Multiple external CAS/OWA servers
Hello,
I have a question for something I cannot find online. Is there a way to configure Exchange 2007 CAS to allow users to pick either DNS A record?
So for instance, I have owa.company.com in the US and europeowa.company.com for the Europe OWA. These are two AD sites with Exchange mailbox servers at both sites. With this configuration right now, if a US user connects in via Europe (or vica versa), a message appears Use the following link to open this mailbox with optimal performance: https://owa.company.com
Now for the above geographic scenario, that is probably desired but if you have two US data centers and you want users to connect in via either DNS record, you cannot do that. Ive searched long and far without luck. Any help would be much appreciated.
Thanks,
Larry
February 5th, 2009 12:18pm
See this link for starters. I posted about this recently:http://social.technet.microsoft.com/Forums/en-US/exchangesvrdeploy/thread/db184114-9c76-4305-8236-60cc4d5f9dad/Within this thread you'll see this link, which has even more info:http://technet.microsoft.com/en-us/library/cc164344.aspxPlease post back your additional questions after you've read these. I'm interested in your scenario and think we may have similar needs.Mike Crowley: MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
Free Windows Admin Tool Kit Click here and download it now
February 5th, 2009 3:05pm
Hi,It seems that your scenario is similar to Regional Namespaces.The detailed information you can view in the second link as Mike recommended.ThanksAllen
February 9th, 2009 1:58am
Hello,
Thanks for the response Mike and Allen and I've read all that. I agree it fits with the regional namespace but my questions remains, can two data centers that contains a CAS and a separate mailbox server share their OWA DNS A record to all users. So is there a way in Exchange 20007 to configure users in Site A who normally use EastOWA.Company.com also use WestOWA.Company.com. Or due to the new design of Exchange 2007, you cannot proxy the West site from the East site with the externalURL defined and in use?
I want to simply allow users to connect to either OWA server instead of telling them they must use one or the other. Basically what you can do in Exchange 2003 OWA (allows proxy to any mailbox server - even ones with external OWA defined).
thanks,
Lawrence
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2009 10:28am
Hi,Did you mean the two data centers are deployed in two AD sites? And only one CAS is used in the two data centers which have each mailbox server?If my understanding is right, please understand that the CAS is necessary in every AD site within your organization that has the Mailbox server installed. Otherwise, the OWA will be failed when the user is notpertain tothe AD site as the CAS.In fact, we can simple access the OWA by using unified namespace in Exchange 2007, the front CAS will handle the request from the user which the mailbox server is not the same as CAS. The detailed information you can refer to the below article:http://msexchangeteam.com/archive/2007/09/10/446957.aspxThanksAllen
February 10th, 2009 2:34am
Let me clarify. Each Data center is in its own AD site with its own Mailbox AND CAS server with a unique DNS external namespace.So when an east coast user tries using the west coast CAS server externally, he sees Use the following link to open this mailbox with optimal performance: https://eastowa.company.com". The same goes for a west coast user who tries to use the east coast OWA server.Obviously if I take the external URL off either site, the proxy works. I want to understand if it is possible to allow this configuration to work.From the Exchange blog - #4 "4. If the best CAS has an "ExternalURL" set on the /owa virtual directory, than then First CAS will return a web page link to the client with the ExternalURL from the Second CAS."So is this the only option when you have two or more CAS servers with external URLSfor two or more AD sites?thanks,-Lawrence"
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2009 6:37am
Hi,Of course, that is possible.Please understand that the proxy can work on the premise that the external URL of the best CASis blank. The difference between redirection and proxying iswhether the external URL of is blank.I believe that you already understood this knowledge from the previous article.In fact, the external URL is notnecessary. As long as we can resolve theaddress of the internal URL on the DNS, we can put the internal URL as the accessing path for the external user. Then the external can be set as blank. After that, the proxying can work.ThanksAllen
February 10th, 2009 9:08pm
Hello,The internal and external DNS name is the same for OWA. So your point is I can remove the external URL from both CAS servers and just leave the internal URL as is and all proxying between the two sites will work as it would in Exchange 2003?Is the requirement of the external URL just for the redirection notice?thanks,Larry
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2009 10:01pm
Hi,Absolutely right. If the internal and external DNS name is the same for OWA, that is easy for us to achieve this goal. As you said, please just remove the external URL from both CAS servers and just leave the internal URL as it is. Then the proxying will be working smoothly.The external URL is the requirement for the redirection notice. ThanksAllen
February 10th, 2009 10:15pm
Okay - let me test this and get back to you shortly on the results. I thought I did this before but will try again.
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2009 10:19pm
Allen,I finally was able to make the suggested changes and test and this still not a good solution. I see I have to change both CAS servers to Integrated to make it work and then the users have to enter in the domain name. Just removing the External URL on both servers and leaving it as FBA causes an Exchange OWA error 41 in the event log. So my setup is as follows:Site East: Clustered MB server: ServerEastMB1Single HT/CAS Server: EastOWA.company.comspare HT/CAS server not yet deployedSite West:
Clustered MB server: ServerWestMB1
Single HT/CAS Server: WestOWA.company.com
spare HT/CAS server not yet deployedMany Exchange 2003 sites to be consolidated but those don't come into play with this issueSo I simply want the ability to proxy from Site West via westowa.company.com to mailboxes in site east and also to proxy from East to West. This basically allows users to use either namespace to get to their OWA - just like it works well in Exchange 2003. I do not have ISA nor load balancers at this time.I read the following post from http://msexchangeteam.com/archive/2008/12/31/450340.aspx but my configuration is both sites are Internet facing and I want proxy to work!!!"3.
If Exchange 2007 is deployed across multiple Active Directory sites
with an Internet-facing CAS server in one site and other CAS servers in
"proxy" sites, read our Redirection and Proxy
documentation. Briefly, when you configure your CAS servers for this
scenario you must have an external URL entered for the /owa virtual
directory in Exchange Management Console. Authentication will typically
be either forms-based (FBA) or basic auth. However, the CAS servers in
the proxy sites need to be configured quite differently. The
InternalUrl for the /owa vdir in the console should be the internal
FQDN of the server and the External URL should be blank, or null.
Authentication for /owa MUST be set to Integrated Windows
Authentication which means you cannot enable FBA on the CAS servers in
the proxy sites. If this isn't set up correctly and users with
mailboxes in the proxy site are unable to connect, then you should see
an event ID 41 for source MSExchange OWA on the Internet-facing CAS."I read some of the new posts out there and don't see an exact solution. Can you please help or someone from Msft. Much appreciated.thanks,Larry
February 25th, 2009 12:25am
I have the internal mailbox server specified for external url. I use basic auth only and proxy everything through ISA using forms-based auth. It also applies the default domain so users don't have to type it.
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2009 7:37pm
Hi,After doing further research, I found the CAS which facing Internet should has the external URL set.Please try to disable redirection to check this issue:set-owavirtualdirectory "owa (default web site)" -RedirectToOptimalOWAServer $falseThanksAllen
March 10th, 2009 2:38am
Hello,
Finally have all the information on this and thanks to the community, Mike Crowley, Allen Song, and Microsoft PSS. I hope this information is useful to others out there with similar designs and that Microsoft better document this scenario in Exchange 2007 and include more flexibility with this in Exchange 14. Personally I am a fan of option #3 if there are no local workstations at the data centers. But any of these options should work fine.
As I see it, I've got three options with different pro's and con's around complexity or extra hardware requirements and support. They are:
1. Setup ISA servers at both locations which will allow proxy to the two CAS servers. This allows the CAS servers to remain on challenge/response and proxy to work between the sites.2. Setup a two additional Exchange CAS servers at a third AD site spanning both physical locations and it will proxy to internal servers (called Deployment with a Client Access Server Proxy Site). This site has more information: http://technet.microsoft.com/en-us/library/cc535021.aspx.3. Merge the two Data Centers into one Active Directory site and the CAS servers will be able to proxy to both mailbox servers fine. And of course the redirection option that works by default is a good solution if you want your users to connect to the geographic location closest to their mailbox servers (good solution if between slow links; i.e. Exchange CAS server in Asia/Europe and another in N. America).Of course you could add (intelligent) load balancers into this equation as well but that's for another day.Larry
Free Windows Admin Tool Kit Click here and download it now
March 18th, 2009 10:35am
Hello, With Exchange 2010 now released, is there an easier way to setup the Internet facing Exchange CAS/OWA proxying between two namespaces? I heard rumors this "issue" would be cleaned up in Exchange 2010. thanks, Larry Heier
November 16th, 2009 10:43am
LawrenceHe and others,
I am in a similar situation right now with Exchange 2010.
I have exactly your scenario: two Internet facing sites, and would like users to use one namespace for owa which will then round robin to the two sites CAS NLB VIP. Right now, if they happen to hit the CAS array on the "wrong" site, they get a redirection
URL.
Has anyone been able to solve this? Will implementing ISA (TMG) on both sites help?
Thanks
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 9:11am
What does a casarray have to do with owa? or do you mean "an array of client access servers"? CASARRAY is
here.
It sounds like you want OWA to proxy the users connection back to the mailbox’s site instead of redirect.
Right?
This doesn’t sound like it will help your load too much, since you’ll have potentially up to 100% proxied connections, but if you want to do it anyway, see here:
Understanding
Proxying and
Redirection: Exchange 2010 Help
Mike Crowley
Check out My Blog!
July 13th, 2010 9:38am
Thanks for your quick response Mike.
By CAS Array, I meant an array of CAS servers (sorry for the confusion).
I have read the "Understanding Proxying and Redirection" article. CAS to CAS Proxying will not work in my scenario since both sites are Internet facing. My only option, it seems, is Redirection. The problem with Redirection is, it gives "Use
the following link to open this mailbox with the best performance:" and then they have to click the url of the site where their mailboxes reside. Not a good option, as we would like the user to have a transparent access to their mailboxes.
Thanks
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2010 10:19am
An suggestion, create a cas array(by using windows NLB or hardware loadbalancer) with urls of cas servers from both sites, point the external url to cas array using ISA proxy server or UAG. Pleasle dont mention the external urls in cas servers.
September 5th, 2012 9:36am