I have requirements to disallow users to access Outlook Web app from internet and only allow them when they are available in LAN. Can anyone help me to implement the same? Exchange Server Version: 2010

Hi, Set-CASMailbox user@domain.com -OWAEnabled $false will turn off OWA for the user, whether he is accessing it internally or externally. Regards,Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com

How are you publishing to the internet? If using TMG or ISA, you can create rule to block this...anything with /owa, that way they other functions can still work (OA, ActiveSynce, etc.)Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

External Facing server is published to internet directly. I need to disble it for few users when they are connecting from internet and all the intranet users should be able to access the OWA.

On Mon, 5 Jul 2010 18:52:21 +0000, rkart77 wrote: >External Facing server is published to internet directly. I need to disble it for few users when they are connecting from internet and all the intranet users should be able to access the OWA. If you have only one web virtual directory that's shared by both sets of IP addresses you're pretty much out of luck, I'd say. If you know the IP addresses used by those people you could block thaem, but you can't just turn off access to a user without denying them access from everywhere if you have only one virtual directory. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Here is the situation Site A ----- 4 Exchange Server 2003. Site B ----- 1 Exchange Server 2010 with CAS+MBX+HUB roles. Site C ----- 4 Exchange Server 2003 +1 Exchange Server 2010 with HUB Role +1 Exchange Server 2010 with CAS Role (Internet Facing) I am able to restrict users by simply adding specified security group to Access this computers from network in Exchange Server 2010 with CAS Role (Internet Facing) server. The Problem is when users from Site A (not part of specified security group) open outlook 2007,it tries to contact Site C CAS server and prompting to enter username and pwd ,so I will have to add them to specified security group to complete auto configuration. Not sure why outlook from site A contacts CAS in Site C, i am fine if it contacts Site B CAS .With current scenario I will have to add all users to specified security group which will in turn open OWA for everyone from internet.

On Mon, 5 Jul 2010 20:46:29 +0000, rkart77 wrote: > > >Here is the situation > >Site A ----- 4 Exchange Server 2003. > >Site B ----- 1 Exchange Server 2010 with CAS+MBX+HUB roles. > >Site C ----- 4 Exchange Server 2003 +1 Exchange Server 2010 with HUB Role +1 Exchange Server 2010 with CAS Role (Internet Facing) > > I am able to restrict users by simply adding specified security group to Access this computers from network in Exchange Server 2010 with CAS Role (Internet Facing) server. Doesn't that prevent them for using OWA internally, too? >The Problem is when users from Site A (not part of specified security group) open outlook 2007,it tries to contact Site C CAS server and prompting to enter username and pwd ,so I will have to add them to specified security group to complete auto configuration. Not sure why outlook from site A contacts CAS in Site C, Because there are no CAS roles in Site A? >i am fine if it contacts Site B CAS .With current scenario I will have to add all users to specified security group which will in turn open OWA for everyone from internet. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, Outlook 2007 will try to find the SCP record from AD. One of two lists is created, an in-site list or an out-of-site list. If there are no in-site records, an out-of-site SCP record list will be generated. The list is not sorted in any particular order. Therefore, the list is approximately in the order of oldest SCP records (based on creation date) first. So for this issue, it will try to connect the first installed CAS server. How the Autodiscover Service Works with Clients http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx#HowTheADSWorks For the OWA issue, I'd like to know the following information: Do you have Front-end configured in SiteA or SiteC? Do you have internet-facing FE in Site A or Site C? With Exchange 2003 and Exchange 2010 mix environment, we have to use redirection. We have to add the legacyURL to CAS2010, then CAS2010 can redirect the requst to Exchange 2003. Exchange 2010: Proxy or Redirect? http://blogs.technet.com/b/mbaher/archive/2009/12/17/exchange-2010-proxy-or-redirect.aspx Transitioning Client Access to Exchange Server 2010 http://msexchangeteam.com/archive/2009/11/20/453272.aspx Regards, Xiu