none
Exchange 2010 CAS proxy (coexistence with Exchange 2007) - Which URLs should be changed on 2007?

    Question

  • looking at a scenario of 2010/2007 coexistence, one AD site, and both CAS internet-facing. Exactly which URLs need to be changed to something like legacy.company.com on the 2007 environment? I realize the OwaVirtualDirectory has to be modified. Is it just the externalURL, or the internalURL as well?

    What about:

    • OabVirtualDirectory (ExternalURL and InternalURL)
    • OutlookAnywhere ExternalHostname
    • AutoDiscoverService (internal, external URI)
    • ActiveSyncVirtualDirectory (ExternalURL, InternalURL)
    • WebServicesVirtualDirectory (EWS external, internal)
    • Any others (UMVirtualDirectly, etc., guessing not on these)

    All protocols need to work and they use the same namespace right now in 2007 (except autodiscover of course, so it's something like mail.company.com for everything else and autodiscover.company.com). So when that namespace points to the 2010 CAS, it needs to redirect for all of the following:

    • OWA
    • RPC over HTTP
    • ActiveSync
    • AutoDiscover

    The issue I am concerned with is that changing settings such as OutlookAnywhere ExternalHostname would modify the profiles (point them to legacy permanently).

    Thanks much,

    BSQRD1


    • Edited by BSQRD1 Friday, June 15, 2012 5:37 PM clarification
    Friday, June 15, 2012 5:30 PM

Answers

  • That's hard to say since you didn't tell us what they're set to.

    In general, if the ExternalURL is $Null, then the Exchange 2010 CAS will proxy for the Exchange 2007 CAS, and if the value is set, it will redirect the session.

    In the case of ActiveSync, the Exchange 2010 CAS always proxies for the Exchange 2007 CAS.

    Autodiscover is just handled by the Exchange 2010 CAS because it knows what to say without having to ask the Exchange 2007 CAS.

    RPC over HTTP is actually a Windows thing and is more or less version-independent.

    This article is a great explanation of it all:  http://technet.microsoft.com/en-us/library/bb310763.aspx


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, June 16, 2012 11:57 PM
  • Exchange 2010 CAS will proxy for Exchange 2007 CAS so you do not need a legacy namesapce.  The legacy redirect namespace is required only for Exchange 2003, which is why the property is named Exchange2003URL.  To my mind, proxy is far superior to redirect, with fewer firewall holes, TMG rules and DNS entries.  The article I referred you to explains it all very nicely.

    One thing you do have to do is to copy the latest version of the Exchange 2007 OWA CAS files to the Exchange 2010 CAS. 

    http://blogs.technet.com/b/exchange/archive/2009/12/02/3408921.aspx


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, June 18, 2012 12:57 AM

All replies

  • That's hard to say since you didn't tell us what they're set to.

    In general, if the ExternalURL is $Null, then the Exchange 2010 CAS will proxy for the Exchange 2007 CAS, and if the value is set, it will redirect the session.

    In the case of ActiveSync, the Exchange 2010 CAS always proxies for the Exchange 2007 CAS.

    Autodiscover is just handled by the Exchange 2010 CAS because it knows what to say without having to ask the Exchange 2007 CAS.

    RPC over HTTP is actually a Windows thing and is more or less version-independent.

    This article is a great explanation of it all:  http://technet.microsoft.com/en-us/library/bb310763.aspx


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Saturday, June 16, 2012 11:57 PM
  • All of them are currently set to mail.company.com (they are not null as the 2007 CAS servers are internet facing). The steps that are obvious to me are:

    • Change DNS to repoint mail.company.com to the IP of 2010 CAS
    • Create new DNS record and point legacy.company.com to IP of 2007 CAS
    • Change ExternalURL on 2007 owavirtualdirectory to legacy.company.com
    • set ExternalURL on 2010 owavirtualdirectory to mail.company.com

    Based on your post, sounds like I do not need to change 2007 Outlook Anywhere ExternalHostname or AutoDiscover URI's (from mail.company.com to legacy.company.com). Is that correct? Same for ActiveSync, or does that one need to be changed also (mail -> legacy)?

    Thanks again for your help.


    • Edited by BSQRD1 Sunday, June 17, 2012 7:21 AM
    Sunday, June 17, 2012 7:20 AM
  • Before you move mailboxes to Exchange 2010, you're going to have to make the Exchange 2010 CAS servers internet-facing instead or you're going to need separate URLs for Exchange 2007 and Exchange 2010.  Otherwise, how would the client know which one to talk to?


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Sunday, June 17, 2012 8:20 AM
  • Of course, and my post indicates that as I mentioned that I intend to redirect the current namespace (e.g. mail.company.com) to the 2010 CAS. But it's also a requirement that externalurl field on the 2007 CAS be changed to something like legacy.company.com, so that the 2010 CAS knows where to redirect the requests for 2007 mailbox users.

    I am simply asking which entries need to be changed to legacy.company.com to make that redirect work? Is it only the OwaVirtualDirectory ExternalURL field? Or do I also need to change that on other virtual directories (i.e. OabVirtualDirectory, Microsoft-Server-Activesync, WebServicesVirtualDirectory), Outlook Anywhere ExternalHostname, and AutoDiscover External and Internal URI?

    Sunday, June 17, 2012 6:59 PM
  • Exchange 2010 CAS will proxy for Exchange 2007 CAS so you do not need a legacy namesapce.  The legacy redirect namespace is required only for Exchange 2003, which is why the property is named Exchange2003URL.  To my mind, proxy is far superior to redirect, with fewer firewall holes, TMG rules and DNS entries.  The article I referred you to explains it all very nicely.

    One thing you do have to do is to copy the latest version of the Exchange 2007 OWA CAS files to the Exchange 2010 CAS. 

    http://blogs.technet.com/b/exchange/archive/2009/12/02/3408921.aspx


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, June 18, 2012 12:57 AM
  • The article you refer to specifically says that if the 2007 users are in the Internet facing AD site, Exchange 2010 CAS will utilize the externalURL field on the 2007 CAS (from the article):

    1. CAS2010 will authenticate the user and access Active Directory and retrieve the following information:
      1. User's mailbox version
      2. User's mailbox location (AD Site)
      3. The ExternalURL of Exchange 2007 Client Access Server(s) OWA virtual directory located within the mailbox's AD site (also ensuring that the authentication settings match the CAS2010 server's); which in our above example is https://legacy.contoso.com/owa
    2. If the mailbox is located on Exchange 2003, the Exchange2003URL property of the OWA virtual directory of CAS2010 is also returned (https://legacy.contoso.com/exchange).
    3. CAS2010 will then silently redirect the user's browser session to https://legacy.contoso.com/owa (or https://legacy.contoso.com/exchange if the mailbox is Exchange 2003) using a hidden FBA form with the fields populated.  OWA will return a small web page containing a hidden form with the same information as what the user had originally submitted to CAS2010 FBA page (username, password, public/private selector, URL to redirect to after logon) and a submit URL synthesized from URL obtained in step 3, and target Exchange -specific path and query string. The web page will also contain script to automatically submit the form as soon as it is loaded.  This is the last part of the logon process that E2010 CAS will have a role in. Afterwards, no remnant of the user session should stick around.

    At any rate, I appreciate your help.

    BSQRD1

    Monday, June 18, 2012 7:57 AM
  • What you say is right, but why would you want it that way?  It's a lot more complicated in my opinion than using the proxy capability and swinging the URL to Exchange 2010.  I've done a good number of these jobs, and I'm telling you the best way to do it.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, June 18, 2012 6:57 PM
  • What is involved with using the proxy? Do I just leave the externalURL field blank on the 2007 CAS (turning it into a non-internet facing CAS)? Then users hit 2010 CAS and either get mailbox contents (if 2010 mailbox) or get proxied to the 2007 CAS (if mailbox on 2007)? Do I have that right?

    I do know that access for 2007 mailboxes did not work without entering the "legacy" namespace in the externalURL field of 2007 CAS. But I never tried leaving the field blank either (i.e. proxy scenario).

    Thanks
    BSQRD1

    Monday, June 18, 2012 7:31 PM
  • You have it right.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, June 18, 2012 7:46 PM