Solved

Configure Exchange 2010 Client Access Servers for external owa, activesync, Autodiscover

Posted on 2013-05-09
19
814 Views
Last Modified: 2013-06-23
Hi,

I need to figure out a way to configure 2 cas servers that are currently running with old external urls, but i would like to change the external urls while also having available the new external urls working ex: owa.abc.com/owa - current access to be also accessible with the new external url webmail.abc.com/owa while leaving or if possible having also another external link to the owa, autodiscover,activesync.

Thanks
0
Comment
Question by:adokilla
  • 7
  • 6
  • 2
19 Comments
 
LVL 4

Expert Comment

by:iammorrison
ID: 39154337
This might be able to be handled quite simply. Are your certs selfsigned or from an internal CA? Or do you use a third party CA like Entrust, GoDaddy or Digicert? The easiest way is to use a Unified Communications cert (UC cert) which leverages SAN names ( Subject Alternate names) which allow you to cover multiple domains under a single cert. So if you currently have a third party UC cert, you may be to able to add a SAN name then re-request the cert from the CA, make the appropriate DNS changes and you should be covered.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 200 total points
ID: 39155167
The external URL value in Exchange is used by Autodiscover and browsers to "correct" clients. Therefore as long as both the old and the new value are in the SSL certificate, they will continue to work. As advised above, simply ensure the SSL certificate has the correct names in it, then adjust Exchange and ensure that both the old and new names resolve to the server. Anything that doesn't update automatically will continue to work.

Simon.
0
 

Author Comment

by:adokilla
ID: 39157266
What do i have to do to get autodiscover working? I have done the following so far and its not working correctly in a scenario were you have 2 cas servers.

Created an internal dns named autodiscover.abc.com and points to the primary cas server cas01 on the external dns i created an A record that points to the public ip of the primary cas01 when i lookup the autodiscover.abc.com it gives me the iis splas screen when i browse this url autodiscover.abc.com/Autodiscover/autodiscover.xml it prompts me for the login and i get the standard error 601 and i am able to read the content of the xml. Now when i type the url on my phone it doesnt autoconfigure the phone why?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 4

Expert Comment

by:iammorrison
ID: 39157603
are you running them with a load balancer?
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 200 total points
ID: 39157921
The behaviour you are seeing when you browse to the Autodiscover URL is correct - that is because the type of request you are doing is not the same as Outlook.

Internal domain members use the Autodiscover value that you can see on this command:

get-clientaccessserver  | select identity, autodiscoverserviceinternaluri

When multiple servers with the CAS role are involved, I would usually set that value to the same on all servers in the same AD site.
The name also needs to be on the SSL certificate.

Externally, the clients use autodiscover.example.com by default, although you can also use SRV records. However if you have autodiscover.example.com in the SSL certificate then don't try and use SRV records as well.
If you have non-domain clients on your internal network (phones on wifi for example) then you should have a split DNS system setup.

You can test Autodiscover internally using Outlook: http://semb.ee/adt
Externally use the Microsoft test site at http://exrca.com/ 

Simon.
0
 

Author Comment

by:adokilla
ID: 39158219
I am using Windows load balancer to balance the cas servers.

I have domain clients using phones, and wifi. I tried again using my iphone to see if it will auto-discover the settings but it doesn't i still have to put in server info why?

Should the value for the autodiscoverservice internaluri be the same as the external
autodiscover.abc.com ??

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39158338
It doesn't have to be the same, although you can choose it to be. It just needs to resolve correctly and be in the SSL certificate.

Simon.
0
 

Author Comment

by:adokilla
ID: 39159797
I have all the domains now included in the certificate, but now when i got to my android and enter the email and password to get the activesync working i get an error failed to search exchange server automatically. How can i fix this issue? i have run the outlook autodiscover test over at testexchangeconectivity.com and i get this error

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Test Steps
       
      ExRCA is attempting to retrieve an XML Autodiscover response from URL https://abc.com/AutoDiscover/AutoDiscover.xml for user jsmith@abc.com.
       ExRCA failed to obtain an Autodiscover XML response.
       
      Additional Details
       A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown. Should the url be https://autodiscover.abc.com/AutoDiscover/AutoDiscover.xml and if so where do i change that url?


Thanks
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 200 total points
ID: 39161875
Autodiscover attempts a number of URLs automatically.
One of them is https://example.com/Autodiscover/Autodiscover.xml
It should then move on to https://autodiscover.example.com/Autodiscover/Autodiscover.xml.

Depending on the configuration of the host of example.com it can stop autodiscover from working correctly.

Simon.
0
 

Author Comment

by:adokilla
ID: 39162149
Is this error normal? and what could be the issue why a mobile device doesn't get automatically configured after typing in the email and password?

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39162168
Normal? Not unusual I would say. As I said it depends on the configuration of the server that answers the command. If it does so in such a way that tells the client that the process was unsuccesful (rather than a failure) it could be the cause of the problems.

It doesn't help that all ActiveSync clients are not equal - they all work in slightly different ways meaning you can get different results depending on the device.

Simon.
0
 

Author Comment

by:adokilla
ID: 39222762
I've requested that this question be deleted for the following reason:

The solutions i have been given are not correct.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39222763
What was incorrect?
You have been provided with solutions and told of limitations of the feature.
0
 

Author Comment

by:adokilla
ID: 39239202
I would like to accept Sembee2 answers.

Thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39240545
I got a response on this question that it was closed, but find it was not.
I have provided responses that indicate the limitation of the feature. The question did deviate from the original question, so actually saying which one answered the question isn't easy.

Simon.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Find out what you should include to make the best professional email signature for your organization.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question