How To: Set your CAS URL’s in Exchange Server 2007

Thursday, October 9, 2008 21:38
Posted in category Exchange & OCS
No Comments

The Client Access Server, or CAS in short, is the primairy connection point for all clients to access thier email. The CAS handles incoming client connections for Webmail (Outlook Web Access, or OWA), The Offline Address Book (OAB), Unified Messaging (UM), ActiveSync, POP, IMAP and the Exchange Web Services.
Note; Currently (Exchange 2007 SP1) all MAPI calls are still handled by the Mailbox Server. It would be no more the logical to presume that in the next Exchange release, even MAPI calls will go through the CAS.

When you open the Exchange Management Console (or the PowerShell Console yeah yeah…) you might have noticed that for each of the incoming request types (OWA, OAB, AS etc.) you can set the internal and external URL. You might have noticed that you can leave these blank as well.

The way you enter URL’s in these boxes significantly impacts how the CAS server services, routes or proxies the incoming requests. You should now what you should put in those boxes, and why.

So let’s find out…

First of all, it is very importent to determine whether or not you CAS is facing the Internet. Is it only accessible from the ‘internal’ network, or do clients on the Internet access this server (where this server can either service the requests, proxy or route them).

If the CAS is facing the Internet, the InternalURL and ExternalURL settings are quit obvious. For ALL settings you will (have to) use an InternalURL setting with this form; https://coputername/<VirtDir> Where computername is the NetBIOS name of you computer (ohoh…) and the <VirtDir> is the IIS Virtual Directory for the server (e.g. “OWA”, “OAB”, “UnifiedMessaging”, “Microsoft-Server-ActiveSync” or “EWS”).
For these Internet facing CAS servers, the External URL should be set to https://host.domain.com/<VirtDir>. Where host.domain.com is, of course, the external hostname of your CAS server (for example mail.mycompany.ms).
For ALL Virtual Directories Integrated Authentication should be used, except for the OWA virtual directory. If ISA is using forms-based authentication, you should use Integrated or Basic Authentication. If authentication is NOT handled on the ISA server, you should configure OWA to use forms-based authentication.

Now, for non-Internet facing CAS servers, the settings are little different. You should set the ExternalURL to [NULL] (No, do not type in this… leave it empty.) Always use Integrated Authentication for ALL Virtual Directories. Set the NLBBypassURL setting to [NULL] (again..) except when configuring the Exchange Web Services (EWS) virtual directory. Use https://computername/EWS (where computername is the NetBIOS name of the CAS server).
The InternalURL should be set to the Network LoadBalancer’s name. (e.g. https://NetWorkLoadBalancer/OAB). EXCEPT for Outlook Web Access. For OWA, use https://computername/OWA as an Internal URL.

Note; this post assumes you are using multiple CAS servers and that an ISA Server (array) is in between the Internet and the (Internet-facing) CAS servers.

Now that we are on Load Balancers, keep in mind these important notes;

* OWA and EWS require client-server affinity, the other do not.
* If you are using SSL, and you should, try to have some sort of client-server affinity (–> Performance!)
* You can use Network Load Balancing, but know what the draw backs are. Preferrably use ISA or some other Load Balancer.

You can leave a response, or trackback from your own site.
Tags: , , ,

Leave a Reply

You must be logged in to post a comment.

«
»