Kenny Placido
asked on
Internal and External Virtual Directory for 2 EX2016 servers
Quick scenario breakdown
4 2010 exchange servers
Primary 2010 - A - Outlook Anywhere enabled
Offsite 2010 (B and C) - with internal replays to the primary A - outlook anywhere not enabled
DR exchange for failover -D - outlook anywhere not enabled
2 new Exchange 2016
Primary 1 exchange 2016 - outlook anywhere enabled
DR exchange 2016 for failover 2 - outlook anywhere enabled - different autodiscover name
We installed our new exchange with no problems and just moved the DNS OWA record from Primary A (ex2010) to Primary 1 (ex2016). The next day, I get reports that exchange B and C (both 2010 with internal relays to Primary A) are not able to connect to exchange outside of our network. Quick work around for this was moving them to the new exchange 2016.
I go to install the DR exchange 2016 (2) and I get a .local cert error from hell. This thing was killing me for 2 weeks. Finally figured out that I need a cname to point from DRexchange2016.company.com to drexchange2016.company.loc al. Then I changed all the internal URL's from .local to .com. This fixed the issue.
I still get users externally trying to connect to the DRexchange2016.company.com , but the fix for this is just adding the external URL to all the virtual directory.
So what is the point of this long explanation. My question:
If I have Primary exchange A and Primary exchange 1 (2010 and 2016) pointing to the same Owa.company.com (cname is owa.company.com to saexchange2016.company.loc al). Can I point DRexchange2016.company.loc al to the owa.company.com in the virtual directory? Or do i have to make a new cname with a different path? If I do change it to the owa.company.com, do i have to reboot the server or just the iis?
Can I make EX2010 B and C external URL point to owa.company.com and leave outlook anywhere disabled?
Also, is there a way to turn off MAPI by server?
I read this blog article, but didnt understand much of it: https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
Thanks for the help in advance.
4 2010 exchange servers
Primary 2010 - A - Outlook Anywhere enabled
Offsite 2010 (B and C) - with internal replays to the primary A - outlook anywhere not enabled
DR exchange for failover -D - outlook anywhere not enabled
2 new Exchange 2016
Primary 1 exchange 2016 - outlook anywhere enabled
DR exchange 2016 for failover 2 - outlook anywhere enabled - different autodiscover name
We installed our new exchange with no problems and just moved the DNS OWA record from Primary A (ex2010) to Primary 1 (ex2016). The next day, I get reports that exchange B and C (both 2010 with internal relays to Primary A) are not able to connect to exchange outside of our network. Quick work around for this was moving them to the new exchange 2016.
I go to install the DR exchange 2016 (2) and I get a .local cert error from hell. This thing was killing me for 2 weeks. Finally figured out that I need a cname to point from DRexchange2016.company.com
I still get users externally trying to connect to the DRexchange2016.company.com
So what is the point of this long explanation. My question:
If I have Primary exchange A and Primary exchange 1 (2010 and 2016) pointing to the same Owa.company.com (cname is owa.company.com to saexchange2016.company.loc
Can I make EX2010 B and C external URL point to owa.company.com and leave outlook anywhere disabled?
Also, is there a way to turn off MAPI by server?
I read this blog article, but didnt understand much of it: https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
Thanks for the help in advance.
ASKER
There are 2 DAGs setup. One for the old 2010 machines and 1 for the new 2016. They are separate. Could I still set the new DR 2016 exchange VD URLs to owa.company.com?
The users are unable to connect externally if they are B and C (CAS Server). I was thinking about enabling outlook anywhere on those servers. Do I point it to the same owa.company.com? I would have to do the same for the exchange 2010 VD URLs, correct?
The users are unable to connect externally if they are B and C (CAS Server). I was thinking about enabling outlook anywhere on those servers. Do I point it to the same owa.company.com? I would have to do the same for the exchange 2010 VD URLs, correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For DR exchange server, I have it pointing to itself and set the internal VDs to do the same. So far, nothing has gone wrong with that.
As for site b and c (correct me if im wrong), I should enabled outlook anywhere and point the external url to owa.company.com with NTLM. THe external URL for the VD will be owa.company.com and the internal urls will siteb.company.com or sitec.company.com. True?
As for site b and c (correct me if im wrong), I should enabled outlook anywhere and point the external url to owa.company.com with NTLM. THe external URL for the VD will be owa.company.com and the internal urls will siteb.company.com or sitec.company.com. True?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if you accepted solution in my comments only, then why you want to close question this way, you can directly select my comment as answer....
ASKER
s
Exchange 2016 try to use mapi over http if client supports and if client did not supports (there are some patch work is required for outlook 2013, 2016 outlook natively supports it), it will fall back to RPC-HTTPS
long story short - no need to disable mapi-http protocol
owa.company.com should point to exchange 2016 boxes only and not 2010 boxes
how your DAG is configured?
do you have extended it to DR, in that case DR virtual directory URLs also should point to owa.company.com and in turn it should point to primary site 2016 servers only
final thing:
if outlook anywhere is not enabled on exchange 2010 CAS server (B and C) and if user mailbox remain in that location, how user will connect to that mailbox with outlook anywhere from external network?
basically you will need to enable Outlook Anywhere on your legacy Client Access servers and enable NTLM in addition to basic authentication for the IIS Authentication Method.