E2K7 CAS-CAS Proxying


  1. Only in the CAS which will be published on the internet you must set up the externalURL attribute with your external name
  2. All other "child" CAS servers must be set up with Integrated Authentication instead of forms authentication.  [ /owa  and  /Microsoft-Server-ActiveSync vir dir]
    The same for Exchange Server 2003 back-end servers you must not enable forms authentication
  3. ExternalURL in the child sites must be empty  Set-OwaVirtualDirectory <owa> -ExternalURL:$null
    Ps.: If you enableExternalURL in child CAS Servers, then you will have Redirection feature not Proxy.
  4. Make sure that you internalURL is appropriate. By default is the name of server, make sure that it makes sense (I wrote this one, because I saw a customer using external address into the internal address  )
  5. Make sure that RedirectToOptimalOWAServer is set to $True, you can use the following cmdlet: set-owavirtualdirectory "owa (default web site)" -RedirectToOptimalOWAServer $true
  6. If you are using ISA Server to publish the CAS Server (recommended) you must disable Forms in the "parent" CAS server, ISA server will take care of the Forms
When install E2K7, four virtual directories are created for Outlook Web Access: owa, Exchange, Public, and ExchWeb. The owa virtual directory provides access to Exchange 2007 mailboxes. The Exchange and Public virtual directories provide Exchange 2003 mailbox access. If a user who has a mailbox on an Exchange 2003 server logs on by using https://servername/owa, they will receive an error telling them that their mailbox is on an Exchange 2003 server. They must use the Exchange virtual directory. If they log on by using https://servername/Exchange, the Exchange 2007 Client Access server will proxy their request to the Exchange 2003 mailbox server. If a user who has a mailbox on Exchange 2007 accesses Outlook Web Access by using https://servername/owa, they will be able to access their mailbox directly. If they log on to Outlook Web Access by using https://servername/Exchange, they will be redirected to https://servername/owa.
Q: after installing the first cas/hub transport server I was unable to hit my exchange 2003 mailbox using the https://exchange2007server/exchange URL (received 404 page could not be found errors).
A: I searched high and low for an answer and the only thing close was this article: http://support.microsoft.com/kb/932438
but this is only when you have e2k7 cas + mailbox on one server trying to hit an e2k3 mailbox server. I saw one obscure post and did some digging to find out that our new exchange 2007 server was NOT added to the Exchange Domain Servers security group by default… why not? I manually added it into the group, waited a little for replication and then bam it started to work fine.
 
.  We were having topology errors all over the place and I added the Exchange Server (CAS/HTS/MB on 1 server) to the Domain Servers group and the Topology errors went away.  Not sure why that happened.
Reference
How Exchange Server 2007 CAS Proxying works for Outlook Web Access (OWA)
http://msexchangeteam.com/archive/2007/09/10/446957.aspx
Advertisements
This entry was posted in Exchange 2007. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s