Multiple External URL's associated with OWA

  • Thread starter scott_k2003
  • Start date Views 993
Status
Not open for further replies.
S

scott_k2003

I require a little clarification after reading through the documentation about adding additional external URL's to the cas, owa and AS services after the originals are live and in production. Here is out scenario.
We have an exchange 2k7 environment currently and we are transitioning to e2k10. We have stood up our 2k10 environment in parallel with our 2k7. Currently we have owa.company.com published as our OWA and owa.company.com also handless our AS and out Autodiscover (this was a design mistake from the previous group). We have lab tested most functionality with 2k10, now have the production install in place and will slowly migrate users to make this transition very seamless.
We have setup the new environment with the following external url's: mail.company.com, activesync.company.com and legacy.company.com (to point to the 2k7 cas's for transition). We want test external replication to our remote data-centers, which is why we were forced to rebuild up our e2k10 environment in production due to security in getting from a lab environment to our remote dc's.
Now rather then telling users to start using different URL's then what they are accustomed and start using mail.company.com instead of owa.company.com I want to ensure that once we want the 2k10 cas servers to become live and start accepting and redirecting traffic based on mailbox location that I can add in and tie the external url of owa.autodata.net to the 2k10 environment along side mail.autodata.net so both external url's handle the same requests. We need to make the transition as seamless as possible.
I only see documentation about mapping a single URL to these services and want to ensure the possibility exists to add more.
Sorry for long description but I wanted to ensure I explained why, so I didnt have people trying to convince me to just accept changing the url and live with it. Our user community is very sensitive change and we need as smooth a transition as possible.
 
B

Brian Day MCITP [MVP]

May I ask why you are using a specific activesync.company.com URL for EAS devices? There isn't any need unless you have a particular concern in mind.

This is how I would imagine your environment going.

owa.company.com remains, but begins pointing to Exchange 2010 CAS servers: Handles OWA, EAS, EWS, OLA
autodiscover.company.com is created and points to your Exchange 2010 CAS servers: Handles AutoD
legacy.company.com is created and points to your Exchange 2007 CAS servers: Handles legacy OWA, legacy EAS

If you want to switch "owa" to "mail" at some point then there is going to have to be a learning curve no matter what, or you could just setup a simple OWA listener somewhere that redirects to MAIL and inform your users to use the new URL.Brian Day, Overall Exchange & AD Geek
MCSA 2000/2003, CCNA
MCTS: Microsoft Enterprise Server 2010, Configuration
MCITP: Enterprise Messaging Administrator 2010
LMNOP
 
S

scott_k2003

Thanks for the reply Brian. We want to use a separate url for activesync as its been a business decision that they wanted to allow activesync users to use a unique url.
What Im trying to work around with having only a single published url for owa is this. I want to be able to run and test our e2k10 environment alongside our existing e2k7 without interruption to service. The only way I see that is achievable is to have a separate url for the e2k10 servers to keep that access isolated until such time as we are ready make the change and have our users route to the new servers.
However, the whole idea was this. Rather then flipping the switch one night and then having all traffic run through the 2010 cas servers we could add an additional hostname to our dns domain and users could use either owa or mail.company.com. The big issue is this, when it comes time to make the switch, it means that either a) we inform all users that on X day they need to start using a new url or b) we have to regenerate and re-apply certificates to the e2k10 servers in order to start using the new, or old in this case, url of owa.company.com. Also we are trying to transition our users from owa.company.com to mail.company.com and we want to be able to transition this over a couple months, not just all in one shot. Of our roughly 650 mail users about a one third of them are remote and rely on owa.company.com. As such, there would need to be adequate communication and then the constant stream of service desk calls of not being able to access the old url anymore, etc (like any environment, half the users dont bother to read email from the tech departments, when they are actually the most important ones to read...go figure).
Now let me ask this than. If we decided not to migrate users to a using a new hostname.company.com and If we use a SAN certificate and add both mail.company.com as well as our existing owa.company.com and then simply repoint DNS (in our case our isa rules) to the new cas VIP should this just work with no further changes necessary? Since at this point both urls would be trusted by exchange via the certificate?
Does that make any sense? :)
 
S

scott_k2003

Anyone able to confirm this? Particularly the last paragraph about multiple trusted hostnames in a SAN certificate?
 
B

Brian Desmond -MVP-

Anyone able to confirm this? Particularly the last paragraph about multiple trusted hostnames in a SAN certificate?

Your assessment about the certificate is correct and how I would go about doing this. I'd also put any other FQDNs (e.g. IMAP/POP, autodiscover, etc) in the cert. DigiCert has a nice little interface for this as well as a wizard to generate the necessary PowerShell commands. IIRC, if your final Outlook Anywhere URL isn't the name in the cn= part of the cert you need to tweak the Outlook Provider with Set-OutlookProvider as well.Active Directory, 4th Edition - www.briandesmond.com/ad4/
 
Status
Not open for further replies.
Top