• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ActiveSync Redirection/proxy between two CAS on seperate locations

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Mobility >> ActiveSync Redirection/proxy between two CAS on seperate locations Page: [1]
Login
Message << Older Topic   Newer Topic >>
ActiveSync Redirection/proxy between two CAS on seperat... - 9.Oct.2007 5:31:29 AM   
Bendji

 

Posts: 18
Joined: 4.Jul.2005
From: Denmark
Status: offline
Greetings all,

I have a question about ActiveSync in Exchange 2007

Iíve read this article on TechNet, but not sure I understand it 100%.
http://technet.microsoft.com/en-us/library/bb310763.aspx

The setup is two locations, like on the picture (server 01 and server 02), where both locations have a CAS server, in two different sites. There is a backbone network between the two locations also. Both CAS servers are published with ISA 2006.

The users use ActiveSync for Smartphones and PDA. The users in South use a url like DatacenterSouth.domain.com and the users in North use DatacenterNorth.domain.com to connect to ActiveSync.
And this works fine, as long as the users mailbox is in the same location/site, that they connect to (if the mailbox is in South, they need to use the url for DatacenterSouth). My problem is that some of the users have a mailbox in DatacenterSouth, but use the url for DatacenterNorth and the redirection for ActiveSync donít work. Is it possible to set it up, so if users use the url DatacenterSouth.domain.com and have a mailbox in north, the CAS server in south redirect it to the CAS server in the north?

In the technet article it says that the Internal Url (ActiveSync) should be configured on the CAS servers. As it is now, itís configured to point to the computer name, so for the CAS server in south, it points to itself http://CASsouth.domain.com and in north it points to itself http://CASnorth.domain.com. Should I set it up, so the Internal URL in South points to the one in North? (The External url is not set on any of the CAS servers). How do you other read this?

On the CAS servers under ActiveSync and authentication, Iíve selected basic and then I have opened IIS and selected basic and integrated Windows authentication on the ActiveSync directory. Shall I keep ďBasicĒ selected in the CAS server under Activesync Authentication? Or should it be removed when I set the permissions in IIS? And on the web listener, on the ISA 2006) for ActiveSync I have only selected basic as authentication, should this also be changed to basic and integrated?

Any who know if this kind of redirection is possible? Or if there is a good guide about it? Well thats about it.

Thanks for any replys and if there something which ain't clear, make a post and I will try to see if I can answer it

Yours Sincerely,
Bendji


Post #: 1
RE: ActiveSync Redirection/proxy between two CAS on sep... - 15.Oct.2007 9:35:52 AM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
Bendji,

Redirection only works for Outlook Web Access, not Active Sync. Essentially, what you want to do is the following:

1.  Configure Internal/ExternalURL on the CAS that will accept the ActiveSync connections from the internet (internet CAS I call it).
2.  Configure InternalURL only on the CAS that will accept proxy connections from the other CAS that accepts connections from the internet (intranet CAS I call it).
3. On your intranet CAS servers, ensure that Integrated Windows Authentication is enabled. 
4. On ISA, you'll only really need to publish your Internet Facing CAS as proxying will occur within the intranet
5. You'll want to keep Basic Auth Delegation on ISA 2006.  Integrated Auth is not needed on the Internet Facing CAS, only Intranet Facing.  If you're using ISA 2006, you can leave your web listener to FBA as ISA 2006 has the capability to fallback to basic authentication if the application the web listener connects to is only capable of basic auth.  You'll want to have your ActiveSync rule to have basic delegation.

Note:  Having both Integrated Auth and Basic enabled at the same time should be fine.  Integrated Auth has the higher precedence.

Read the following for more information:
ActiveSync Proxying: http://msexchangeteam.com/archive/2007/10/12/447266.aspx
Overview of Proxying/Redirection: http://msexchangeteam.com/archive/2007/09/04/446918.aspx

Hope that helps.

(in reply to Bendji)
Post #: 2
RE: ActiveSync Redirection/proxy between two CAS on sep... - 15.Jul.2008 4:32:53 PM   
NJG

 

Posts: 13
Joined: 28.Apr.2008
Status: offline
Sorry to drag up an old thread, however i have a question...maybe i don't understand the difference between redirection and proxying so bear with me...

A customer of ours has 6 sites, 6 Exc2k7 servers each configured with CAS, Hub Transport and Mailbox roles.

One Internet facing Exchange server used for OWA, all users connect to this svr and are proxied/redirected to the relevant Exc svr, all works fine.

Is it possible for ActiveSync users to connect to the same Internet facing Exc svr and be internally redirected/proxied?

I already have OWA configured for Integrated and Basic authentication

< Message edited by NJG -- 15.Jul.2008 4:34:39 PM >

(in reply to Elan Shudnow)
Post #: 3
RE: ActiveSync Redirection/proxy between two CAS on sep... - 15.Jul.2008 4:54:31 PM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
Re-direction is only for OWA.  Let me explain re-direction for you.  Let's say you have two sites (USA and UK).  In both sites you make both locations accessible to the Internet.  USA is usa.domain.com and UK is uk.domain.com.  Your USA CAS is your main internet facing CAS.  You configure this CAS with all Internal and all External URLs.

Your CAS in the UK will have InternalURLs specified.  This server only supports having 1 ExternalURL and that is for OWA (not required).  Specifying this ExternalURL for OWA activates re-direction.

So re-direction means when a user connects to usa.domain.com/owa, that CAS in the USA will see that the user's mailbox is located on the Exchange 2007 Server in the UK.  That USA CAS will then look for the ExternalURL parameter on the UK CAS for OWA.  If the ExternalURL paramater on the UK CAS is specified, the USA CAS will automatically re-direct the user to UK.domain.com/owa.  So now the client will see UK.domain.com/owa in their browser.

All other services have to use proxying.  Proxying means you don't specify any ExternalURLs on the UK CAS. So if you didn't have the ExternalURL for the UK CAS specified, when the user connects to USA.domain.com/owa, they won't be re-directed to UK.domain.com/OWA.  Instead, they will keep seeing the USA.domain.com/owa name but the CAS will proxy data between the USA CAS and the UK CAS on the back-end.

Does that help?

< Message edited by Elan Shudnow -- 15.Jul.2008 5:24:34 PM >


_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to NJG)
Post #: 4
RE: ActiveSync Redirection/proxy between two CAS on sep... - 15.Jul.2008 5:17:37 PM   
NJG

 

Posts: 13
Joined: 28.Apr.2008
Status: offline
Yes thanks Elan makes sense.

In my case I have 1 CAS with ExternalURLset and the rest just with InternalURL, all users connect to the Internet facing CAS and are therefore proxied internally.

I'll take another look at the web listener configuration in ISA as I think my problem may lie here. I'll report back.

Thanks

(in reply to Elan Shudnow)
Post #: 5
RE: ActiveSync Redirection/proxy between two CAS on sep... - 15.Jul.2008 5:31:55 PM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
ISA shouldn't really hamper for proxying configuration.  For example, last night I re-configured one of my client's Exchange Servers for an Exchange 2003 to Exchange 2007 migration.  Their Exchange environment contains two routing groups and a third new routing group for Exchange 2007. 

One of their routing groups contain an Exchange 2003 front end that is used for a back-end server in another routing group.  To get them to stop using the Exchange 2003 Front-End completely, I made some changes.  On the remaining Exchange 2003 back-end, I enabled Integrated Authentication on the OWA and ActiveSync folders.  This successfully allowed users on that back end to connect to the Exchange 2007 OWA via the CAS and have that CAS proxy to the Exchange 2003 back-end.

They are also using ISA 2006.  I made no changes to ISA to allow for this.  The reason is, the proxying is transparent to ISA.  ISA gets the http://exchange.domain.com/owa, hands it off to the External Main CAS, and that CAS proxies to the Exchange 2003 Back End.  ISA still sees the data coming from the same server.

Now if you did re-direction, you'd need to either do one of two things.  Have your ISA Server accept requests usa.domain.com/owa and send that off to the usa CAS.  When the CAS responds with a re-direction, and your client now connects to UK.domain.com/owa, you'll need to have DNS on the internet that also goes to the same IP (or you could have a different listener with a different IP) which would be the an IP on the external NIC for ISA.  You would then have the new ISA rule which will have the uk.domain.com/owa go to the UK CAS if your network allows for it.  The other method would be to have an ISA Server out in the UK and have the re-directed name uk.domain.com/owa point to the external IP on the ISA box out in the UK and have that proxy to the local UK CAS Server out there.  I would recommend the latter.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to NJG)
Post #: 6
RE: ActiveSync Redirection/proxy between two CAS on sep... - 15.Jul.2008 5:56:43 PM   
NJG

 

Posts: 13
Joined: 28.Apr.2008
Status: offline
Yes I think you're correct. I've just been having a read of the various articles on proxying and I think I know where the problem lies. I haven't set the ExternalURL in the Microsoft-Server-ActiveSync properties on the Internet facing CAS.

I'm guessing once this has been set ActiveSync will start working.

I'll let you know.

Thanks

/Edit, just re-read your first post, I think thats what you were referring to, however I was assuming the InternalURL and ExternalURL settings were on the OWA properties which I'd already set. 

< Message edited by NJG -- 15.Jul.2008 6:02:43 PM >

(in reply to Elan Shudnow)
Post #: 7
RE: ActiveSync Redirection/proxy between two CAS on sep... - 16.Jul.2008 5:43:34 AM   
NJG

 

Posts: 13
Joined: 28.Apr.2008
Status: offline
Thanks Elan, just added the ExternalURL to the internet facing CAS and ActiveSync is now proxying internally between sites.


(in reply to NJG)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Mobility >> ActiveSync Redirection/proxy between two CAS on seperate locations Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter