Solved

OWA IP address

Posted on 2013-11-15
14
758 Views
Last Modified: 2013-11-18
OWA IP address

Our CAS array points to 10.60.2.188
webmail.domain.com which is OWA internally points to 10.60.2.187

Actually I am not sure where OWA should point to, I thought it would point to CAS array.


Any idea?

Thanks
0
Comment
Question by:jskfan
  • 7
  • 6
14 Comments
 
LVL 12

Assisted Solution

by:Dave
Dave earned 428 total points
ID: 39652971
I would have thought it should point to the CAS array too, but from experience if you use the CAS URL. Exchange will redirect to the URLs configured on the OWA Client Access properties in the EMC. So those should also contain your CAS URL if you want to use NLB internally.

There is of course one gotcha, and that is if you are reverse proxying anywhere. If the external OWA traffic appears to come from the reverse proxy server, so t hides the real external IP then NLB can't load balance properly. In that case the reverse proxy server needs to do the load balancing. You can do this in TMG easily by publishing an array of web servers and putting in the IPs of all members of the CAS....
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 72 total points
ID: 39653666
CAS Array should not be used for anything other then RPC MAPI traffic for Outlook.
Therefore the behaviour you are seeing is correct.
0
 

Author Comment

by:jskfan
ID: 39653951
webmail.domain.com has an internal and external IP addresses…which makes sense so that users can access it internally and externally….it is an Outlook Web Application(OWA)

But how can I determine which host the IP address is pointing to…if it is virtual IP like CAS array , it will make sense, since CAS array is kind of virtual component made of 2 CAS servers.
0
 

Author Comment

by:jskfan
ID: 39653958
it could be LoadBalancer…I wonder if exchange can be set up this way:

Loadbalancer-->CASarray--> CAS/HUB server

in our case, Internally, regular Microsoft outlook 2010 account settings, point to our CAS array
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 428 total points
ID: 39654278
An external load  balancer is the Microsoft recommended way for load balancing a CAS.

In that case the CAS IP address assigned to the load balancer which then distributes the traffic to individual members of the array.

You need to make sure you have the correct certificates in place so that the clients can establish can establish SSL sessions with the load balancer.  

If you use an external load balancer you can also co-site all roles on the same servers. Its the fact that NLB and MSCS clustering service clustering can't exist on the same box which prevents you co-locating the roles, not any thing inherent in the CAS config.
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 428 total points
ID: 39654279
Sorry perhaps "recommended" is too strong a word, perhaps "preferred" or "strongly suggested". My employer uses NLB and it can cause issues when a server crashes...
0
 

Author Comment

by:jskfan
ID: 39654536
OK…. webmail.domain.com points to an IP address….This got to be in DNS
however it has to be pointing to a host somewhere…

From out side as well as from inside the network, when I run:
Nslookup
set type=all
webmail.domain.com
I get the IP address…. if I run it from outside, I get the public IP address and if I run it from inside I got the private IP address 10.x.x.x

However , I still cannot find out where the IP is pointing to , is it pointing to Threat Management Gateway?…our TMG is hosted by Microsoft , we do not have TMG inside the network..

if it was pointing to a CNAME, NSlookup should have displayed all the records
So I am not sure where the IP address is pointing to
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:jskfan
ID: 39654555
I used CentralOps.net  free online tool

I found out :
Webmail.domain.com = A record   pointing to 205.x.x.x
domain.com =MX record  pointing to  xxx.yyy.zzz.sprint.com

so with these extra info…I wonder how this get played out when users type webmail.domain.com from inside or outside the Network ???
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 428 total points
ID: 39654592
I think you might have mis-understood me. When I said "external load balancer" I meant external to the Exchange server so probably "standalone"...

so with these extra info…I wonder how this get played out when users type webmail.domain.com from inside or outside the Network ???

Well most folks don't own enough routable IP's to make everything truly visible on the internet. They probably wouldn't want to either. So internal IPs are taken from the private ranges, for small folks typically 192.168.1.xxx but there are others as per this wiki:-

http://en.wikipedia.org/wiki/Private_network

So how does traffic arriving at 205.x.x.x get to your Exchange server when it doesn't have a 205.x.x.x IP address. This will be handled by a NAT rule in the router/firewall. So you router/firewall has the 205.x.x.x address and then forwards the traffic to your exchange box, typically at 192.168.x.x

If this is the case folks have a split brain DNS so what appears on the internet does not relate to what appears inside the firewall and doing "nslookup webmail.domain.com" internally will give you the non-routable internal IP....

They also normally use a non-routable private IP inside the company. so 172.16,

So assuming no reverse proxy, "outside" "webmail.domain.com" points to an routable external address. A NAT rule on the router

inside the company the internal DNS it points to her the load balanced address
0
 

Author Comment

by:jskfan
ID: 39654680
if I understand your comment, the internal IP of webmail.domain.com, points to NLB, then NLB transfer the request to CAS array, and CAS array transfers the request to one of the CAS servers, the less busiest…
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 428 total points
ID: 39654935
Not quite. Network Load Balancing routes the traffic directly to a Client Access Server. It also only load balances on network traffic, (I think sessions but I can't find a link) so if a server has a busy CPU from some other task, NLB won't take any account of that fact.

The exception to this is that we usually specify "single-client affinity" , so all traffic from a particular IP address will go to the same back end server.

The CAS is really only a list of equivalent front end servers, it doesn't load balance at all.
You need some other technology to distribute the traffic. So you can use NLB, an external load balancer or round robin DNS.

Also technically the CAS its also not part of OWA but usually we use the same IP for the CAS and OWA but we don't have to. I guess that was the intent of  your original question. So you can point the OWA URL to the CAS IP or to any client access server, but if you want NLB to load balance the web traffic, it should be the NLB IP address....

I forgot to say what you shouldn't do is use the same name. So if your CAS name SHOULD NOT BE  "webmail.company.org"...

There is a lot more detail on this in this TechNet blog about de-mystifying the CAS array...

http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx
0
 

Author Comment

by:jskfan
ID: 39655421
My initial question was about finding which host is the webmail.domain.com is pointing to.
after running the tool centralOps.net…

I have found that webmail.domain.com is an A record
and domain.com has an MX record pointing to xxx.yyy.zzz.sprint.com
but the info did not help too much


Regarding the CAS array…Our Outlook client internally points to CAS array and not to the IP of the Load Balancer as stated in the link about de-mystifying CASarray
0
 
LVL 12

Accepted Solution

by:
Dave earned 428 total points
ID: 39655757
MX records are only used for SMTP.
The A record is what is used but it will probably be natted somewhere in the firewalls...
0
 

Author Closing Comment

by:jskfan
ID: 39658135
Thanks for the follow up
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now