Solved

Annoying Outlook Anywhere

Posted on 2014-07-24
6
104 Views
Last Modified: 2015-07-05
Hi All

Having recently published our Exchange 2010 SP2 CAS Array to host Outlook Anywhere, via NTLM, I'm about to throw them across the room !

We have this scenario :-

OWA :
Public IP1 - Cisco FW - External IP1 - ISA 2006 Listener 1 - OWA Rule - Internal IP - Cisco FW NAT IP1 - OWA

OA:
Public IP2 - Cisco FW - External IP2 - ISA 2006 Listener 2 - OA Rule - Internal IP - Cisco FW NAT IP2 - CAS

The two published systems run on separate IP's from the internet, all the way through to the Exchange boxes, sharing only the internal IP of the ISA box.
Our OWA uses RSA SecurID, so it has a separate listener on the ISA.
The NAT on the internal Cisco Firewall runs on two sets of different IP's.

Our OWA rule works perfectly. The OA rule doesn't !

When we test OA, traffic is seen on the ISA, coming into the OA External IP, but then a new connection is initiated from the OWA External IP to the NAT IP. The connection sits there until the timeout is reached. We then see an error which correctly states the IP's in the path and says that the "connection attempt failed because the connected party did not properly respond after a period of time".

Does anyone have a step-by-step guide of how and what the ISA settings should be, as well as a method to track traffic beyond the ISA, to see if the OA request is actually reaching the CAS array ?

Thanks in advance
0
Comment
Question by:DoveSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40217594
A number of things here.

1. Exchange 2010 SP2 is no longer supported. Went end of life a few months ago, so should be upgraded.
2. You have mentioned the CAS Array. The CAS array is an INTERNAL name only, it should not resolve externally. It is for INTERNAL MAPI traffic only. If you have used the same host name for anything else (OWA, Outlook Anywhere etc) then you will expect problems because the client gets confused.

Simon.
0
 
LVL 1

Author Comment

by:DoveSupport
ID: 40218808
Thanks - the upgrade to SP3 is planned.

All of the literature I have seen, tells me to point an OA publishing rule at my CAS address - the logical address of my NLB. The OWA and CAS have different host names, and the CAS array has an entry on the correct DNS servers, so it resolves correctly across the firewalls involved. We do our OWA this way and it is fine.
Are you saying that I need a new DNS entry, specifically for OA, which points to the logical IP of my NLB ?

Any more suggestions regarding the rule setup ?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40222703
The CAS address and the CAS array are two different things.
You can use the same IP address, but the DNS entries should be different.
Similarly the CAS Array address does not and should not be on your SSL certificate - it should be used exclusively for the CAS array functionality.

Simon.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 1

Author Comment

by:DoveSupport
ID: 40223610
I think you're off on a tangent here. I need to figure out what settings my ISA publishing rule should have, more than worry about my CAS array or IP.

The certificates are ok and my NAT is fine. The problem - as I see it - is the ISA rule.

Has anyone else published OA or ActiveSync under the same setup as we have ?
0
 
LVL 1

Accepted Solution

by:
DoveSupport earned 0 total points
ID: 40856823
Hi Admin, please could you close this ticket for me, without awarding points ?
Thanks
0
 
LVL 1

Author Closing Comment

by:DoveSupport
ID: 40867286
Managed to resolve the situation. Reset SSL certificates and reconfigured ISA Listeners. In the end it just started working.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mailbox Overload?
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question