Exchange 2010 CAS proxying not working
We have 3 Exchange 2010 servers. 2 are in site A, 1 is in site B. Proxying is not working. Site A has Exchange connected to the internet. Site B is not connected to the Internet. On Exchange3 (the server in site B), I have modified (through the EMC) OWA and ECP to use integrated authentication. I've restarted IIS, and I still get: "Outlook Web App isn't available. If the problem continues, please contact your helpdesk." In the event logs on Exchange1 (the primary Exchange server in Site A), I get: The Client Access server "https://mail.DOMAIN.com/owa" attempted to proxy Outlook Web App traffic for mailbox "/o=Contoso/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Test User4c5". This failed because no Client Access server with an Outlook Web App virtual directory configured for Kerberos authentication could be found in the Active Directory site of the mailbox. The simplest way to configure an Outlook Web App virtual directory for Kerberos authentication is to set it to use Integrated Windows authentication by using the Set-OwaVirtualDirectory cmdlet in the Exchange Management Shell, or by using the Exchange Management Console. If you already have a Client Access server deployed in the target Active Directory site with an Outlook Web App virtual directory configured for Kerberos authentication, the proxying Client Access server may not be finding that target Client Access server because it does not have an internalUrl parameter configured. You can configure the internalUrl parameter for the Outlook Web App virtual directory on the Client Access server in the target Active Directory site by using the Set-OwaVirtualDirectory cmdlet. Does anyone have any suggestions on where to go next?
May 7th, 2012 8:52pm

What SP and RU are you on pls? Can you paste the results of: Get-OwaVirtualDirectory | select Server, name, *site*, *URL* Get-ClientAccessServer | select Name, *site*, *uri* | ft -AutoSize change the domain name to be something anonymous, to contoso.com or tailspintoys.com but do it consistently pls. And have you verified that AD replication has completed between the sites after you made the authentication change? Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2012 10:45pm

Can you respond to the questions I asked earlier with the output and what RU you are on please? Please ensure that all servers are on the same SP & RU. Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
May 9th, 2012 10:14am

All servers are the same: Exchange 2010 Standard Version 14.2 (Build 247.5) Name : owa (Default Web Site) CrossSiteRedirectType : Manual WebSite : Default Web Site Url : {} Exchange2003Url : FailbackUrl : InternalUrl : https://mail.contoso.com/owa ExternalUrl : https://mail.contoso.com/owa Name : owa (Default Web Site) CrossSiteRedirectType : Manual WebSite : Default Web Site Url : {} Exchange2003Url : FailbackUrl : InternalUrl : https://mail.contoso.com/owa ExternalUrl : https://mail.contoso.com/owa Name : owa (Default Web Site) CrossSiteRedirectType : Manual WebSite : Default Web Site Url : {} Exchange2003Url : FailbackUrl : InternalUrl : https://exch2010-03.contoso.local/owa ExternalUrl : Name AutoDiscoverSiteScope AutoDiscoverServiceInternalUri ---- --------------------- ------------------------------ EXCH2010-02 {SiteA-FL} https://exch2010-02.contoso.local/Autodiscover/Autodiscover.xml EXCH2010-01 {SiteA-FL} https://exch2010-01.contoso.local/Autodiscover/Autodiscover.xml EXCH2010-03 {SiteB-FL} https://exch2010-03.contoso.local/Autodiscover/Autodiscover.xml Just an FYI, "contoso.com" is the external domain, "contoso.local" is internal only.
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2012 10:33am

And they all have the same RU installed - you will not see that shown in the Exchange console - check add/remove programs pls. What is in the IIS logs on both sides when this happens? And type of logon screen do you get when you directly logon to the OWA site on the Exch2010-3 server? Does it look the same as Exch2010-01 ?Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
May 9th, 2012 11:02am

EXCH2010-03 does not have RU 1, the other two do. In the event logs on EXCH2010-01: Log Name: Application Source: MSExchange OWA Date: 5/9/2012 12:38:37 PM Event ID: 136 Task Category: Proxy Level: Error Keywords: Classic User: N/A Computer: EXCH2010-01.contoso.local Description: The sign-in to Outlook Web App failed. User /o=Contoso Ltd/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=tnewton has a mailbox on 14.2.247.0 server version. However, no Client Access server or front-end server with a matching version was found to handle the request. And Log Name: Application Source: MSExchange Common Date: 5/9/2012 12:38:38 PM Event ID: 4999 Task Category: General Level: Error Keywords: Classic User: N/A Computer: EXCH2010-01.contoso.local Description: Watson report about to be sent for process id: 5488, with parameters: E12, c-RTL-AMD64, 14.02.0283.003, OWA, M.E.Clients.Owa, M.E.C.O.C.ProxyUtilities.UpdateProxyUserContextIdFromResponse, M.E.C.O.Core.OwaAsyncOperationException, 413, 14.02.0283.003. ErrorReportingEnabled: False Since the authentication has been changed on EXCH2010-03 to Integrated authentication, https://exch2010-03.contoso.local/owa just promps a typical browser login window. I can login fine with my credentials and access my inbox just fine.
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2012 12:52pm

Sorry about not getting back sooner - I had to wait to apply RU2 after-hours to EXCH2010-01 and EXCH2010-02. I applied it to EXCH2010-03 earlier in the day since I am the only user on that server and I got a different error message. After applying RU2, this solved the issue! Thanks!
May 10th, 2012 1:33am

Groovy - thanks for the confirmation! Cheers, Rhoderick NOTICE: My posts are provided AS IS without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
Free Windows Admin Tool Kit Click here and download it now
May 10th, 2012 9:01am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics