terry l@u's blog_ client access server proxying and redirection
DESCRIPTION
FileTRANSCRIPT
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
1/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
T U E S D A Y, A P R I L 1 2 , 2 0 1 1
Client Access Server proxying and redirection
Client Access Server proxying
Proxying requests between two Exchange 2010 Client Access servers
enables organizations that have multiple Active Directory sites to
designate one Client Access server as an Internet-facing server and
have that server proxy requests to Client Access servers in sites that
have no Internet presence. The Internet-facing Client Access server
then proxies the request to the Client Access server closest to the
user's mailbox.
Remark: In each Exchange organization that wants to allow access
from Internet-based clients, at least one Active Directory site must be
Internet facing. All non-Internet-facing Active Directory sites rely on the
Internet-facing Client Access server or servers to proxy all pertinent
requests from external clients.
I will setup the following lab environment.
Computer FQDN: DC1.contoso.com
IP/Network: 10.10.1.1/8
Roles: Domain Controller, DNS Server, Global Catalog
OS: Windows Server 2008 R2 Enterprise
AD Site: Default-First-Site-Name
Computer FQDN: EX1.contoso.com
IP/Network: 10.5.0.1/8
Roles: Exchange Server 2010 SP1 with all typical roles
OS: Windows Server 2008 R2 Enterprise
AD Site: Default-First-Site-Name
Computer FQDN: Mail.contoso.com
IP/Network: 10.1.1.1/8
Roles: Exchange Server 2010 SP1 CAS role (Internet-facing)
OS: Windows Server 2008 R2 Enterprise
AD Site: Default-First-Site-Name
S E A R C H T H I S B L O G
Search
T R A N S L A T E
Select Language
Pow ered by Translate
C A T E G O R Y
Active Directory (42)
Active Directory Certificate
Serv ices (1)
Backup Exec (2)
Citrix (1)
DHCP (3)
Exchange Server (27 )
Exchange Server 2007 (18)
Exchange Server 2010 (28)
Exchange Server 2013 (1)
Group Policy (14)
Hy per-V (10)
Outlook (3)
PowerShell (2)
Remote Desktop Serv ices (3)
SQL Server 2008 (2)
SQL Server 2008 R2 (1)
Sy stem Center Data Protection
Manager (1)
Sy stem Center Operations Manager
(1)
Sy stem Center Virtual Machine
Manager (1)
VMware (6)
Share Report Abuse Next Blog Create Blog Sign In
T E R R Y L @ U ' S B L O GS HA R I N G I T K N O W L E D G E
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
2/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Computer FQDN: DC2.contoso.com
IP/Network: 172.16.0.10/16
Roles: Domain Controller, DNS Server, Global Catalog
OS: Windows Server 2008 R2 Enterprise
AD Site: Branch
Computer FQDN: EX2.contoso.com
IP/Network: 172.16.0.11/16
Roles: Exchange Server 2010 SP1 with all typical roles
OS: Windows Server 2008 R2 Enterprise
AD Site: Branch
Computer FQDN: Workstation
IP/Network: 192.168.0.10
Roles: Workstation (Internet client)
OS: Windows 7
Assuming Default-First-Site-Name is the Internet-facing site. I have
created 2-mailbox (Susan Tam and Peter Pan). Susan Tam mailbox
stores in EX1.contoso.com and Peter Pan stores in
EX2.contoso.com.
Wanting to access the mailbox by Outlook Web App in the Branch AD
site, Susan has to enter https://ex1.contoso.com/owa to access
her mailbox. If she tries to use https://ex2.contoso.com/owa to
access her mailbox, she gets the following error:
Figure 1: Outlook Web App isn't available
Solving this problem, I have to configure the Client Access Server
proxying. Mail.contoso.com will be the Internet-facing Client Access
Server. After I configure the internet-facing Client Access Server, all
users will use https://mail.contoso.com/owa to access their
mailbox.
1. At Mail, log in as Domain Administrator.
2. Launch "Exchange Management Console", expand "Microsoft
Exchange On-Premises > Server Configuration > Client Access".
3. At right pane, select "MAIL".
4. Next to "Outlook Web App", right-click "owa (Default Web Site)",
select "Properties".
Windows 8 (2)
Windows Clients (13)
Windows Server (24)
Windows Server 2012 (18)
Windows Server 8 (10)
B L O G A R C H I V E
2012 (37 )
2011 (119)
November (8)
October (4)
September (6)
August (12)
July (5)
June (9)
May (7 )
April (27 )
Installing SCDPM 2010 with
local SQL
Simplify the Outlook Web
Access URL
Set the Forms-Based
Authentication Private and
Pub...
Configure offline domain join
Increase Exchange 2010
default move request
Active Directory Recy cle Bin
Domain rename with
Exchange server 2003
(Part 3)
Domain rename with
Exchange server 2003
(Part 2)
Domain rename with
Exchange server 2003
(Part 1)
RBAC Manager
Exchange routine jobs
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
3/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
5. Make sure the External URL is "https://mail.contoso.com/owa".
Figure 2: owa (Default Web Site) General tab
6. Select "Authentication" tab.
7. Make sure "Use forms-based authentication" is selected.
Figure 3: owa (Default Web Site) Authentication tab
8. Click "OK".
9. Next to "Exchange Control Panel", right-click "ecp (Default Web
Site)", select "Properties".
10. Make sure the External URL is "https://mail.contoso.com/ecp".
Aidan Finn, IT ProNew AD Replication Status Tool
3 days ago
Central Store for Group Policy
Administrative Temp...
Exchange 2007 and 2010:
Don't rename y our domain
n...
Keeping and Updating trusted
sites in Internet Exp...
Local Move Request error
Client Access Server proxy ing
and redirection
Limiting Exchange 2010 SP1
Database Cache
Configuring and using display
picture in Exchange ...
Deploy ing Exchange Server
2010 Hosting mode (Part ...
Migrating SY SVOL to DFS
replication (Part 2)
Exchange Server 2010
unattended mode
Deploy ing Exchange Server
2010 Hosting mode (Part ...
Migrating SY SVOL to DFS
replication (Part 1)
Deploy ing Exchange Server
2010 Hosting mode (Part ...
Using Print Migrator
Decommission a Windows
enterprise certification
au...
Migrate print servers fron
Windows Server 2003 to ...
March (30)
February (7 )
January (4)
F O L L O W E D W E B S I T E S
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
4/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Figure 4: ecp (Default Web Site) General tab
11. Select "Authentication" tab.
12. Make sure "Use forms-based authentication" is selected.
Figure 5: ecp (Default Web Site) Authentication tab
13. Click "OK".
14. Next to "Exchange ActiveSync", right-click "Microsoft-Server-
Active-Sync (Default Web Site)", select "Properties".
15. Make sure the External URL is
"https://mail.contoso.com/Microsoft-Server-ActiveSync".
Clint Boessen's BlogAn insight into OWA Desktop by
Messageware
2 weeks ago
EighT wOne (821)The UC Architects Podcast
S01 E06
13 hours ago
Exchange Server ProA Guide to Back Pressure in
Microsoft Exchange Serv er
16 hours ago
Group Policy CentralHow manage Published (a.k.a
Metro) Apps in Windows 8 using
Group Policy
2 weeks ago
How Exchange WorksActiv e Directory Replication
Status Tool
3 weeks ago
John Policelli's BlogIntroducing the Exchange
Administration Center (EAC)
2 weeks ago
Jorge's Quest ForKnowledge!(2006-1 0-20) Activ e Directory
Metadata Cleanup Utility
5 years ago
MSExchange.orgX.400 Addresses and Exchange
201 0 (Part 2)
4 days ago
Petri IT KnowledgebaseVMworld 201 2: VMware
Launches v Cloud Suite 5.1
10 hours ago
T he Exchange T eam BlogBlog Post: FIM R2 est disponible !
2 months ago
O N L I N E T O O L
Barracuda Central IP/ Domain
Lookups
BlackListAlert
Conversion Calculator
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
5/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Figure 6: Microsoft-Server-ActiveSync (Default Web Site) General tab
16. Select "Authentication" tab.
17. Make sure "Basic authentication" is checked.
Figure 7: Microsoft-Server-ActiveSync (Default Web Site)
Authentication tab
18. Click "OK".
19. Enter "iisreset" in "Command Prompt".
20. Still in Exchange Management Console, select "EX1".
21. Next to "Outlook Web App", right-click "owa (Default Web
Site)", select "Properties".
22. Make sure the External URL is empty.
Exchange Remote Connectiv ity
Analy zer
Iptools
MX Lookup Tool
A B O U T M E
TERRY LA U
HONG KONG
MCSA: Windows Server 2008
MCTS: Windows 7 ,Configuring
Exchange Server 2010, Configuring
MCSE: Windows Server 2003
MCITP: Enterprise Support
Technician Server Administrator
Enterprise Administrator
Enterprise Messaging
Administrator
V IEW M Y COM PLETE PROFILE
M A P
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
6/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Figure 8: Clear External URL
23. Select "Authentication" tab.
24. Select "Use one or more standard authentication methods".
25. Check "Integrated Windows Authentication".
Figure 9: Using Integrated Windows authentication on owa
26. Click "OK".
27. Next to "Exchange Control Panel", right-click "ecp (Default
Web Site)", select "Properties".
28. Make sure the External URL is empty.
Figure 10: Clear External URL in ecp
29. Select "Authentication" tab.
30. Select "Use one or more standard authentication methods".
31. Check "Integrated Windows Authentication".
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
7/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Figure 11: Using Integrated Windows authentication on ecp
32. Click "OK".
33. Next to "Exchange ActiveSync", right-click "Microsoft-Server-
ActiveSync (Default Web Site)", select "Properties".
34. Make sure the External URL is empty.
Figure 12: Clear External URL in Microsoft-Server-ActiveSync
35. Click "OK".
36. Launch "Exchange Management Shell", enter the following
cmdlet to configure EWS external URL:
Set-WebServicesVirtualDirectory -Identity "EX1\EWS (Default
Web Site)" -ExternalUrl $null
Figure 13: Configure the EWS external URL
37. Enter "iisreset" in "Command Prompt" of EX1.
38. Repeat step 20 -37 on EX2.
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
8/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Test result
1. At EX1, launch "Internet Explorer".
2. Go to "https://mail.contoso.com/owa".
3. Log in as Peter Pan.
Figure 14: Peter Pan's mailbox
4. At Ex2, launch "Internet Explorer".
5. Go to "https://mail.contoso.com/owa".
6. Log in as Susan Tam.
Figure 15: Susan Tam's mailbox
As a result, Client Access Server proxying is working fine.
Client Access Server Redirection
Outlook Web App users who access an Internet-facing Client Access
server in a different Active Directory site than the site that contains
their mailbox can be redirected to the Client Access server in the same
site as their Mailbox server if that Client Access server is Internet
facing. When an Outlook Web App user tries to connect to a Client
Access server outside the Active Directory site that contains their
Mailbox server, they'll see a Web page that contains a link to the
correct Client Access server for their mailbox.
Exchange ActiveSync users who access an Internet-facing Client
Access server in a different Active Directory site than the site that
contains their mailbox can be redirected to the Client Access server in
the same site as their Mailbox server if that Client Access server is
Internet facing and if the client mobile phone or device has correctly
implemented the redirection logic built in to the protocol that's used
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
9/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
when communicating with Exchange 2007 and Exchange 2010. The
redirection for Exchange ActiveSync users is achieved by sending the
device an HTTP 451 error code that contains the URL the device
should be using. The device then reconfigures itself to use the new
URL.
I will add Mail2 in the existing environments.
Computer FQDN: Mail2.contoso.com
IP/Network: 172.16.0.12/16
Roles: Exchange Server 2010 SP1 CAS role (Internet-facing)
OS: Windows Server 2008 R2 Enterprise
AD Site: Branch
Assuming 2 sites are the internet-facing site.
1. At Mail2, log in as Domain Administrator.
2. Launch "Exchange Management Console", expand "Microsoft
Exchange On-Premises > Server Configuration > Client Access".
3. At right pane, select "MAIL2".
4. Next to "Outlook Web App", right-click "owa (Default WebSite)",
select "Properties".
5. Make sure the External URL is "https://mail2.contoso.com/owa".
Figure 16: Mail2 owa (Default Web Site)
6. Select "Authentication" tab.
7. Make sure "Use forms-based authentication" is selected.
8. Click "OK".
9. Next to "Exchange Control Panel", right-click "ecp (Default Web
Site)", select "Properties".
10. Make sure the External URL is "https://mail2.contoso.com/ecp".
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
10/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Figure 17: Mail 2 ecp (Default Web Site)
11. Select "Authentication" tab.
12. Make sure "Use forms-based authentication" is selected.
13. Click "OK".
14. Next to "Exchange ActiveSync", right-click "Microsoft-Server-
ActiveSync (Default Web Site)", select "Properties".
15. Make sure the External URL is
"https://mail2.contoso.com/Microsoft-Server-ActiveSync".
Figure 18: Mail2 Microsoft-Server-ActiveSync (Default Web Site)
16. Select "Authentication" tab.
17. Make sure "Basic authentication" is checked.
18. Click "OK".
19. Enter "iisreset" in "Command Prompt" of all Exchange Servers.
Test result
1. At workstation, launch "Internet Explorer".
2. Go to "https://mail.contoso.com/owa".
3. Log in as Peter Pan.
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
11/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Figure 19: Outlook Web App redirection
Peter is redirected to branch site Client Access Server.
4. Launch "Internet Explorer" again.
5. Go to "https://mail2.contoso.com/owa".
6. Log in as Susan Tam.
Figure 20: Outlook Web App redirection
Susan is redirected to Default-First-Site-Name site Client Access
Server.
As a result, Client Access Server redirection is working fine.
Reference: http://technet.microsoft.com/en-us/library/bb310763.aspx
POSTED BY TERRY LAU AT 6:00 AM
LABELS: EXCHANGE SERV ER, EXCHANGE SERV ER 2007, EXCHANGE SERV ER
2010
Recommend this on Google
-
8/28/12 Terry L@u's blog: Client Access Server proxying and redirection
12/12terrytlslau.tls1.cc/2011/04/client-access-server-proxying-and.html
Newer Post Older PostHome