Using the option Proxy through client access server in Exchange Server 2013

Share this:

Hi folks,

Mail flow was completely redesigned in Exchange Server 2013 and by default all outbound connections through Send Connectors go through our Mailbox Servers (being specific through the Transport Service on the Mailbox Service). I understand the change but it’s always good to check and run a couple of scenarios and that helps to understand better the feature, so in this post we are going through the steps to describe how the feature Proxy through client access server in a Send Connector really works in Exchange Server 2013.

In order to understand better this feature I would like to show you my environment, as follows:

  • POAEX01 (CAS) and IP 10.60.99.52
  • POAEX02 (CAS) and IP 10.60.99.53
  • POAEX10 (Mailbox) and IP 10.60.99.56
  • POAEX11 (Mailbox) and IP is 10.60.99.57
  • My domain in my lab is AndersonPatricio.ca
  • Our Internet Send Connector (POA-Internet) using default settings
  • The reference XX.XX.XX.XX is my Public IP that is the reason that I added that information.

Awesome now that we are on the same page I’m going to send a message from my regular user to my Office365 mailbox which is anderson@andersonpatricio.org and here you go with the results:

Received: from POAEX10.apatricio.local (XX.XX.XX.XX) by CO1EHSMHS031.bigfish.com (10.243.66.41) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 2 Nov 2012 00:33:57 +0000
Received: from POAEX10.apatricio.local (10.60.99.56) by POAEX10.apatricio.local (10.60.99.56) with Microsoft SMTP Server (TLS) id  15.0.516.32; Thu, 1 Nov 2012 20:44:24 -0400
Received: from POAEX10.apatricio.local ([fe80::d9e1:7e76:27ee:1189]) by POAEX10.apatricio.local ([fe80::b13b:f91d:f64e:2813%29]) with mapi id 15.00.0516.029; Thu, 1 Nov 2012 20:44:24 -0400
From: Anderson Patricio <Anderson@AndersonPatricio.ca>
To: “anderson@andersonpatricio.org” <anderson@andersonpatricio.org>
Subject: Test #02: FrontendProxyEnabled $false (default)

Okay, test completed and by default who connects on the external host is the Mailbox Server.  Now, let’s change the configuration by logging on EAC, mail flow and then send connectors. Double click on the Send connector to the internet.

image

Another way to change it is using PowerShell, as follows:

image

Time to send another message and check the results on the Internet Headers of the message and the results now are clear the server that connected was the CAS instead of the Mailbox.

Received: from POAEX01.apatricio.local (XX.XX.XX.XX) by CH1EHSMHS028.bigfish.com (10.43.70.28) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 2 Nov 2012 00:23:58 +0000
Received: from POAEX10.apatricio.local (10.60.99.56) by POAEX10.apatricio.local (10.60.99.56) with Microsoft SMTP Server (TLS) id 15.0.516.32; Thu, 1 Nov 2012 20:33:35 -0400
Received: from POAEX10.apatricio.local ([fe80::d9e1:7e76:27ee:1189]) by POAEX10.apatricio.local ([fe80::b13b:f91d:f64e:2813%29]) with mapi id 15.00.0516.029; Thu, 1 Nov 2012 20:33:35 -0400
From: Anderson Patricio <Anderson@AndersonPatricio.ca>
To: “anderson@andersonpatricio.org” <anderson@andersonpatricio.org>
Subject: Test #01: Using FrontEndProxyEnabled $true

Since it’s a new product and it’s time for testing, I resolved to play around, so I kept the FrontEndProxyEnabled $true and I went to the CAS servers and I removed the default gateway of those boxes, to see what would happen and as expected the message didn’t go through and if I look at the Queue Viewer and as expected the message didn’t go through and I we have an error being displayed on the Last Error column.

image

The error message was the one below and it seems harder at the first glance to find out the issue but in the messages you can identify the communications between Mailbox and CAS where the last error is coming from the CAS server.

451 4.4.0 Primary outbound frontend IP address responded with “450 4.7.0 Proxy session setup failed on Frontend with ‘451 4.4.0 Error encountered while communications with primary target IP address: “4.2.1 Unable to Connect.” Attempted failover to alter

Tomorrow I hope to get done the post about how to create a simple connector in Exchange Server 2013.

Written by Anderson Patricio

Anderson Patricio is a Canadian Exchange Server MVP and MCSM (Solutions Master) and he contributes to the Microsoft Community with articles, tutorials, blog posts, forums and book reviews. He is a regular contributor at MSExchange.org, ITPROCentral.com and AndersonPatricio.org (Portuguese).