When deploying Exchange to a child or root domain when other child or subdomains excist you must Set-AdServerSettings -ViewEntireForest $true -PreferredGlobalCatalog globalcatalog.domain.com
This allow AD to see all users in the forest in EMS. If not you only see the primary install domain.
When deploying CAS servers in multiple AD sites for site resiliency you must create a second client access array in the secondary location. The internal and external urls in the internet facing site are https://fqdn.servname.com/owa and https://webmailaddress.com/owa. In the non internet facing site offload ssl with the offload registry key. The internal and external urls are https://fqdn.sername.com/owa and $null for both OWA and ECP.
When removing certificates make sure to leave the default self signed certificate. If you remove it the bindings in IIS have a binding for *443 but it will no longer have a valid cert. In IIS if you try to browse you will not get a webpage. If you are using site to site resiliency with a non internet facing site Exchange will be unable to do CAS0CAS redirection as no 443 servers will answer in the secondary site.
I needed to edit binding 443 at the Default Web Page level and pick a certificate (although invalid)to bind with 443.
You will see and event ID 40 in the event log.
Request
Url: http://webmail.domain.com:80/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest
User host address: 192.168.26.232
User: TEST1
EX Address: /o=domain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=TEST1
SMTP Address: TEST1@domain.com
OWA version: 14.1.255.0
Second CAS for proxy: https://fqdnsite2server.domain.com/OWA
This allow AD to see all users in the forest in EMS. If not you only see the primary install domain.
When deploying CAS servers in multiple AD sites for site resiliency you must create a second client access array in the secondary location. The internal and external urls in the internet facing site are https://fqdn.servname.com/owa and https://webmailaddress.com/owa. In the non internet facing site offload ssl with the offload registry key. The internal and external urls are https://fqdn.sername.com/owa and $null for both OWA and ECP.
When removing certificates make sure to leave the default self signed certificate. If you remove it the bindings in IIS have a binding for *443 but it will no longer have a valid cert. In IIS if you try to browse you will not get a webpage. If you are using site to site resiliency with a non internet facing site Exchange will be unable to do CAS0CAS redirection as no 443 servers will answer in the secondary site.
I needed to edit binding 443 at the Default Web Page level and pick a certificate (although invalid)to bind with 443.
You will see and event ID 40 in the event log.
Request
Url: http://webmail.domain.com:80/owa/ev.owa?oeh=1&ns=HttpProxy&ev=ProxyRequest
User host address: 192.168.26.232
User: TEST1
EX Address: /o=domain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=TEST1
SMTP Address: TEST1@domain.com
OWA version: 14.1.255.0
Second CAS for proxy: https://fqdnsite2server.domain.com/OWA
Comments
Post a Comment