Solved

Configure Exchange 2010 Client Access Servers for external owa, activesync, Autodiscover

Posted on 2013-05-09
19
799 Views
Last Modified: 2013-06-23
Hi,

I need to figure out a way to configure 2 cas servers that are currently running with old external urls, but i would like to change the external urls while also having available the new external urls working ex: owa.abc.com/owa - current access to be also accessible with the new external url webmail.abc.com/owa while leaving or if possible having also another external link to the owa, autodiscover,activesync.

Thanks
0
Comment
Question by:adokilla
  • 7
  • 6
  • 2
19 Comments
 
LVL 4

Expert Comment

by:iammorrison
ID: 39154337
This might be able to be handled quite simply. Are your certs selfsigned or from an internal CA? Or do you use a third party CA like Entrust, GoDaddy or Digicert? The easiest way is to use a Unified Communications cert (UC cert) which leverages SAN names ( Subject Alternate names) which allow you to cover multiple domains under a single cert. So if you currently have a third party UC cert, you may be to able to add a SAN name then re-request the cert from the CA, make the appropriate DNS changes and you should be covered.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 200 total points
ID: 39155167
The external URL value in Exchange is used by Autodiscover and browsers to "correct" clients. Therefore as long as both the old and the new value are in the SSL certificate, they will continue to work. As advised above, simply ensure the SSL certificate has the correct names in it, then adjust Exchange and ensure that both the old and new names resolve to the server. Anything that doesn't update automatically will continue to work.

Simon.
0
 

Author Comment

by:adokilla
ID: 39157266
What do i have to do to get autodiscover working? I have done the following so far and its not working correctly in a scenario were you have 2 cas servers.

Created an internal dns named autodiscover.abc.com and points to the primary cas server cas01 on the external dns i created an A record that points to the public ip of the primary cas01 when i lookup the autodiscover.abc.com it gives me the iis splas screen when i browse this url autodiscover.abc.com/Autodiscover/autodiscover.xml it prompts me for the login and i get the standard error 601 and i am able to read the content of the xml. Now when i type the url on my phone it doesnt autoconfigure the phone why?
0
 
LVL 4

Expert Comment

by:iammorrison
ID: 39157603
are you running them with a load balancer?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 200 total points
ID: 39157921
The behaviour you are seeing when you browse to the Autodiscover URL is correct - that is because the type of request you are doing is not the same as Outlook.

Internal domain members use the Autodiscover value that you can see on this command:

get-clientaccessserver  | select identity, autodiscoverserviceinternaluri

When multiple servers with the CAS role are involved, I would usually set that value to the same on all servers in the same AD site.
The name also needs to be on the SSL certificate.

Externally, the clients use autodiscover.example.com by default, although you can also use SRV records. However if you have autodiscover.example.com in the SSL certificate then don't try and use SRV records as well.
If you have non-domain clients on your internal network (phones on wifi for example) then you should have a split DNS system setup.

You can test Autodiscover internally using Outlook: http://semb.ee/adt
Externally use the Microsoft test site at http://exrca.com/

Simon.
0
 

Author Comment

by:adokilla
ID: 39158219
I am using Windows load balancer to balance the cas servers.

I have domain clients using phones, and wifi. I tried again using my iphone to see if it will auto-discover the settings but it doesn't i still have to put in server info why?

Should the value for the autodiscoverservice internaluri be the same as the external
autodiscover.abc.com ??

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39158338
It doesn't have to be the same, although you can choose it to be. It just needs to resolve correctly and be in the SSL certificate.

Simon.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:adokilla
ID: 39159797
I have all the domains now included in the certificate, but now when i got to my android and enter the email and password to get the activesync working i get an error failed to search exchange server automatically. How can i fix this issue? i have run the outlook autodiscover test over at testexchangeconectivity.com and i get this error

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Test Steps
       
      ExRCA is attempting to retrieve an XML Autodiscover response from URL https://abc.com/AutoDiscover/AutoDiscover.xml for user jsmith@abc.com.
       ExRCA failed to obtain an Autodiscover XML response.
       
      Additional Details
       A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown. Should the url be https://autodiscover.abc.com/AutoDiscover/AutoDiscover.xml and if so where do i change that url?


Thanks
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 200 total points
ID: 39161875
Autodiscover attempts a number of URLs automatically.
One of them is https://example.com/Autodiscover/Autodiscover.xml
It should then move on to https://autodiscover.example.com/Autodiscover/Autodiscover.xml.

Depending on the configuration of the host of example.com it can stop autodiscover from working correctly.

Simon.
0
 

Author Comment

by:adokilla
ID: 39162149
Is this error normal? and what could be the issue why a mobile device doesn't get automatically configured after typing in the email and password?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39162168
Normal? Not unusual I would say. As I said it depends on the configuration of the server that answers the command. If it does so in such a way that tells the client that the process was unsuccesful (rather than a failure) it could be the cause of the problems.

It doesn't help that all ActiveSync clients are not equal - they all work in slightly different ways meaning you can get different results depending on the device.

Simon.
0
 

Author Comment

by:adokilla
ID: 39222762
I've requested that this question be deleted for the following reason:

The solutions i have been given are not correct.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39222763
What was incorrect?
You have been provided with solutions and told of limitations of the feature.
0
 

Author Comment

by:adokilla
ID: 39239202
I would like to accept Sembee2 answers.

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39240545
I got a response on this question that it was closed, but find it was not.
I have provided responses that indicate the limitation of the feature. The question did deviate from the original question, so actually saying which one answered the question isn't easy.

Simon.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now