• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

cas array failover, user and password prompt is it "normal"

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> High Availability >> cas array failover, user and password prompt is it "normal" Page: [1]
Login
Message << Older Topic   Newer Topic >>
cas array failover, user and password prompt is it &quo... - 3.Aug.2011 6:01:05 PM   
turbomcp

 

Posts: 21
Joined: 27.Jul.2006
Status: offline
Hi guys and girls
i have a question regrading this article:
http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/planning-deploying-testing-exchange-2010-site-resilient-solution-sized-medium-organization-part11.html

i am specificly talking about a situation where the mailbox is connected to server4 and cas server 3 and server3 goes down(lets say for patching)
and the users gets prompt for username and password(because he is redirected to another cas server)
i have isolated the "known" outlook anywhere prompts when switing databases so it has nothing to do with this thing(by switching to ntlm)
i have noticed the same behaivour(using same load balancers) in my lab setup and i am wondering : is that normal? does it act diffrently with other load balancers?

Thanks in advance

< Message edited by turbomcp -- 3.Aug.2011 6:03:23 PM >
Post #: 1
RE: cas array failover, user and password prompt is it ... - 5.Aug.2011 11:26:39 AM   
travis.sheldon

 

Posts: 359
Joined: 16.Sep.2010
Status: offline
The rough answer is 'yes' it is normal behavior..but it all depends on your setup.

Because CAS3 was holding your authentication token, once it goes down, essential you're unauthenticated when you fail over to CAS4.

However, if you're using an NTLM connection with cached credentials or you're local to the lan, it should automatically authenticate with CAS4 without prompting.

I use pulse/piranha on CentOS as my load balancers and I frequently shut off CAS servers throughout the week and I dont get complaints about password reprompts. All of my users are external to the network and accessing it through public interfaces.

If for instance you're doing cookie authentication, then it's an entirely different ballgame.

(in reply to turbomcp)
Post #: 2
RE: cas array failover, user and password prompt is it ... - 5.Aug.2011 5:00:49 PM   
turbomcp

 

Posts: 21
Joined: 27.Jul.2006
Status: offline
Thanks
i have noticed afew things after testing many diffrent configurations
but switching to ntlm solves the prompt for user/pass even when switching db's.
but didnt solve my issues with switching cas
what solved it(and again thats my setup)
was to switch oa using the set-outlookprovider to *.domain.com
after doing this i dont get any prompts anymore no matter what client and what config(cached,online,oa)2003-2010
i am using kerberos,wildcard and ssl acceleration
i will post full info later if i have time

< Message edited by turbomcp -- 5.Aug.2011 5:02:44 PM >

(in reply to travis.sheldon)
Post #: 3
RE: cas array failover, user and password prompt is it ... - 6.Sep.2011 12:58:38 PM   
moto822

 

Posts: 2
Joined: 28.Aug.2011
Status: offline
hey TurboMCP,

I am working on testing this exact senerio, I currently cannot get around the prompt. I am in the process of enabling Kerberos instead of NTLM to see if I can get around it. Any info you are doing would be great.

Moto

(in reply to turbomcp)
Post #: 4
RE: cas array failover, user and password prompt is it ... - 1.Apr.2012 12:35:13 AM   
themaster1700

 

Posts: 6
Joined: 1.Apr.2012
Status: offline
Our setup for Exchange 2010/Outlook 2010

2 X CAS
2 X Hubs
2 X DBS
2 Kemp load balancers

All virtulised on VMware

Everything works great except that the CAS array will not fail over on taking either Cas server down, any client connected to the CAS server I reboot instantly gets prompted for a username and password, I read lots of docs and it looked like the Kerberos authentication with shared computer account was supposed to fix this, but in our case it does not. We are testing in connected and cached mode, different VLans but seems to make no difference.

Any help/suggestions welcome

< Message edited by themaster1700 -- 1.Apr.2012 5:39:16 AM >

(in reply to moto822)
Post #: 5
RE: cas array failover, user and password prompt is it ... - 13.Apr.2012 4:49:10 PM   
themaster1700

 

Posts: 6
Joined: 1.Apr.2012
Status: offline
Think I fixed this, I removed all http from the SPN and it now works will test more next week but looks better.

(in reply to themaster1700)
Post #: 6
RE: cas array failover, user and password prompt is it ... - 3.Jun.2012 4:02:36 PM   
themaster1700

 

Posts: 6
Joined: 1.Apr.2012
Status: offline
Spent about 3-4 days on this with Microsoft, turns out CAS failover is not supposed to happen for a failed server even though 1 version of Outlook will fail over, "this is be design", thats what I got back from the MS Exchange design team

(in reply to themaster1700)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> High Availability >> cas array failover, user and password prompt is it "normal" Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter