CAS Proxy problem

Status
Not open for further replies.
C

channavera

Hi,
I have a site-A and site-B. site-A has CAS/HT and mbx server and site-B has mbx/cas/ht. When i is enter the internal URL of site-B to access the mailbox host in site-b site, i could access it without a problem. so is the case in site-A.

Now i have set the site-b cas to authentication method to Integrated Windows Authentication. The internal owa URL on the site-B is unchanged.

Only siteA-CAS has external URL specified. it is set to https://webmail.contoso.co.in, it's internal URL is set to https://webmail.contoso.co.in as nearly 50% of the internal use use only OWA.

When a use from siteB access the mail thru https://webmail.contoso.co.in either from siteA or from internet, i see the below info in the event viewer.

Log Name: Application

Source: MSExchange OWA

Date: 11/12/2010 2:43:20 PM

Event ID: 41

Task Category: Proxy

Level: Error

Keywords: Classic

User: N/A

Computer: SiteA-CAS.Mysore.Contoso.co.in

Description:

The Client Access server " https://webmail.contoso.co.in/owa" attempted to proxy Outlook Web App traffic for mailbox " /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Test1" . This failed because no Client Access server with an Outlook Web App virtual directory configured for Kerberos authentication could be found in the Active Directory site of the mailbox. The simplest way to configure an Outlook Web App virtual directory for Kerberos authentication is to set it to use Integrated Windows authentication by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, or by using the Exchange Management Console. If you already have a Client Access server deployed in the target Active Directory site with an Outlook Web App virtual directory configured for Kerberos authentication, the proxying Client Access server may not be finding that target Client Access server because it does not have an internalUrl parameter configured. You can configure the internalUrl parameter for the Outlook Web App virtual directory on the Client Access server in the target Active Directory site by using the Set-OwaVirtualDirectory cmdlet.

Event Xml:

<Event xmlns=" http://schemas.microsoft.com/win/2004/08/events/event" >
<System>
<Provider Name=" MSExchange OWA" />
<EventID Qualifiers=" 49152" >41</EventID>
<Level>2</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=" 2010-11-12T09:13:20.000000000Z" />
<EventRecordID>117505</EventRecordID>
<Channel>Application</Channel>
<Computer>SiteA-CAS.mysore.contoso.co.in</Computer>
<Security />
</System>
<EventData>
<Data>https://webmail.contoso.co.in/owa</Data>
<Data>/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Test1</Data>
</EventData>

</Event>
 
B

Busbar [MVP]

configure Site B to use windows integrated authentication and reset IIS, force AD replication and try againRegards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
 
C

channavera

I believe this seeting is only for OWA? or for all Virtual Dir?. I have already set the windows integrated auth for the owa and reset the IIS but with not success !!
 
M

MaliStane

Create new New-ClientAccessArray for each CAS for Each site. Then assigned RpcClientAccessServer, for each Mailbox database. Set DNS record.

Then Run bottom task. Check Internal and External url, and be Shure, there is no basic authentication on proxy site:

Get-WebServicesVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-OwaVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-EcpVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-AutodiscoverVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-RpcClientAccess | fl Server,Responsibility,EncryptionRequired,

Get-ActiveSyncVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods,BasicAuthEnabled,WindowsAuthEnabled
 
B

Brian Desmond -MVP-

OK so let's take a step back.

First, the InternalUrl for SiteA should be https://<server.fqdn>/owa as was the default. It has nothing to do with the location the user is accessing OWA from.

Second, can you please post the URL and AuthN configuration for Site B? You can do a Get-OwaVirtualDirectory | fl server,*authen*,*url*

My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
A

Allen Song

Hi,

Is it the Exchange 2010 in each site? If it's Exchange 2007 in Site B, you have to copy the hightest-versioned folder from an Exchange 2007 CAS in the destination Active Directory site from the %installpath%\ClientAccess\OWA\ folder to the same path on the Exchange 2010 CAS to make the proxy work.

Allen

Allen Song
 
Status
Not open for further replies.
Similar threads
Thread starter Title Forum Replies Date
T ActiveSync proxy problem from Exchange 2010 CAS to Exchange 2007 CAS Exchange Server Administration 5
L Outlook clients did not reconnect to Exchange when one CAS server in CAS array became unresponsive Exchange Server Administration 1
A Exchange 2010 CAS Failover from Internet Facing site to Non-Internet Facing Site - Certificate Issue Exchange Server Administration 3
C Watson Error on CAS Exchange Server Administration 1
S Exchange 2010 CAS/HT/Mailbox moved - best practice/steps for decommissioning 2007 Exchange Server Administration 3
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 2
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 3
M Fundamental CAS question for Exchange 2010 and 2007 Co-existence... Exchange Server Administration 7
M Exchange ActiveSync HTTP 500 Exchange CAS/HUB 2007 and Exchange 2003 BE & MBX CCR 2007 Using Outlook 1
B CAS Array and NLB Exchange Server Administration 3
S Exchange CAS server OAB directory not showing web.config file Exchange Server Administration 3
T RBAC Error on UM/CAS Servers Exchange Server Administration 2
R FQDN of Exchange CAS servers not in SSL cert Exchange Server Administration 2
D CAS Autodiscover using -rpcclientaccessserver Exchange Server Administration 5
D CAS Design Question Exchange Server Administration 4
D Exchange 2010 CAS at 2 different Sites Exchange Server Administration 2
T Cas server uninstall failed... Now how to reinstall? Exchange Server Administration 4
S Do you need a CAS Server in Order to Use OWA in Exchange 2010 (E14)? Exchange Server Administration 9
D CAS Array Question Exchange Server Administration 11
M Proper way to install Exchange 2010 SP1 on a CAS Array Exchange Server Administration 3
S Any system impact if change exchange 2010 CAS/HUB and Mailbox server IP address Exchange Server Administration 1
B Exchange 2003 OWA/OA/AS over NAT and Exchange 2010 CAS Exchange Server Administration 4
B Re: Exchange 2007 and CAS from Exchange 2010 problem Exchange Server Administration 15
M Re: Exchange 2007 and CAS from Exchange 2010 problem Exchange Server Administration 2
J Segmenting IMAP traffic from CAS Array Exchange Server Administration 8
I Exchange 2007 and CAS from Exchange 2010 problem Exchange Server Administration 4
M CAS Issue: OWA/Outlook remote users cannot login Exchange Server Administration 1
K Exchange 2010 OWA redirection between 2 CAS Servers Exchange Server Administration 5
S exchange 2010 cas memory usage Exchange Server Administration 2
P Exchange 2010 SP1 Cross Site CAS connection disable Exchange Server Administration 2
R Multiple CAS - Best practice with certificate request Exchange Server Administration 4
B CAS Array and Outlook 2003 clients Exchange Server Administration 5
H Outlook 2007 periodically disconnects from Exchange 2010 CAS - OWA works Using Outlook 4
S CAS array in Exchange 2010 Exchange Server Administration 1
G Exchange 2010 CAS Array Exchange Server Administration 4
C CAS Connections overview Exchange Server Administration 9
J Geographically redundant cas array Exchange Server Administration 15
S CAS/MBX reboot best practices. Exchange Server Administration 7
D CAS Array Questions Exchange Server Administration 3
E error cas Exchange Server Administration 2
T Exchange 2010 CAS Array setup and lab Exchange Server Administration 18
S NLB exchange 2010 CAS Array Exchange Server Administration 4
B CAS certificate question Exchange Server Administration 3
S Access CAS Array Behind ISA 2006 Exchange Server Administration 6
F Error on CAS Exchange Server Administration 3
J Exchange 2010 CAS Server OWA Redirection to Exchange 2003 Fail Exchange Server Administration 4
C Introduce another CAS/HT server on the cas array on NLB Exchange Server Administration 7
H Is possible to have exchange 2007 CAS point to the exchange 2010 CAS? Exchange Server Administration 2
2 muliptle external domains to access one CAS server Exchange Server Administration 4
N Exchnage 2010 Hub Cas Edge Server Recovery Exchange Server Administration 3

Similar threads

Top