We help IT Professionals succeed at work.

exchange, IIS, Load balancer

pramod1
pramod1 asked
on
251 Views
Last Modified: 2017-04-26
I am using external squid proxy server for owa which is directing traffic to internal CAS server , I see in iis of my CAS SERVER a redirect url)Ex27.mail.com/exchange , which is different from OWA url in squid proxy (MAIL.DOMAIN.COM/OWA) what is the reason for that

 We just installed  load balancer in our DMZ

  The issue at this point is that we are using host name “mail.DOMAIN.com” to access OWA which is configured on separate squid proxy server we are trying to replace .  I have change my host file to point to Snapt.  It is hitting Snapt and being forwarded to Exchange but load balancer is stating that it is being redirected from load balancer to the Exchange server since the site name on the Exchange server does not match mail.domain.com.  we just have internal URL populated(2k7domain.mail.lan) on exchange CAS server(2007)

  the mail.domain.com/owa login page opens up with internal URL(2k7domain.mail.lan) of our exchange CAS server and then when we put our username and password it says page cannot be displayed
Comment
Watch Question

Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
Hi pramod, what a difficult story to read.

Let me try, you point your hosts file to snapt (which is a software load balancer) which lives in your dmz.
Traffic hits the load balancer and it forwarded to your internal url, does this mean the hosts entry is pointing to a local ip,adress from a vip or external ip?

Cheers

Author

Commented:
sorry about getting u confused.

what actually is happening are 2 things:
we have CAS Server which is having internal OWA URL : HTTPS:/domain-mail.lan/owa 

we don’t have external owa url  populated and I see in IIS of my CAS SERVER a redirect url)Ex27.mail.com/exchange , which is different from OWA url in squid proxy (MAIL.DOMAIN.COM/OWA) what is the reason for that HAVING 302 REDIRECT embedded.

snapt lives in DMZ and is pointing to internal CAS server ip, all ports are opened. 80, 443,

the url mail.com/owa opens up but when we try to put in our username and password in owa login it goes to internal url of exchange cas server and comes up with error page cannot be placed.

Author

Commented:
it is through VIP , vip lives on snapt server
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
we don’t have external owa url

OWA url in squid proxy (MAIL.DOMAIN.COM/OWA)

url mail.com/owa opens

This just creates more confusion. Which url's are in use and how is this working under https? What certificate is in place?

Author

Commented:
right now owa url is configured on our squid proxy server mail.domain.com/owa , all users use this url to open owa.

which redirects us to CAS server.certificate is SAN name is :*.domain.com

but when we open the same url from snapt t we do get the same owa log in page but when we put in username and password it directs us to url which is in IIS redirection url with 302 redirect (iis of cas server) instead of opening OWA.
Datacenter platform engineer Lindows
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
hosts file point to exchange VIP

Author

Commented:
so where is the issue
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
Exchange vip is public ip address right? Then the problem can be found in NAT.
I think you should create a policy that the external address of the requester be included in all calls.
Dont know snapt but i think in terms off x-forward headers.

Author

Commented:
EXCHANGE IP is behind DMZ behind the ip is 10.x.x.x but how from snpat I am able to open the OWA url and then after putting ny username and password I get no page displayed.

I am unable to understand why in iis redirection url is there?
Patrick BogersDatacenter platform engineer Lindows
CERTIFIED EXPERT

Commented:
So the vip is internal. Then autodiscovery knows the internal url.

Not sure why the redirect is there and what its settings are but you can disable the rule and test it.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.