locked
CAS issue with Multitenant Exchange 2010 SP1 RRS feed

  • Question

  • Hi all,  I have an issue where the CAS server seems to be resolving the internal hostname FQDN instead of the external one.  We are running Exchange 2010 fresh installs with SP1 and the /hosting switch. OutlookAnywhere seems to work fine, it's just that we'd rather the external server name displayed instead of the internal name.

    We have a wildcard domain for our external facing servers from Go-Daddy.

     

    Here is the scenario:

    We have two back-end servers - AD1 running active directory and MBX1 running EX2010SP1 Mailbox Role with network ID 172.16.2.0/24.

    Our front-end server is called CAS1 and is multihomed.  The public nic is called CAS1.domain.com whilst our internal AD domain is domain.local or CAS1.domain.local.  Our external url's for access to RPC, Autodiscover, etc., is set to exchange.domain.com.

    Now we create a new exchange organization called contoso.com with user jason@contoso.com

    When I setup Outlook, I select exchange server, enter in exchange.domain.com and jason@contoso.com for the user name.  I go in to the RPC/HTTP settings and put exchange.domain.com, change auth type to basic, click apply and OK then check name, and the Exchange server name resolves / changes from exchange.domain.com to CAS1.domain.local.

    Is there a way for me to have exchange.domain.com set or is this a matter of rebuilding the whole AD domain to be .com instead of .local?  I'm sure this could be done as it builds on the legacy front-end, back-end concepts.  I just can't seem to find the thing I'm missing as the Multitenant documentation is very much all over the shop.

     

    Here is some info if this helps:

     

     

    [PS] C:\Windows\system32>Get-OutlookAnywhere

     

     

    RunspaceId                      : c04ce53f-031f-4c06-9ac1-85f1f23911db

    ServerName                      : CAS1

    SSLOffloading                   : False

    ExternalHostname                : exchange.domain.com

    ClientAuthenticationMethod      : Basic

    IISAuthenticationMethods        : {Basic}

    XropUrl                         :

    MetabasePath                    : IIS://CAS1.domain.local/W3SVC/1/ROOT/Rpc

    Path                            : C:\Windows\System32\RpcProxy

    ExtendedProtectionTokenChecking : None

    ExtendedProtectionFlags         : {}

    ExtendedProtectionSPNList       : {}

    Server                          : CAS1

    AdminDisplayName                :

    ExchangeVersion                 : 0.10 (14.0.100.0)

    Name                            : Rpc (Default Web Site)

    DistinguishedName               : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=CAS1-AU,CN=Servers,CN=Exchange Admi

                                      nistrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=HostedExchange,CN=Micr

                                      osoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=local

    Identity                        : CAS1\Rpc (Default Web Site)

    Guid                            : f30394a4-68f1-4902-b14a-f50d23e4e071

    ObjectCategory                  : domain.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory

    ObjectClass                     : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}

    WhenChanged                     : 14/10/2010 2:15:01 AM

    WhenCreated                     : 12/10/2010 12:24:56 AM

    WhenChangedUTC                  : 13/10/2010 3:15:01 PM

    WhenCreatedUTC                  : 11/10/2010 1:24:56 PM

    OrganizationId                  :

    OriginatingServer               : AD1.domain.local

    IsValid                         : True

     

     

     

    [PS] C:\Windows\system32>Get-ClientAccessServer | FL

     

     

    RunspaceId                           : c04ce53f-031f-4c06-9ac1-85f1f23911db

    Name                                 : CAS1

    Fqdn                                 : CAS1.domain.local

    OutlookAnywhereEnabled               : True

    AutoDiscoverServiceCN                : CAS1

    AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service

    AutoDiscoverServiceInternalUri       : https://exchange.domain.com/autodiscover/autodiscover.xml

    AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596

    AutoDiscoverSiteScope                : {Default-First-Site-Name}

    AlternateServiceAccountConfiguration :

    IrmLogEnabled                        : True

    IrmLogMaxAge                         : 30.00:00:00

    IrmLogMaxDirectorySize               : 250 MB (262,144,000 bytes)

    IrmLogMaxFileSize                    : 10 MB (10,485,760 bytes)

    IrmLogPath                           : C:\Program Files\Microsoft\Exchange Server\V14\Logging\IRMLogs

    MigrationLogLoggingLevel             : Information

    MigrationLogFilePath                 :

    MigrationLogMaxAge                   : 180.00:00:00

    MigrationLogMaxDirectorySize         : 10 GB (10,737,418,240 bytes)

    MigrationLogMaxFileSize              : 100 MB (104,857,600 bytes)

    IsValid                              : True

    ExchangeVersion                      : 0.1 (8.0.535.0)

    DistinguishedName                    : CN=CAS1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admi

                                           nistrative Groups,CN=HostedExchange,CN=Microsoft Exchange,CN=Services,CN=Configu

                                           ration,DC=domain,DC=local

    Identity                             : CAS1

    Guid                                 : cc294d11-b143-40f2-bdcf-3b5be21e2ecb

    ObjectCategory                       : domain.local/Configuration/Schema/ms-Exch-Exchange-Server

    ObjectClass                          : {top, server, msExchExchangeServer}

    WhenChanged                          : 13/10/2010 9:31:54 PM

    WhenCreated                          : 9/10/2010 9:43:17 AM

    WhenChangedUTC                       : 13/10/2010 10:31:54 AM

    WhenCreatedUTC                       : 8/10/2010 10:43:17 PM

    OrganizationId                       :

    OriginatingServer                    : AD1.domain.local


     

    Any help on this would be greatly appreciated!!!

     

    Jason.

     

     

     

     

    Thursday, October 14, 2010 1:19 AM

Answers

  • you need to create a cas array 

     

    new-casarray -name Cas.domain.com -fqdn cas.domain.com -site adsitename

     

    then change it again in the rpcclientaccess


    Full time IT consultant since 1998 mainly on Exchange\ISA\AD MCSE NT4.0,2000/2003, CCNA MCITP: Enterprise Messaging Administrator 2007/2010 MCT since 2001
    • Marked as answer by Jason Kelton Thursday, January 13, 2011 9:51 AM
    Monday, October 18, 2010 1:23 PM

All replies

  • get-mailboxdatabase | fl *rpc* 

     

    if the RpcClientAccessServer is cas.domain.local so that's your issue you need to change this to cas.domain.com

     

     

    set-mailboxdatabase dbname -RpcClientAccessServer cas.domain.com

     

    this will only be applied to new profiles


    Full time IT consultant since 1998 mainly on Exchange\ISA\AD MCSE NT4.0,2000/2003, CCNA MCITP: Enterprise Messaging Administrator 2007/2010 MCT since 2001
    Saturday, October 16, 2010 10:34 PM
  • Thanks for the info.  After reading around, that seems to make sense and you're right, it is set to domain.local.  When I try to change it to domain.com, it says that the server cannot be found:

     

    Set-mailboxdatabase "Mailbox Database 1916250517" -RpcClientAccessServer cas.domain.com (i've also tried cas1.domain.com and exchange.domain.com which are also being used), I get the following result:

     

    Exchange server "cas.domain.com" was not found. Please make sure you typed the name correctly.  

     

    Could this be a multi-homing issue?  The internal servers have no NAT / external access except via socks / http proxy.

     

    Jason.

     

     

    Monday, October 18, 2010 12:31 PM
  • what is cas.domain.com ? is it just a name ? did you create a cas array ?
    Full time IT consultant since 1998 mainly on Exchange\ISA\AD MCSE NT4.0,2000/2003, CCNA MCITP: Enterprise Messaging Administrator 2007/2010 MCT since 2001
    Monday, October 18, 2010 12:33 PM
  • To some degree - its just a CNAME in our external DNS.  We have not created a CAS array as yet but plan to once things start to scale.  Right now it's just a single server.  We plan to load-balance the array through hardware LB's.

    To clarify, here's a list of our servers and server roles:

    Server | Roles

    AD1.domain.local | Active Directory

    MBX1.domain.local | Exchange 2010 MB

    CAS1.domain.local / cas1.domain.com (exchange.domain.com) | Exchange 2010 CA, HT (multi-homed: NIC1 Internal 172.16.2.x, NIC2 external 203.x.x.x respectively)

    When we went through the setup, we set all the virtual directories internal and external fqdn's to exchange.domain.com on CAS1.  We assumed that from a planning perspective, we would use exchange.domain.com for the listening hostname in a single CAS / HT implementation and once we scaled out, we would use our load balancers to redirect to CAS1.domain.com, CAS2.domain.com etc...

    Given that the autodiscover redirector seems to be working as expected, we feel that exposing the domain.local to our outlook clients is more a cosmetic than security issue...

     

    Jason.

     

     

     

     

     

    Monday, October 18, 2010 1:10 PM
  • you need to create a cas array 

     

    new-casarray -name Cas.domain.com -fqdn cas.domain.com -site adsitename

     

    then change it again in the rpcclientaccess


    Full time IT consultant since 1998 mainly on Exchange\ISA\AD MCSE NT4.0,2000/2003, CCNA MCITP: Enterprise Messaging Administrator 2007/2010 MCT since 2001
    • Marked as answer by Jason Kelton Thursday, January 13, 2011 9:51 AM
    Monday, October 18, 2010 1:23 PM
  • Sorry for the late reply but the festive season = infrastructure upgrade time :) :(.

     

    Anyway thank you so much for your assistance, this did the trick!

     

    Jason.

     

    Thursday, January 13, 2011 9:52 AM