accept requests to both names. Also you need the certificate updated with the newdomain name.
UALITGUYSAuthor Commented:
We don't have TMG or ISA, do you think if through GoDaddy I redirected mail.olddomain.com to mail.newdomain.com it would work?

I'll be using this issue as a reason why a Test environment is a good investment to our Executives lol...


Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
I think is worth to try. It should work but i've never done it. you can also use Group Policy to change it.

that is a very good reason yes :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.