[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

OWA IP address

Posted on 2013-11-15
14
Medium Priority
?
1,104 Views
Last Modified: 2013-11-18
OWA IP address

Our CAS array points to 10.60.2.188
webmail.domain.com which is OWA internally points to 10.60.2.187

Actually I am not sure where OWA should point to, I thought it would point to CAS array.


Any idea?

Thanks
0
Comment
Question by:jskfan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
14 Comments
 
LVL 12

Assisted Solution

by:Dave
Dave earned 1712 total points
ID: 39652971
I would have thought it should point to the CAS array too, but from experience if you use the CAS URL. Exchange will redirect to the URLs configured on the OWA Client Access properties in the EMC. So those should also contain your CAS URL if you want to use NLB internally.

There is of course one gotcha, and that is if you are reverse proxying anywhere. If the external OWA traffic appears to come from the reverse proxy server, so t hides the real external IP then NLB can't load balance properly. In that case the reverse proxy server needs to do the load balancing. You can do this in TMG easily by publishing an array of web servers and putting in the IPs of all members of the CAS....
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 288 total points
ID: 39653666
CAS Array should not be used for anything other then RPC MAPI traffic for Outlook.
Therefore the behaviour you are seeing is correct.
0
 

Author Comment

by:jskfan
ID: 39653951
webmail.domain.com has an internal and external IP addresses…which makes sense so that users can access it internally and externally….it is an Outlook Web Application(OWA)

But how can I determine which host the IP address is pointing to…if it is virtual IP like CAS array , it will make sense, since CAS array is kind of virtual component made of 2 CAS servers.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 

Author Comment

by:jskfan
ID: 39653958
it could be LoadBalancer…I wonder if exchange can be set up this way:

Loadbalancer-->CASarray--> CAS/HUB server

in our case, Internally, regular Microsoft outlook 2010 account settings, point to our CAS array
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 1712 total points
ID: 39654278
An external load  balancer is the Microsoft recommended way for load balancing a CAS.

In that case the CAS IP address assigned to the load balancer which then distributes the traffic to individual members of the array.

You need to make sure you have the correct certificates in place so that the clients can establish can establish SSL sessions with the load balancer.  

If you use an external load balancer you can also co-site all roles on the same servers. Its the fact that NLB and MSCS clustering service clustering can't exist on the same box which prevents you co-locating the roles, not any thing inherent in the CAS config.
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 1712 total points
ID: 39654279
Sorry perhaps "recommended" is too strong a word, perhaps "preferred" or "strongly suggested". My employer uses NLB and it can cause issues when a server crashes...
0
 

Author Comment

by:jskfan
ID: 39654536
OK…. webmail.domain.com points to an IP address….This got to be in DNS
however it has to be pointing to a host somewhere…

From out side as well as from inside the network, when I run:
Nslookup
set type=all
webmail.domain.com
I get the IP address…. if I run it from outside, I get the public IP address and if I run it from inside I got the private IP address 10.x.x.x

However , I still cannot find out where the IP is pointing to , is it pointing to Threat Management Gateway?…our TMG is hosted by Microsoft , we do not have TMG inside the network..

if it was pointing to a CNAME, NSlookup should have displayed all the records
So I am not sure where the IP address is pointing to
0
 

Author Comment

by:jskfan
ID: 39654555
I used CentralOps.net  free online tool

I found out :
Webmail.domain.com = A record   pointing to 205.x.x.x
domain.com =MX record  pointing to  xxx.yyy.zzz.sprint.com

so with these extra info…I wonder how this get played out when users type webmail.domain.com from inside or outside the Network ???
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 1712 total points
ID: 39654592
I think you might have mis-understood me. When I said "external load balancer" I meant external to the Exchange server so probably "standalone"...

so with these extra info…I wonder how this get played out when users type webmail.domain.com from inside or outside the Network ???

Well most folks don't own enough routable IP's to make everything truly visible on the internet. They probably wouldn't want to either. So internal IPs are taken from the private ranges, for small folks typically 192.168.1.xxx but there are others as per this wiki:-

http://en.wikipedia.org/wiki/Private_network

So how does traffic arriving at 205.x.x.x get to your Exchange server when it doesn't have a 205.x.x.x IP address. This will be handled by a NAT rule in the router/firewall. So you router/firewall has the 205.x.x.x address and then forwards the traffic to your exchange box, typically at 192.168.x.x

If this is the case folks have a split brain DNS so what appears on the internet does not relate to what appears inside the firewall and doing "nslookup webmail.domain.com" internally will give you the non-routable internal IP....

They also normally use a non-routable private IP inside the company. so 172.16,

So assuming no reverse proxy, "outside" "webmail.domain.com" points to an routable external address. A NAT rule on the router

inside the company the internal DNS it points to her the load balanced address
0
 

Author Comment

by:jskfan
ID: 39654680
if I understand your comment, the internal IP of webmail.domain.com, points to NLB, then NLB transfer the request to CAS array, and CAS array transfers the request to one of the CAS servers, the less busiest…
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 1712 total points
ID: 39654935
Not quite. Network Load Balancing routes the traffic directly to a Client Access Server. It also only load balances on network traffic, (I think sessions but I can't find a link) so if a server has a busy CPU from some other task, NLB won't take any account of that fact.

The exception to this is that we usually specify "single-client affinity" , so all traffic from a particular IP address will go to the same back end server.

The CAS is really only a list of equivalent front end servers, it doesn't load balance at all.
You need some other technology to distribute the traffic. So you can use NLB, an external load balancer or round robin DNS.

Also technically the CAS its also not part of OWA but usually we use the same IP for the CAS and OWA but we don't have to. I guess that was the intent of  your original question. So you can point the OWA URL to the CAS IP or to any client access server, but if you want NLB to load balance the web traffic, it should be the NLB IP address....

I forgot to say what you shouldn't do is use the same name. So if your CAS name SHOULD NOT BE  "webmail.company.org"...

There is a lot more detail on this in this TechNet blog about de-mystifying the CAS array...

http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
0
 

Author Comment

by:jskfan
ID: 39655421
My initial question was about finding which host is the webmail.domain.com is pointing to.
after running the tool centralOps.net…

I have found that webmail.domain.com is an A record
and domain.com has an MX record pointing to xxx.yyy.zzz.sprint.com
but the info did not help too much


Regarding the CAS array…Our Outlook client internally points to CAS array and not to the IP of the Load Balancer as stated in the link about de-mystifying CASarray
0
 
LVL 12

Accepted Solution

by:
Dave earned 1712 total points
ID: 39655757
MX records are only used for SMTP.
The A record is what is used but it will probably be natted somewhere in the firewalls...
0
 

Author Closing Comment

by:jskfan
ID: 39658135
Thanks for the follow up
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question