I’ve seen a lot of posts about CAS-CAS Proxying in Exchange Server 2007. Then, I will go over some key points that we must not forget when we are deploying this kind of solution. These points can be seen below:
1 CAS Server in each site that has a MAILBOX server
Only in the CAS which will be published on the internet you must set up the externalURL attribute with your external name
All other “child” CAS servers must be set up with Integrated Authentication insted of forms authentication
ExternalURL in the child sites must be empty
Set-OwaVirtualDirectory <owa> -ExternalURL:$null
Ps.: If you enableExternalURL in child CAS Servers, then you will have Redirection feature not Proxy.
Make sure that you internalURL is appropriate. By default is the name of server, make sure that it makes sense (I wrote this one, because I saw a customer using external address into the internal address [:D])
make sure that RedirectToOptimalOWAServer is set to $True, you can use the following cmdlet: set-owavirtualdirectory “owa (default web site)” -RedirectToOptimalOWAServer $true
The same for Exchange Server 2003 back-end servers you must not enable forms authentication
If you are using ISA Server to publish the CAS Server (recommended) you must disable Forms in the “parent” CAS server, ISA server will take care of the Forms
Give some time for Active Directory Replication
Built in tools to help you in this kind of scenario:
- IIS logs are your friend, you can validate by them if everything is going well
- You can also validated using OWA session on the About section you can see if CAS Proxy-to-Proxy is working as well
I hope that it can help you in your CAS-CAS Proxying deployment.