CAS Proxy problem

Status
Not open for further replies.
C

channavera

Hi,
I have a site-A and site-B. site-A has CAS/HT and mbx server and site-B has mbx/cas/ht. When i is enter the internal URL of site-B to access the mailbox host in site-b site, i could access it without a problem. so is the case in site-A.

Now i have set the site-b cas to authentication method to Integrated Windows Authentication. The internal owa URL on the site-B is unchanged.

Only siteA-CAS has external URL specified. it is set to https://webmail.contoso.co.in, it's internal URL is set to https://webmail.contoso.co.in as nearly 50% of the internal use use only OWA.

When a use from siteB access the mail thru https://webmail.contoso.co.in either from siteA or from internet, i see the below info in the event viewer.

Log Name: Application

Source: MSExchange OWA

Date: 11/12/2010 2:43:20 PM

Event ID: 41

Task Category: Proxy

Level: Error

Keywords: Classic

User: N/A

Computer: SiteA-CAS.Mysore.Contoso.co.in

Description:

The Client Access server " https://webmail.contoso.co.in/owa" attempted to proxy Outlook Web App traffic for mailbox " /o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Test1" . This failed because no Client Access server with an Outlook Web App virtual directory configured for Kerberos authentication could be found in the Active Directory site of the mailbox. The simplest way to configure an Outlook Web App virtual directory for Kerberos authentication is to set it to use Integrated Windows authentication by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, or by using the Exchange Management Console. If you already have a Client Access server deployed in the target Active Directory site with an Outlook Web App virtual directory configured for Kerberos authentication, the proxying Client Access server may not be finding that target Client Access server because it does not have an internalUrl parameter configured. You can configure the internalUrl parameter for the Outlook Web App virtual directory on the Client Access server in the target Active Directory site by using the Set-OwaVirtualDirectory cmdlet.

Event Xml:

<Event xmlns=" http://schemas.microsoft.com/win/2004/08/events/event" >
<System>
<Provider Name=" MSExchange OWA" />
<EventID Qualifiers=" 49152" >41</EventID>
<Level>2</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=" 2010-11-12T09:13:20.000000000Z" />
<EventRecordID>117505</EventRecordID>
<Channel>Application</Channel>
<Computer>SiteA-CAS.mysore.contoso.co.in</Computer>
<Security />
</System>
<EventData>
<Data>https://webmail.contoso.co.in/owa</Data>
<Data>/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Test1</Data>
</EventData>

</Event>
 
B

Busbar [MVP]

configure Site B to use windows integrated authentication and reset IIS, force AD replication and try againRegards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
 
C

channavera

I believe this seeting is only for OWA? or for all Virtual Dir?. I have already set the windows integrated auth for the owa and reset the IIS but with not success !!
 
M

MaliStane

Create new New-ClientAccessArray for each CAS for Each site. Then assigned RpcClientAccessServer, for each Mailbox database. Set DNS record.

Then Run bottom task. Check Internal and External url, and be Shure, there is no basic authentication on proxy site:

Get-WebServicesVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-OwaVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-EcpVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-AutodiscoverVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods

Get-RpcClientAccess | fl Server,Responsibility,EncryptionRequired,

Get-ActiveSyncVirtualDirectory | fl Server,Name,InternalUrl,InternalAuthenticationMethods,ExternalUrl,ExternalAuthenticationMethods,BasicAuthEnabled,WindowsAuthEnabled
 
B

Brian Desmond -MVP-

OK so let's take a step back.

First, the InternalUrl for SiteA should be https://<server.fqdn>/owa as was the default. It has nothing to do with the location the user is accessing OWA from.

Second, can you please post the URL and AuthN configuration for Site B? You can do a Get-OwaVirtualDirectory | fl server,*authen*,*url*

My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
A

Allen Song

Hi,

Is it the Exchange 2010 in each site? If it's Exchange 2007 in Site B, you have to copy the hightest-versioned folder from an Exchange 2007 CAS in the destination Active Directory site from the %installpath%\ClientAccess\OWA\ folder to the same path on the Exchange 2010 CAS to make the proxy work.

Allen

Allen Song
 
Status
Not open for further replies.
Similar threads
Thread starter Title Forum Replies Date
T ActiveSync proxy problem from Exchange 2010 CAS to Exchange 2007 CAS Exchange Server Administration 5
L Outlook clients did not reconnect to Exchange when one CAS server in CAS array became unresponsive Exchange Server Administration 1
A Exchange 2010 CAS Failover from Internet Facing site to Non-Internet Facing Site - Certificate Issue Exchange Server Administration 3
C Watson Error on CAS Exchange Server Administration 1
S Exchange 2010 CAS/HT/Mailbox moved - best practice/steps for decommissioning 2007 Exchange Server Administration 3
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 2
S Load balance Autodiscover with multiple CAS servers. Exchange Server Administration 3
M Fundamental CAS question for Exchange 2010 and 2007 Co-existence... Exchange Server Administration 7
M Exchange ActiveSync HTTP 500 Exchange CAS/HUB 2007 and Exchange 2003 BE & MBX CCR 2007 Using Outlook 1
B CAS Array and NLB Exchange Server Administration 3
S Exchange CAS server OAB directory not showing web.config file Exchange Server Administration 3
T RBAC Error on UM/CAS Servers Exchange Server Administration 2
R FQDN of Exchange CAS servers not in SSL cert Exchange Server Administration 2
D CAS Autodiscover using -rpcclientaccessserver Exchange Server Administration 5
D CAS Design Question Exchange Server Administration 4
D Exchange 2010 CAS at 2 different Sites Exchange Server Administration 2
T Cas server uninstall failed... Now how to reinstall? Exchange Server Administration 4
S Do you need a CAS Server in Order to Use OWA in Exchange 2010 (E14)? Exchange Server Administration 9
D CAS Array Question Exchange Server Administration 11
M Proper way to install Exchange 2010 SP1 on a CAS Array Exchange Server Administration 3
S Any system impact if change exchange 2010 CAS/HUB and Mailbox server IP address Exchange Server Administration 1
B Exchange 2003 OWA/OA/AS over NAT and Exchange 2010 CAS Exchange Server Administration 4
B Re: Exchange 2007 and CAS from Exchange 2010 problem Exchange Server Administration 15
M Re: Exchange 2007 and CAS from Exchange 2010 problem Exchange Server Administration 2
J Segmenting IMAP traffic from CAS Array Exchange Server Administration 8
I Exchange 2007 and CAS from Exchange 2010 problem Exchange Server Administration 4
M CAS Issue: OWA/Outlook remote users cannot login Exchange Server Administration 1
C CAS Connections overview Exchange Server Administration 9
T CAS Array/RPCClientAccessServer and Outlook profile experiences Exchange Server Administration 8
A Why not using DAG virtual IP/fqdn for CAS array in two nodes setup? Exchange Server Administration 2
R Exchange 2010 CAS high availibility cross datacenters Exchange Server Administration 9
S CAS install failed - "Value cannot be null. Parameter name: key" Exchange Server Administration 7
J OL2003 (HTTP proxy) update time Exchange Server Administration 7
G Mail Merge via Proxy Email? Using Outlook 2
J Outlook 2007 Proxy settings changing back to one of our domains Using Outlook 2
V Use Microsoft Outlook 2010 over authenticated proxy Using Outlook 5
Y Outlook MSRPC over HTTPS proxy does not connect even though RPCPing looks ok Using Outlook 1
M Outlook 2003 & msstd:FQDN of RPC Proxy Server & GPO $ wildcard certificate Using Outlook 2
Z Outlook connector behind proxy Using Outlook 5
D How to do Internet Calendar Publishing without proxy server (ISA)? Exchange Server Administration 3
M Outlook 2010 Problem with OutLook 2010 32 bit, after Windows Auto Update Using Outlook 3
Marc2019 Outlook 2016 Font Problem Using Outlook 5
X I have met my waterloo trying to resolve embedded graphics problem with outlook 2007 and now 2016 Using Outlook 1
D Problem with custom form including _DocSiteControl1 Outlook VBA and Custom Forms 0
S Outlook 2007 Calendar instant search problem. Windows 7 Using Outlook 4
S Outlook 2007 Calendar instant search problem. Windows 7 Using Outlook 0
D Sort Problem with Sent Folders Using Outlook 1
S Conditional formatting problem with "is not empty" and categories Using Outlook 2
Mark Foley The upload of "Calendar" failed. There was a problem with the request. Using Outlook 6
avant-guvnor Import csv problem Using Outlook 7

Similar threads

Top