asked on EXCHANGE 2007, ACTIVEDIRECTORY
I don't know whether any body will understand my question.
But still let me put the question:
I have squid proxy server which has one owa address defined mail.domain.com/owa
Which directs owa traffic to our exchange server in primary site.
We have several other AD sites which are having child domain relationship with us.
In their respective AD sites I see their exchange CAS server their external url is blank in owa(under server configuration-Client access)
And only internal url is populated
So but when they use mail.domain.com/owa it works
How is it possible
But still let me put the question:
I have squid proxy server which has one owa address defined mail.domain.com/owa
Which directs owa traffic to our exchange server in primary site.
We have several other AD sites which are having child domain relationship with us.
In their respective AD sites I see their exchange CAS server their external url is blank in owa(under server configuration-Client access)
And only internal url is populated
So but when they use mail.domain.com/owa it works
How is it possible
Exchange* OWA
Last Comment
Bradley Fox
When using a proxy server you only utilize the internal URL as the Proxy is taking care of the address translation. If you were to publish the server directly to the internet you may or may not need the external URL defined depending on whether you are using split DNS or not.
ASKER
but problem is proxy server is hard coded to one IP of our exchange server which is primary AD site
so how come other sites are being taken care by the proxy server which is sitting in DMZ.(PROXY SERVER)
so how come other sites are being taken care by the proxy server which is sitting in DMZ.(PROXY SERVER)
Oh, I misunderstood. You can only have one Exchange organization per AD forest so the Client Access Server (CAS) defined in your proxy config is servicing all child domains as well. If their mailbox is on a different mailbox server then it just requests the data from there. Everyone is hitting the same server for OWA from the outside. When inside they may hit their local CAS depending on how DNS is configured.
ASKER
you pointed correctly
"Client Access Server (CAS) defined in your proxy config is servicing all child domains as well" where can I check this
every site has its own autodiscover url
"Client Access Server (CAS) defined in your proxy config is servicing all child domains as well" where can I check this
every site has its own autodiscover url
ASKER
can I run any commands on one of the other exchange server in other site
ASKER
those sites have their own Domain controller
If using different email namespaces for child domains you can setup your autodiscover record to point at whatever CAS you like, however, this only pertains to email clients like Outlook and Activesync, not OWA.
When you access OWA, you access it like any other URL on the internet so whatever your external DNS points to is where you are going to end up. It sounds like DNS points at your reverse proxy server and you say you have a proxy rule to forward traffic to this specific CAS inside your network. When someone goes to www.domain.com/owa they can only end up in one place. Since this CAS is a member of the same Exchange organization they will be able to login and access mail from there. OWA doesn't hold any mail; it just acts as the mail client and does not use autodiscover records.
The flow of data is like this:
You can check this by accessing www.domain.com/owa from outside and login as a someone who's mailbox is defined for one of the child domains then follow this article to extract information from IIS logs to see this user logging in. You might also have some logs on the Proxy that shows where the traffic is going.
http://myriadofthings.com/outlook-web-access-owa-and-activesync-reporting-using-iis-logs/
When you access OWA, you access it like any other URL on the internet so whatever your external DNS points to is where you are going to end up. It sounds like DNS points at your reverse proxy server and you say you have a proxy rule to forward traffic to this specific CAS inside your network. When someone goes to www.domain.com/owa they can only end up in one place. Since this CAS is a member of the same Exchange organization they will be able to login and access mail from there. OWA doesn't hold any mail; it just acts as the mail client and does not use autodiscover records.
The flow of data is like this:
- User types www.domain.com/owa into browser
- DNS lookup resolves to proxy so browser sends request to your reverse proxy
- Reverse Proxy passes packet to CAS defined in it's rule-set config
- User Logs into OWA on CAS
- CAS checks with AD to see where this user's mailbox is
- CAS requests user's mailbox data from mailbox server that holds their mailbox
- mailbox server returns data to CAS (OWA)
- OWA Sends data back to proxy
- Proxy sends data back to end user on internet and they see their mailbox.
You can check this by accessing www.domain.com/owa from outside and login as a someone who's mailbox is defined for one of the child domains then follow this article to extract information from IIS logs to see this user logging in. You might also have some logs on the Proxy that shows where the traffic is going.
http://myriadofthings.com/outlook-web-access-owa-and-activesync-reporting-using-iis-logs/
can I run any commands on one of the other exchange server in other siteIf I understand this question correctly you can make config changes on any CAS in the same organization. This is why most powershell commands that configure items on specific servers have a -server switch. An example of this is the New-MailboxDatabase cmdlet. This cmdlet requires you to specify the server you want the database on; it doesn't really care which server you are currently connected to.
"Own" domain controller doesn't matter. Active Directory replicates data among all of it's domain controllers with a full set of data being held on Global Catalogs. Exchange just checks with the nearest Global Catalog to find the information it needs.
ASKER
"1.User types www.domain.com/owa into browser
2.DNS lookup resolves to proxy so browser sends request to your reverse proxy
3.Reverse Proxy passes packet to CAS defined in it's rule-set config
4.User Logs into OWA on CAS
5.CAS checks with AD to see where this user's mailbox is"
if I assume for a minute that other AD sites are using our external DNS, in that sense if they use mail.domain.com /owa defined in proxy
they will see the log in screen but I don't see their CAS in proxy config, is it possible that our exchange server in primary site is redirecting traffic to their sites
2.DNS lookup resolves to proxy so browser sends request to your reverse proxy
3.Reverse Proxy passes packet to CAS defined in it's rule-set config
4.User Logs into OWA on CAS
5.CAS checks with AD to see where this user's mailbox is"
if I assume for a minute that other AD sites are using our external DNS, in that sense if they use mail.domain.com /owa defined in proxy
they will see the log in screen but I don't see their CAS in proxy config, is it possible that our exchange server in primary site is redirecting traffic to their sites
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.