Exchange 2007 CAS Activesync proxy is not working. We're getting "451" errors in the IIS logs and it appears that Exchange is trying to redirect not proxy, becuase the external URL is populated. Both of our AD sites are internet facing. Is it possible to proxy Activesync, and how? Thanks

There is detailed article about CAS proxying from MS http://technet.microsoft.com/en-us/library/bb310763%28EXCHG.80%29.aspx http://blogs.technet.com/b/exchange/archive/2007/10/12/3404136.aspx This might helpful.Thanks & Regards, Sandheep [...:::""I can't do it" never yet accomplished anything; "I will try" has performed wonders ":::...]

Why do you want to proxy the connection if they are both internet-facing? If you do want to do this however, the solution is to remove the externalURL entry on the ActiveSync virtual directory on the server you want to proxy to.

Hi Dun, Firstly, please look up these information: If the user's mailbox is on an Exchange 2007 Mailbox server, CAS-01 locates a Client Access server in the same Active Directory site as the user's Mailbox server. If there is a Client Access server that is closer to the user's Mailbox server, Exchange 2007 determines whether the Client Access server has the InternalURL property configured and if the authentication method is Integrated Windows authentication. If so, the user is proxied to the Client Access server specified by the InternalURL property. Otherwise, the request is rejected. An error code is returned to the mobile device if the request is rejected. If the proxied Client Access server has the ExternalURL property configured on the Microsoft-Server-ActiveSync virtual directory, an HTTP error code 451 will be returned. Regarding to these officail document your situation can not be achieved. I agree with Andy's words, not only the suggestion but also the question. Best Regards!

We are slowly migrating users maiboxes to a secondary datacenter and would prefer that the transition is seamless to users. I do not want users to change the Activesync URL on their devices, but rather just update the record's IP to point to the second datacenter. It would be nice if we could test prior to a hard cutover. I have read the articles the Jidan mentions and wondering if there is a workaround. I find it hard to believe that an internet facing CAS server can not support an Activesync user in an different AD site with an interfacing CAS server. Thanks

We are slowly migrating users maiboxes to a secondary datacenter and would prefer that the transition is seamless to users. I do not want users to change the Activesync URL on their devices, but rather just update the record's IP to point to the second datacenter. It would be nice if we could test prior to a hard cutover. I have read the articles the Jidan mentions and wondering if there is a workaround. I find it hard to believe that an internet facing CAS server can not support an Activesync user in an different AD site with an interfacing CAS server. Thanks Does the secondary DC that is already internnet-facing have a valid, trusted cert on it already?

We use the same wildcard cert at both datacenters

We use the same wildcard cert at both datacenters If the mobile device supports it (all newer ones do), then it should simply redirect the connection and update the user's profile automatically to point to the secondary data center if that is where the mailbox is located. It would be easy enough to test. If the user's mailbox is on an Exchange 2010 Mailbox server in the same Active Directory site as CAS-01, CAS-01 provides access to the mailbox. If the user's mailbox is on an Exchange 2010 Mailbox server in a different Active Directory site, CAS-01 locates a Client Access server in the same Active Directory site as the user's Mailbox server. CAS-01 determines whether any Exchange 2010 Client Access server in that Active Directory site has the ExternalURL property configured on the Exchange ActiveSync virtual directory. If so, CAS-01 issues the client an HTTP error code 451 that contains the ExternalURL value and instructs the client to redirect to that location. If no ExternalURL value is set, the connection will be proxied to the Client Access server using the FQDN specified by the InternalURL property, specifically to the /Proxy virtual directory. This virtual directory is located beneath the Exchange ActiveSync virtual directory in IIS and, by default, has Integrated Windows authentication enabled on it. http://technet.microsoft.com/en-us/library/bb310763.aspx http://blogs.technet.com/b/exchange/archive/2009/12/08/3408985.aspx