RSS Subscription 168 Posts and 2,769 Comments

Client Access Server Proxying and Redirection

There is an excellent article that describes how CAS to CAS proxying and redirection works over here. It was created to supplement this white paper. It also discusses CAS to Exchange 2003. I wanted to discuss some key points on this article from a CAS to CAS situation.

  • Proxying is used when you have one internet facing CAS. Your other CAS will be accessible via intranet only. When a client connects to the internal facing CAS, that CAS will see that the user’s mailbox is located in another site. That CAS will then proxy information from the CAS which is located in that user’s site. In order to have CAS Proxying working, ExternalURL properties must not be configured (default) on intranet-only CAS. You must use proxying if you want to have 1 common URL. For example, you want to expose only https://owa.domain.com. This is because even if a client connects to a CAS in another site, that CAS server will do the proxying behind the scenes. Redirection is a bit different since it re-directs the client to a new URL for the CAS that is located in the user’s site in which their mailbox is located. More on this in the next bullet.
  • Redirection is used when you have more than one internet facing CAS. So if we have two sites, we make both CAS accessible via the internet. We then configure the CAS’ ExternalURL properties. This method will expose multiple OWA URLs. So in this configuration, one CAS may use https://mail1.domain.com and the other CAS may use https://mail2.domain.com. If a user connects to https://mail1.domain.com and their mailbox is located in a site where the CAS uses the https://mail2.domain.com, the CAS they connect to will automatically re-direct that user to https://mail2.domain.com

Other things to note:

  • Proxying does not work with POP3 or IMAP4. If you use either of these protocols, you will have to make sure your certificate, DNS, and firewall is configured to allow POP3 or IMAP4 connectivity to the CAS in that user’s specific site where their mailbox is located. Because of this, you cannot have 1 common URL.
  • Redirection only works with OWA.
  • Outlook Anywhere uses neither Redirection or CAS-CAS Proxying. If you contact a CAS in another site, the CAS will talk directly with the Mailbox in the other site.
  • In order for Proxying to work, Integrated Windows Authentication must be used on the necessary directories in IIS on the intranet-facing CAS.
  • If you want to use re-direction for OWA but Proxying for all other services, you can configure the external URL for OWA but leave all other ExternalURL properties blank ($null).

I would highly suggest reading the two articles I linked in the first paragraph if you are deploying Exchange 2007 in separate sites which contain a Mailbox Server, Hub Transport Server, and Client Access Server.

Share

5 Responses to “Client Access Server Proxying and Redirection”

  1. on 23 Aug 2008 at 9:53 amsnvc

    Thanks for this tutorial. I had been wondering how to do that until i read this. http://sn.vc

  2. on 07 Sep 2011 at 4:55 amNimesh

    excellent and to the point article.

  3. on 18 Nov 2011 at 4:14 pmJobish

    Thanks for the tutorial. I have a question, how would you configure CAS redirection, if you have 3 Active Directory sites.

  4. on 23 Nov 2011 at 10:57 amElan Shudnow

    Each Site (If Internet Facing) would have their own unique ExternalURLs. That way if a CAS connection comes into Site A but the mailbox is in Site B, Site A CAS will see the mailbox is in Site B and look for a CAS in Site B, find the CAS in Site B, look at the externalURL, and redirect the client to the externalURL in Site B.

  5. on 10 Dec 2011 at 12:11 pmmessagingadmin

    Excellently described.. Great article man..

Trackback this post | Feed on Comments to this post

Leave a Reply