• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 843
  • Last Modified:

Configure Exchange 2010 Client Access Servers for external owa, activesync, Autodiscover

Hi,

I need to figure out a way to configure 2 cas servers that are currently running with old external urls, but i would like to change the external urls while also having available the new external urls working ex: owa.abc.com/owa - current access to be also accessible with the new external url webmail.abc.com/owa while leaving or if possible having also another external link to the owa, autodiscover,activesync.

Thanks
0
adokilla
Asked:
adokilla
  • 7
  • 6
  • 2
3 Solutions
 
iammorrisonCommented:
This might be able to be handled quite simply. Are your certs selfsigned or from an internal CA? Or do you use a third party CA like Entrust, GoDaddy or Digicert? The easiest way is to use a Unified Communications cert (UC cert) which leverages SAN names ( Subject Alternate names) which allow you to cover multiple domains under a single cert. So if you currently have a third party UC cert, you may be to able to add a SAN name then re-request the cert from the CA, make the appropriate DNS changes and you should be covered.
0
 
Simon Butler (Sembee)ConsultantCommented:
The external URL value in Exchange is used by Autodiscover and browsers to "correct" clients. Therefore as long as both the old and the new value are in the SSL certificate, they will continue to work. As advised above, simply ensure the SSL certificate has the correct names in it, then adjust Exchange and ensure that both the old and new names resolve to the server. Anything that doesn't update automatically will continue to work.

Simon.
0
 
adokillaAuthor Commented:
What do i have to do to get autodiscover working? I have done the following so far and its not working correctly in a scenario were you have 2 cas servers.

Created an internal dns named autodiscover.abc.com and points to the primary cas server cas01 on the external dns i created an A record that points to the public ip of the primary cas01 when i lookup the autodiscover.abc.com it gives me the iis splas screen when i browse this url autodiscover.abc.com/Autodiscover/autodiscover.xml it prompts me for the login and i get the standard error 601 and i am able to read the content of the xml. Now when i type the url on my phone it doesnt autoconfigure the phone why?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
iammorrisonCommented:
are you running them with a load balancer?
0
 
Simon Butler (Sembee)ConsultantCommented:
The behaviour you are seeing when you browse to the Autodiscover URL is correct - that is because the type of request you are doing is not the same as Outlook.

Internal domain members use the Autodiscover value that you can see on this command:

get-clientaccessserver  | select identity, autodiscoverserviceinternaluri

When multiple servers with the CAS role are involved, I would usually set that value to the same on all servers in the same AD site.
The name also needs to be on the SSL certificate.

Externally, the clients use autodiscover.example.com by default, although you can also use SRV records. However if you have autodiscover.example.com in the SSL certificate then don't try and use SRV records as well.
If you have non-domain clients on your internal network (phones on wifi for example) then you should have a split DNS system setup.

You can test Autodiscover internally using Outlook: http://semb.ee/adt
Externally use the Microsoft test site at http://exrca.com/ 

Simon.
0
 
adokillaAuthor Commented:
I am using Windows load balancer to balance the cas servers.

I have domain clients using phones, and wifi. I tried again using my iphone to see if it will auto-discover the settings but it doesn't i still have to put in server info why?

Should the value for the autodiscoverservice internaluri be the same as the external
autodiscover.abc.com ??

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
It doesn't have to be the same, although you can choose it to be. It just needs to resolve correctly and be in the SSL certificate.

Simon.
0
 
adokillaAuthor Commented:
I have all the domains now included in the certificate, but now when i got to my android and enter the email and password to get the activesync working i get an error failed to search exchange server automatically. How can i fix this issue? i have run the outlook autodiscover test over at testexchangeconectivity.com and i get this error

Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
       Autodiscover settings weren't obtained when the Autodiscover POST request was sent.
       
      Test Steps
       
      ExRCA is attempting to retrieve an XML Autodiscover response from URL https://abc.com/AutoDiscover/AutoDiscover.xml for user jsmith@abc.com.
       ExRCA failed to obtain an Autodiscover XML response.
       
      Additional Details
       A Web exception occurred because an HTTP 404 - NotFound response was received from Unknown. Should the url be https://autodiscover.abc.com/AutoDiscover/AutoDiscover.xml and if so where do i change that url?


Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
Autodiscover attempts a number of URLs automatically.
One of them is https://example.com/Autodiscover/Autodiscover.xml
It should then move on to https://autodiscover.example.com/Autodiscover/Autodiscover.xml.

Depending on the configuration of the host of example.com it can stop autodiscover from working correctly.

Simon.
0
 
adokillaAuthor Commented:
Is this error normal? and what could be the issue why a mobile device doesn't get automatically configured after typing in the email and password?

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
Normal? Not unusual I would say. As I said it depends on the configuration of the server that answers the command. If it does so in such a way that tells the client that the process was unsuccesful (rather than a failure) it could be the cause of the problems.

It doesn't help that all ActiveSync clients are not equal - they all work in slightly different ways meaning you can get different results depending on the device.

Simon.
0
 
adokillaAuthor Commented:
I've requested that this question be deleted for the following reason:

The solutions i have been given are not correct.
0
 
Simon Butler (Sembee)ConsultantCommented:
What was incorrect?
You have been provided with solutions and told of limitations of the feature.
0
 
adokillaAuthor Commented:
I would like to accept Sembee2 answers.

Thanks
0
 
Simon Butler (Sembee)ConsultantCommented:
I got a response on this question that it was closed, but find it was not.
I have provided responses that indicate the limitation of the feature. The question did deviate from the original question, so actually saying which one answered the question isn't easy.

Simon.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 7
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now