Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange 2013 - Reverse Proxy

Posted on 2014-01-14
10
Medium Priority
?
872 Views
Last Modified: 2014-02-02
Hi,

I know you all will need additional information but I will keep it simple and hopefully its enough to direct further details.

Simple enough. I have an essentials 2012 server (actually standard with the essentials role). One IP adress, one internet connection. On premise Exchange 2013 on separate box you must use a reverse proxy details here. I had a difficult time with the end of the document installing ARR in that, at least for me, the exe was not where it was suppose to be. This led to repeating steps and eventually to here where at step 5 internal and external are the same (sounds good to me) and this script was executed:

$HostName = "server2"
Set-EcpVirtualDirectory "$HostName\ECP (Default Web Site)" -InternalUrl ((Get-EcpVirtualDirectory "$HostName\ECP (Default Web Site)").ExternalUrl)
Set-WebServicesVirtualDirectory "$HostName\EWS (Default Web Site)" -InternalUrl ((get-WebServicesVirtualDirectory "$HostName\EWS (Default Web Site)").ExternalUrl)
Set-ActiveSyncVirtualDirectory "$HostName\Microsoft-Server-ActiveSync (Default Web Site)" -InternalUrl ((Get-ActiveSyncVirtualDirectory "$HostName\Microsoft-Server-ActiveSync (Default Web Site)").ExternalUrl)
Set-OabVirtualDirectory "$HostName\OAB (Default Web Site)" -InternalUrl ((Get-OabVirtualDirectory "$HostName\OAB (Default Web Site)").ExternalUrl)
Set-OwaVirtualDirectory "$HostName\OWA (Default Web Site)" -InternalUrl ((Get-OwaVirtualDirectory "$HostName\OWA (Default Web Site)").ExternalUrl)
Set-PowerShellVirtualDirectory "$HostName\PowerShell (Default Web Site)" -InternalUrl ((Get-PowerShellVirtualDirectory "$HostName\PowerShell (Default Web Site)").ExternalUrl)
Set-ClientAccessServer $HostName -AutoDiscoverServiceInternalUri ((Get-ClientAccessServer $HostName).AutoDiscoverServiceInternalUri.AbsoluteUri).Replace(((Get-ExchangeServer $HostName).Fqdn.ToLower()),((Get-OutlookAnywhere).InternalHostName.HostNameString))

Open in new window


In addition it was not clear to me whether in the examples mail.example.com meant the name of the server (mine is server2.ad.example.com) or if it was referring to mail.example.com as in the external DNS entry. So I have a forward lookup zone for both. Probably not good.

The problem. In all cases internal and external mail.example.com/owa, mail.example.com/ecp, mail.exmaple.com/powershell etc. All point to owa. I have tested autodiscover with Active Synch and it fails (again) on the MS connectivity analyzer site.

So I have virtual directories, unclear (to me) examples, reverse proxy, url rewrites, DNS private and public and I am unsure of where to look. Oh and I have looked here and I am done when I get to the first health check.

So what should I look at first?
0
Comment
Question by:mohrk
  • 6
  • 3
10 Comments
 

Author Comment

by:mohrk
ID: 39780869
Is the problem in my url rewrite rule? This is what I get internally

https://mail.example.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.example.com%2fecp
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39782201
Hello,

The first thing I would look at is your DNS. Do you have split-DNS setup? This is where you have the same zone publish on an external and internal DNS server but the zones are completely separate. The internal DNS server has your private IPs and the external DNS has your public IPs. If you aren't using split-DNS, your internal and external URLs will need to be different and your SSL cert will need to have hostnames for both your internal and public DNS zones. Note that if your internal DNS zone is a private non-internet zone (suck as .local) you will not be able to get a cert with that zone on it.

-JJ
0
 

Author Comment

by:mohrk
ID: 39782880
Hi JJ,

Thanks for answering. To the first part, yes, split DNS is setup however  was unclear about whether the examples that gave mail.example.com referred to the URL externally or internally. So internally I have a forward look-up zone configured as specified in the document with the ip address of the Exchange server. The zone refers to server2.ad.example.com. The main domain is ad.example.com with example.com being my public domain. Due to some confusion about the examples with mail.contoso.com I am now wondering if that is the FQDN of the internal server or that is the FQDN of the public domain that is then used to reroute the request to server2. So, I have both.

Zones are server2.ad.example.com and mail.example.com both point to the same ip. I do not think this is good.

In the meantime I have also developed an issue with Anywhere Access. They speak of an iis issue and form there I am not sure.

I have a wildcard cert.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 2000 total points
ID: 39782910
If you actually have split-DNS, you would use the same hostname to reference the server internally and externally. Something like mail.example.com. You public DNS server would resolve that name to a public IP and your internal DNS servers would resolve that name to an internal IP. Is that the case?

-JJ
0
 

Author Comment

by:mohrk
ID: 39783310
I am confused then.

My external DNS would resolve to my one and only external IP address. The router through port 443 forwarding sends the request to iis server1. iis server1 is supposed to read the url and send the request to iis on server2. This configuration, as described by Microsoft, is a split DNS/Reverse proxy.  

So server1 has a FQDN internally as server1.ad.example.com. I would like and thought I was configuring mail.example.com  to respond both internally and externally with exchange. This I thought was what MS was recommending and sounded good to me.

So DNS has 2 FLZ both pointing to the same ip.
0
 

Author Comment

by:mohrk
ID: 39789688
Well no matter. I somehow "missed" that 2012 R2 + Exchange 2010 or Exchange 2013 are UNSUPPORTED.

I called MS and that is what they said. I showed them the documentation that was linked within their product (2012 R2 with Essentials role) that made no mention of this. I got pointed to some obscure bog that did say this. So I am stuck with 2 broken servers one that has to start at bare metal and hopefully I can salvage the other with the backups I immediately start after a OS install.
0
 

Author Comment

by:mohrk
ID: 39799502
Well I am not sure why the assistance was lacking. Product configuration to new?
0
 

Author Comment

by:mohrk
ID: 39810656
If I can get the attention of the moderators, The points should really go (all of them) to jjmck.

The response was what I needed to do despite the vagueness of MS documentation.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 39811930
Click "Request Attention" below you question to get the moderators.

-JJ
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question