Outlook Anywhere for single domain with multiple internet facing sites
Hi, Background We are upgrading from Exchange 2007 to 2010. There are two Internet facing sites each with their own Edge server (running TMG), CAS array and Mailbox servers. All users have the same SMTP namespace There is a single AD domain with multiple AD sites defined Site 1 (east coast) has about 70% of users Site 2 (west coast) has about 30% of users URL for OWA is https://email.company.com/owa (this resolves to Edge server in Site 1) Autodiscover DNS record: autodiscover.company.com resolves to Edge server in Site 1 I have OWA in 2010 working through a single URL (Exchange 2007 used one URL for each site). Outlook Anywhere 2010 is working in the same manner. Questions: How can I configure Outlook Anywhere so that people will connect to the site nearest to them? Currently everyone is going through Site 1 and I suspect that may be slow for some users ... I want to retain a single OWA URL and use silent redirect feature of Exchange 2010 SP2 but for Outlook anywhere it would be nice for users in Site 2 to connect to Site 2 rather than proxy through Site 1. Can this be done ? Thanks for taking the time to read this and any feedback
July 13th, 2012 5:22pm

Just put a unique URL for Outlook Anywhere on each CAS role holder. Autodiscover will then return the correct server to the Outlook client. So you will need to have both URLs in the SSL certificate: east.email.example.com west.email.example.com Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
July 13th, 2012 5:26pm

Thank you for such a quick reply. Do you mean set the External URL uniquely for each CAS role holder ? We currently have both CAS servers in Site 1 configured with external URL for https://email.company.com/Microsoft-Server-ActiveSync and the external URL of CAS servers in Site 2 left blank. I originally had the external URL for CAS servers in Site 2 also set to https://email.company.com/Microsoft-Server-ActiveSync but Active redirect did not work so I blanked them. So I should put https://east.email.company.com/Microsoft-Server-ActiveSync on Site 1 CAS servers Active Sync virtual directory property external URL and https://west.email.company.com/Microsoft-Server-ActiveSync on Site 2 CAS external URL? I assume I also have to register these names in external DNS so that east.email.company.com point to the Edge server in Site 1 and west.email.company.com point to the Edge server in site 2? Thanks Thanks again
July 13th, 2012 7:11pm

I thought you were referring to Outlook Anywhere, not ActiveSync? Just install the required components for Outlook Anywhere on to the CAS server and enable Outlook ANywhere with the relevant URL. That is it. If you are referring to ActiveSync, then just adjust the external URL to be a URL that resolves to the server AND is in the SSL certificate. Edge has nothing to do with this - Edge is for SMTP traffic only. If you are using a TMG then say that you are using TMG, because in the world of Exchange, EDGE and TMG are two different things. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2012 2:11pm

Apologies for confusing things with OWA/Active sync and Anywhere I do mean Outlook Anywhere so will put unique external URL in east coast and west coast CAS servers. I will also make sure the names can be resolved externally and that the names are in our SAN cert. Many thanks
July 15th, 2012 2:25pm

Ok just to test this I configured OWA with external URLs (left my iPad at home today) The external redirect works so if I put in my browser https://email.company.com/owa (which resolves to TMG East Coast) and then log in with a West Coast user I get redirected to the external URL specified on the OWA virtual directory on my West Coast CAS servers. All working as expected The big problem is that as soon as the redirect occurs to the TMG server West coast I get prompted again for username / password because the TMG listener is using FBA I can avoid the double login by blanking out the external URL on the West Coast CAS server external URL but surely that would mean if someone West Coast logs into this single URL https://email.company.com/owa (which resolves to TMG East Coast) they will get silently redirected but all their traffic will flow from West Coast to East Coast and then back to West Coast. Maybe not a big problem for OWA but surely Active sync and Outlook Anywhere would be horribly slow ? Thanks PLEASE NOTE I HAVE POSTED THIS QUESTION IN THE ISA/TMG FORUM: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/6c756317-27f7-467f-b4db-7612a182a6dc
Free Windows Admin Tool Kit Click here and download it now
July 16th, 2012 12:29pm

Please correct me if I'm wrong but looks like trying to use Cross-site silent redirect when I have two internet facing sites with TMG running on the Edge Servers will not work. I was really hoping to use a single URL to access Exchange 2010 but this looks as if it's not going to work :-( Exchange 2010 SP2 will improve the redirection experience by offering a mechanism that will let the user experience a cross site redirection SSO if FBA is enabled in both sites and a CAS provides the form. What does that mean? Well, it means that the user will be redirected automatically (will not have to click manually on a link) and not only that, he will also be allowed access to the mailbox without having to authenticate. This wont work however if the form is being generated in front of Exchange, for example, by TMG.
July 17th, 2012 3:07pm

I haven't done the implementation using TMG, so cannot comment on that. The quote that you have posted would tend to indicate that if you are using TMG a single URL isn't going to be possible with a silent redirect. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
July 18th, 2012 4:17pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics