Today On Microsoft’s Social Forums I was asked this Question a couple of times so I planned to write a Blog Post on this

Let us first start with Understanding that Why do we even need to Enable Proxying.

Let us Assume that we have 3 Active Directory Sites (Site A, B and C)and On Every Sites I have Exchange 2010 Installed.(Client Access Server is what we are focusing on)

Only My Site A is Internet Facing while on Site B and C “I dont want them to be Published to the Internet”

So far So good “fazalmkhan.com/owa is my URL for CAS Published on Site A”

So that Means that any of my Clients in Site A. B or C Would use the above URL type the User ID and password(Eg the user is in Site B) and than the CAS Would Proxy the Request to the CAS Server in Site B and User would be able to Access its Email.

Note: CAS in Site A would be Set to Form Based Authentication While the CAS in Site B and C would be set to Windows Integrated Authentication.

How Client Access Servers Work:

The following steps describe what happens when a messaging client connects to the Client Access server:

1. If the client connects from the Internet using a non-MAPI connection, then the client connects to the Client Access server using the client protocol. Only the
protocol ports for client connections must be available on the external firewall.
2. If the client connects from the internal network using Office Outlook configured as a MAPI client, then the client connects to the Client Access
server using MAPI RPC connections.
3. The Client Access server connects to a Microsoft Active Directory® directory service domain controller by using Kerberos to authenticate the user. Internet
Information Services (IIS) or the RPC Client Access service on the Client Access server performs the authentication. The Client Access server uses a
Lightweight Directory Access Protocol (LDAP) request to a global catalog server to locate the Mailbox server that manages the user’s mailbox.
4. The Client Access server connects to the Mailbox server using a MAPI RPC to submit messages to the mailbox database, or to read messages.

Note: Proxying is supported for clients that use Outlook Web App, Exchange ActiveSync, and Exchange Web Services

Client Access protocols for redirection and proxying

Protocol

Client Access server to Mailbox server communication supported between Active Directory sites

Redirection supported between Client Access servers

Proxying supported between Client Access servers

Comments

Outlook Web App

No

Yes

Yes

Must have a Client Access server in each Active Directory site to use Outlook Web App.

Exchange ActiveSync

No

No (unnecessary)

Yes

Must have a Client Access server in each Active Directory site to use Exchange ActiveSync.

Exchange Web Services

No

No

Yes

Must have a Client Access server in each Active Directory site to use Exchange Web Services.

Availability service (used by Office Outlook 2007)

No

No (unnecessary)

Yes

Must have a Client Access server in each Active Directory site to use the Availability service.

Outlook Anywhere (RPC over HTTP)

Yes, with RPC

No

Not applicable

Not applicable

WebDAV and Exchange 2000 Server or Exchange 2003

Yes, over HTTP

No

Not applicable

Not applicable

POP3 and IMAP4

No

No

No

POP3 and IMAP4 clients must access a Client Access server in the same Active Directory site as their mailbox.

Advertisements