Exchange 2010 - Configure multiple websites. Unable to bind Default Website to specific IP Address

Status
Not open for further replies.
T

trini0

Currently getting our new Exchange 2010 sp1 environment configured before I start mass migrating mailboxes to it. My CAS/Hub servers are in a WNLB multicast configuration, running on Server 2008 R2.

One of my goals is to provide FBA for internal OWA clients and external OWA clients (via TMG 2010). So I was going to attempt to create another IIS website, and OWA virtual directory to be used exclusively for external access via TMG 2010.

When I attempt to bind the Default Website HTTP/HTTPS to a specific IP address, instead of All Unassigned, I am unable to open EMS/EMC on the server. http://support.microsoft.com/kb/2027062 describes the problem. The fix is to set the binding on the Default site back to All Unassigned.

Is it possible to configure the Default Website to listen to a specific IP address, so that I can add another website that is bound to its own specific IP address?

Thanks
 
T

Tom Vanopoulos

What error do you get when opening up the EMC\EMS?

In IIS 7\7.5, you should be able to go the bindings and choose an IP address from the list without any issues. Also, you can try to remove the host name value and try it again. Is the correct certificate being used under the bindings for 443?

MCITP: Enterprise Messaging Administrator 2007/2010 | MCITP: Server Administrator | MCTS: Windows Server 2008 Applications Infrastructure, Configuring | MCP | MCDST
 
T

trini0

What error do you get when opening up the EMC\EMS?

In IIS 7\7.5, you should be able to go the bindings and choose an IP address from the list without any issues. Also, you can try to remove the host name value and try it again. Is the correct certificate being used under the bindings for 443?
MCITP: Enterprise Messaging Administrator 2007/2010 | MCITP: Server Administrator | MCTS: Windows Server 2008 Applications Infrastructure, Configuring | MCP | MCDST

N.B. Server names has been replaced for this post..
With my changes reverted to the default with the bindings set for HTTP/HTTPS set to " All Unassigned" , both EMC/EMS work as expected. If I change the bindings to point to the real IP address of the physical NIC, both EMC/EMS break.

EMS ->
VERBOSE: Connecting to fe02.xyz.com
[fe02.xyz.com] Connecting to remote server failed with the following error message : The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by a HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
eption
+ FullyQualifiedErrorId : PSSessionOpenFailed

--EMC ->

Initialization failed

The following error occurred while attempting to connect the specified Exchange server 'fe02.xyz.com':

The attempt to connnect to http://fe02.xyz.com/PowerShell using " Kerberos" authentication failed: Connecting to remote server failed with the following error message: The WinRM client sent a request to an HTTP server and got a response saying the requested HTTP URL was not available. This is usually returned by an HTTP server that does not support the WS-Management protocol. For more information, see the about_Remote_Troubleshooting Help topic.

If I try to browse to the path http://fe02.xyz.com/PowerShell using IE on the server, it comes back with a page not found. If I change the bindings back to default, I get an Access Denied page (which is ok). I'm also running iisreset after a change to IIS.

I do not have the host name value specified.

Any other ideas???
 
B

Brian Desmond -MVP-

I'd venture to guess whatever IP you bind to the default website here isn't matching DNS.

My question is why you need two OWA vdirs in order to provide FBA inside/outside TMG? Are you trying to use TMG's FBA for external users rather than just publishing the OWA FBA?

Active Directory, 4th Edition - www.briandesmond.com/ad4/
 
T

trini0

I'd venture to guess whatever IP you bind to the default website here isn't matching DNS.

My question is why you need two OWA vdirs in order to provide FBA inside/outside TMG? Are you trying to use TMG's FBA for external users rather than just publishing the OWA FBA?
Active Directory, 4th Edition - www.briandesmond.com/ad4/
I've verified that forward/reverse DNS lookups for the name/ip address are correct.

My goal is to provide OWA FBA for internal and external users. I don't have that much experience with TMG/ISA. But I'm attempting to provide the same user experience for the internal and external users. To my knowledge, in order to use FBA on the external side (whether its TMG FBA or publishing OWA's FBA), then the CAS servers would require basic authentication, hence breaking the internal user's experience. N.B. I can be totally wrong here...

If there is a way to use FBA for both external/internal users and not create multiple OWA vdirs, could you please point me in the right direction.

Thanks
 
B

Brian Desmond -MVP-

I'd venture to guess whatever IP you bind to the default website here isn't matching DNS.

My question is why you need two OWA vdirs in order to provide FBA inside/outside TMG? Are you trying to use TMG's FBA for external users rather than just publishing the OWA FBA?
Active Directory, 4th Edition - www.briandesmond.com/ad4/
I've verified that forward/reverse DNS lookups for the name/ip address are correct.

My goal is to provide OWA FBA for internal and external users. I don't have that much experience with TMG/ISA. But I'm attempting to provide the same user experience for the internal and external users. To my knowledge, in order to use FBA on the external side (whether its TMG FBA or publishing OWA's FBA), then the CAS servers would require basic authentication, hence breaking the internal user's experience. N.B. I can be totally wrong here...

If there is a way to use FBA for both external/internal users and not create multiple OWA vdirs, could you please point me in the right direction.

Thanks
That's incorrect. You can simply select the No Authentication, Clients may Authenticate Directly option in TMG when creating your publishing rule for OWA. This will enable you to use the same vdir and Exchange FBA internally and externally.Active Directory, 4th Edition - www.briandesmond.com/ad4/
 
T

trini0

I'd venture to guess whatever IP you bind to the default website here isn't matching DNS.

My question is why you need two OWA vdirs in order to provide FBA inside/outside TMG? Are you trying to use TMG's FBA for external users rather than just publishing the OWA FBA?
Active Directory, 4th Edition - www.briandesmond.com/ad4/
I've verified that forward/reverse DNS lookups for the name/ip address are correct.

My goal is to provide OWA FBA for internal and external users. I don't have that much experience with TMG/ISA. But I'm attempting to provide the same user experience for the internal and external users. To my knowledge, in order to use FBA on the external side (whether its TMG FBA or publishing OWA's FBA), then the CAS servers would require basic authentication, hence breaking the internal user's experience. N.B. I can be totally wrong here...

If there is a way to use FBA for both external/internal users and not create multiple OWA vdirs, could you please point me in the right direction.

Thanks
That's incorrect. You can simply select the No Authentication, Clients may Authenticate Directly option in TMG when creating your publishing rule for OWA. This will enable you to use the same vdir and Exchange FBA internally and externally. Active Directory, 4th Edition - www.briandesmond.com/ad4/
Thanks for the pointer.
 
Status
Not open for further replies.
Top