Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
OWA Config Question
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
OWA Config Question - 16.Sep.2011 9:18:44 AM
|
|
|
TMC185
Posts: 2
Joined: 16.Sep.2011
Status: offline
|
OK I'm new to the boards and relatively inexperienced at Exchange Administration. Here's my scenario:
We have two offices connected via VPN link using Cisoc ASA 5000s. Occasionally the link goes down and when it does, users in our satellite office (in Switzerland) stop receiving email. I realize the obvious answer is to have an Exchange server there for their mailboxes but right now that is not the case. So when the link goes down, they cannot get email. When the link is down they cannot use OWA because of DNS, however if they use the IP they get the Certificate error, but can then connect if they ignore the error. Is there a way to make OWA work without the certificate error? Is there a DNS solution?
Thanks for your help and sorry for being so long winded! 
T
|
|
|
|
RE: OWA Config Question - 16.Sep.2011 9:43:40 AM
|
|
|
mark@mvps.org
Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
|
Well, if only the VPN connectivity drops your sites should have Internet connectivity, right?
If that is the case you already have the DNS answer. Other people deliver mail to you by looking up an MX record and matching it to an A record. That A record looks something like mail.yourdomain.com. Purchase a certificate (godaddy etc.etc.) that has that name and apply it to the server.
Then anyone on the Internet can go to https://mail.yourdomain.com/owa and use Outlook Web Access. Indeed, they can probably use Outlook Anywhere (if you have OL 2007 / 2010) and you will never need to worry about the VPN connection at all.
Have a think about that, do some research on those keywords and then come back and ask the group for some advice on how to implement what appears best for you.
_____________________________
Mark Arnold (Exchange MVP)
List Moderator
|
|
|
|
|
RE: OWA Config Question - 16.Sep.2011 1:22:23 PM
|
|
|
TMC185
Posts: 2
Joined: 16.Sep.2011
Status: offline
|
Thanks Mark. We do have it setup that way. Here's the rub. When the link goes down, their machines are domained with a DC in their office. Therefore they are getting our domain DNS info, which points them to the internal IP (192.168.0.X)
So when the VPN goes down, they try to use the web outlook, but it resolves to the internal IP and doesn't work. When I have them type in the IP then it goes to a Certificate error page. Not realizing if they click to continue they will get to the correct page, they panic and close the browser. Is there a way to set it up so that when the link goes down and they use the ip they don't receive an error page?
Thanks again!
T
|
|
|
|
|
RE: OWA Config Question - 16.Sep.2011 6:15:12 PM
|
|
|
mark@mvps.org
Posts: 6811
Joined: 9.Jun.2004
From: Philadelphia PA
Status: offline
|
Gotcha. Split brain DNS. Put the external DNS IP address in the internal DNS so that it always resolves outwards.
Actually the component in Windows 2008 called Direct Access probably sounds like a better solution for you. It's not the simplest thing to set up and take care of but it on;y relies on your Internet being up.
All that said, why are you investing all this effort in getting workarounds to your Cisco problem? Haven't you got a Cisco resource that you can threaten with execution unless he gets the product more stable. It shouldn't be dying so often and for so long so that you are in need of help. Can that not be addressed first?
_____________________________
Mark Arnold (Exchange MVP)
List Moderator
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
