CAS to CAS proxying
Hi
Running Exchange 2007 SP2 with three main AD sites. Each AD site has a seperate DC/GC, Mailbox cluster, CAS and Hub servers. Sites are London, LA, NY. For CAS servers, we have Cisco load balancers in place at each site, all users use
https://webmail.domain.com to access their OWA. Also, our networking guys have implented a function whereby users are routed to their closest load balancer when accessing
webmail.
So a user from London (whose mailbox is on Lond-MBX1 server) travels to NY. When in NY, they type in
https://webmail.domain.com to access their email. This should route them to the NY load balancers which then send him to a NY CAS, e.g. NY-CAS1.
What happens here? Does Exchange proxy the connection to a CAS in London, since that's where his mailbox is? So, really when he's accessing OWA, he's accessing Lond-CAS1 or Lond-CAS2? Or is he accessing NY-CAS1, which has a connection directly to Lond-MBX1
to grab the data?
April 8th, 2011 3:54am
Hi,
Normally the user would be redirected to the internal url of a CAS server in London, but it is not possible to tell what happens here because you might have some configuration in place here that operates in a different way.
Leif
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2011 8:17am
Hello,
Are all the CAS servers are internet facing?
We can use CAS proxy when one Client Access Server can act as a proxy for other Client Access Servers within the organization, when multiple Client Access
Servers are present in different Active Directory sites in an organization and only one is exposed to the Internet.
For more reference, please see the following article:
Understanding Proxying and Redirection
http://technet.microsoft.com/en-us/library/bb310763.aspx
Thanks,
Simon
April 10th, 2011 11:48pm
Thanks both.
To confirm, we don't have internet facing CAS servers, i.e there is no ExternalURL value set, this is all Internal.
Based on that info, could someone confirm what is happening?
i. The user's browser is accessing NY CAS, but the actual NY CAS 'fetches' all the data from the London CAS, which in turn gets the data from the Lond-MBX1 server?
ii. The user's browser initially accesssed NY CAS, but then is directed to London CAS?
Thanks guys.
Free Windows Admin Tool Kit Click here and download it now
April 11th, 2011 5:36pm
Hello,
If the user's mailbox is on an Exchange 2010 Mailbox server in a different Active Directory site, the proxy CAS (Let’s call it CAS-01)
server locates a CAS (Let’s call it CAS-02) server in the same Active Directory site as the user's Mailbox server. When one is found, Exchange 2010 determines whether the CAS server has the
ExternalURL property set in that Active Directory site. If so, the user is provided with a clickable link that redirects them to the specified URL. If the
ExternalURL isn't set and the authentication method on the virtual directory is set to Integrated Windows authentication, CAS-01 will proxy the user's request to the CAS-02 that's
specified by the InternalURL property.
Thanks,
Simon
April 11th, 2011 10:03pm
Ok, this is for Exchange 2007 by the way, not 2010, but I assume it's the same?.
So, if I went to user's browser > OWA > About
What value should I see for:
Client Access Server:
Proxy Server:
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2011 3:17pm
Yes, this machanism applies for both Exchange 2007 and Exchange 2010.
Client Access Server: This should be the CAS serer which is in the same site of the mailbox.
Proxy Server: The CAS server you origianlly access in IE.
Thanks,
Simon
April 13th, 2011 1:17pm