Saturday, 24 April 2010

The Client Access Server Role Pt1

The Client Access Server Role

Exchange Server 2010 now handles all client connections via the CAS role including connections made by Outlook MAPI clients. This connection type was previously handled by the mailbox server role. The CAS role now has the RPC Client Access Service which allows communication with AD and then the mailbox server. Having Outlook clients connect to the CAS role provides a significant improvement in terms of mailbox server failover.
Clients can connect to Exchange CAS using a number of different technologies which include:
  • Web based email (Outlook Web Access or OWA)
  • Mobile devices
  • Outlook Anywhere
Outlook Web Access

OWA is enabled by default and ready to go on CAS machines without any more configuration. However there are some changes you can make to optimize your experience.

OWA and External URLs

You should ensure that the CAS machine has an external URL assigned. This might have been configured during Exchange installation. The external URL should be the public DNS name that clients use to connect to the Exchange organization from the Internet. The external URL is used for redirecting connecting clients to a CAS server in the same site as the users mailbox. Here's how it works:
  1. Bob provides a url in his browser,
  2. The London CAS server queries AD and determines from the GC that the mailbox for Bob is located in Paris.
  3. The London CAS server determines from AD the Paris sites CAS machines external URL.
  4. This external URL is then given back to Bob,
  5. If Paris CAS does not have an external URL assigned, then the London CAS proxies the connection to the Paris CAS. Bob will stay connected to London and the London CAS will connect to Paris CAS on Bobs behalf.
To set the external URL for the CAS server, I highly recommend that you perform the action in the Exchange console:
  1. Open the Exchange Management Console and browse to the Server Configuration > Client Access Node
  2. In the action pane, click Configure External Client Access Domain option
  3. Enter the external DNS name and add the name of the CAS server that will be connected to use the name defined.
  4. Click the configure button to set the external URLs on the CAS machines. The Exchange control panel URL should also be automatically configured to use the same URL as defined here.
  5. Select the Exchange Control Panel Tab
  6. Select the ECP virtual directory and choose properties from the action menu
  7. Define the URL as the same value as above but make sure you use the virtual directory of /ecp instead of the /owa
The above method provides you with a single process to define the external URL and in my humble opinion should be used. However, the shell equivalent involves defining the external URL on a number of different virtual directories. Here's how:
  1. Set-OwaVirtualDirectory -Identity 'SRV215\owa (Default Web Site)' -ExternalUrl ''
  2. Set-OabVirtualDirectory -Identity 'SRV215\OAB (Default Web Site)' -ExternalUrl ''
  3. Set-ActiveSyncVirtualDirectory -Identity 'SRV215\Microsoft-Server-ActiveSync (Default Web Site)' -ExternalUrl ''
  4. Set-WebServicesVirtualDirectory -Identity 'SRV215\EWS (Default Web Site)' -ExternalUrl ''
  5. Set-EcpVirtualDirectory -Identity 'SRV215\ecp (Default Web Site)' -ExternalUrl ''
As you can see the GUI method is considerably easier. The VDs configured are OWA,OAB,ActiveSync,EWS and ECP.

    Redirect the Default URL to OWA

    A useful adjustment to the default OWA settings is to ensure that users are automatically redirected to the OWA virtual directory if they neglect to define /owa at the end of the external URL.

    To redirect users to the /owa virtual directory perform the following steps:
    1. Open the IIS manager from Administrative tools
    2. Browse to the default web site and in the work area double click the HTTP Redirect icon
    3. Check 'Redirect Requests To This Destination' and supply /owa as the destination
    4. Click the Apply button on the left
    5. This will inherit to all virtual directories contained in the default web site. These need to be unchecked. The inheritance should be removed for the following VDs
      Automatically use https

      It would be useful to ensure that https is used if users define http in the URL. If users forget to define https they receive an error message which could be confusing. Perform the following steps:
      1. Open the IIS manager from Administrative tools
      2. Browse to the default web site and in the work area double click the Error Pages icon
      3. In the actions pane click the add button to add a new custom error
      4. In the Add Customs Error Page dialog box, enter 403.4 in the status code field
      5. In the Response Action Box, click the option Respond With A 302 Redirect. In the absolute URL field, enter the complete HTTPS URL to OWA; eg. and click ok.

            No comments:

            Post a Comment