Exchange OWA Proxy Across AD Sites through ISA
Hi, I wonder if anyone can help advise or point me in the right direction. We have two AD sites one in the UK and one in the US with Exchange 2010 servers in each. Only the UK site has an ISA server which is publishing OWA externally using Forms Based Authentication with RSA SecureID. If a user is based on the UK Exchange servers then external access works perfectly and OWA load up normally. When a user in the US tries to login OWA attempts redirection which fails to work as the URL internally is not available externally. External URL: mail.blahblah.com Internal URLs: uk-mail.blahblah.local and us-mail.blahblah.local On both the UK and US CAS servers I have configured an additional IIS site with OWA and ECP using Basic & Integrated authentication for use with ISA (lets call this site IIS-Ext). ISA authenticates the RSASecureID and then passes the Windows Credentials onto the IIS-Ext for the AD authentication. On the UK IIS-Ext CAS servers I have configured an External URL but the US IIS-Ext CAS I have left them blank. On the UK IIS-Ext CAS I have configured 'RedirectToOptimalOWAServer' = $false. I am still having no luck. Any suggestions? Many thanks in advance. Bara
January 3rd, 2012 6:09am

I am ssuming teh sites are in different AD sites. If the user's mailbox is on an Exchange 2010 Mailbox server in the same Active Directory site as CAS-01, CAS-01 provides access to the mailbox. If the user's mailbox is on an Exchange 2010 Mailbox server in a different Active Directory site, CAS-01 locates a Client Access server in the same Active Directory site as the user's Mailbox server. When one is found, Exchange 2010 determines whether the Client Access server has the ExternalURL property set in that Active Directory site. If it is, and cross-site silent redirection hasn’t been enabled, the user is provided with a clickable link that redirects them to the specified URL. If cross-site silent redirection has been enabled, the user will be automatically redirected to the specified URL. If the ExternalURL isn't set and the authentication method on the virtual directory is set to Integrated Windows authentication, CAS-01 will proxy the user's request to the Client Access server that's specified by the InternalURL property. see http://technet.microsoft.com/en-us/library/bb310763.aspx
Free Windows Admin Tool Kit Click here and download it now
January 3rd, 2012 10:09am

Thanks, your quote had partially helped. So firstly, I removed basic authentication from the OWA sites as an option but I also used the default OWA app for the ISA using Integrated Windows Auth to connect to and created a new OWA for the Forms Based Auth for internal use. Using the default web app seemed to do the trick and proxying is now working correctly across sites. Thanks.
January 4th, 2012 4:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics