Topic Last Modified: 2008-02-08
Microsoft Office Outlook Web Access in Microsoft Exchange Server 2007 uses two methods to direct users to the correct Client Access server. The method that is used depends on the Active Directory site where the user's mailbox is located when there is more than one Active Directory site in an organization. The two methods are called redirection and proxying.
For more information, see Understanding Proxying and Redirection.
Problem Description
Client Access servers and Mailbox servers are deployed in Active Directory sites. Some Client Access servers may have external URLs and can be reached from the Internet. Other Client Access servers may have only internal URLs and be available only from your organization's intranet.
If you have two Active Directory sites, each with one Client Access server that has an external URL, a user may connect to the Client Access server in site 1 although his or her mailbox is in site 2. Outlook Web Access will either redirect the user to the Client Access server in site 2, or will proxy the user to the Client Access server in site 2.
By default, Outlook Web Access will redirect the user to the external URL of the Client Access server in site 2. However, if the RedirecttoOptimalOWAServer parameter is set to false, Outlook Web Access will try to proxy to the external URL of the Client Access server in site 2 and will ignore the internal URL.
If the Client Access server in site 2 is not available from the Internet, users will receive an HTTP 404 (page not found) error when they are proxied from the Client Access server in site 1 to the Client Access server in site 2. The steps to re-create the problem are as follows:
- Set up proxying so that users in site 2 can reach their
mailboxes through a Client Access server in site 1 without having
to reenter their credentials.
- Create an external URL (different from the internal URL) on the
Client Access server in site 2.
- Use the Set-OwaVirtualDirectory cmdlet to set the
RedirecttoOptimalOwaServer parameter to false on the Client
Access server in site 1. For more information, see Set-OwaVirtualDirectory.
- Block access to the Client Access server in site 2 from the
Internet. A simple way to do this is remove the DNS entry for the
external URL.
- Use the URL for the Client Access server in site 1 to log on to
a mailbox in site 2.
With the RedirecttoOptimalOwaServer parameter set to false on the Client Access server in site 1, the user will be proxied to the external URL on the Client Access server in site 2. If the Client Access server in site 2 loses connectivity to the Internet, the user will receive a 404 error (page not found).
To resolve this problem without allowing access to the Client Access server in site 2 from the Internet, use the Exchange Management Console or the Exchange Management Shell to set the external URL of the Client Access server in site 2 to null.
Before You Begin
To perform this procedure, the account you use must be delegated the Exchange Server Administrator role and membership in the local Administrators group for the target server.
For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.
Procedure
You can use either the Exchange Management Console or the Exchange Management Shell to set the external URL for the /owa virtual directory to null.
To use the Exchange Management Console to remove the external URL on the Client Access server being proxied to
-
In the Exchange Management Console, click Server Configuration, and then click Client Access.
-
In the work pane, select the Client Access server being proxied to, and then select the /owa virtual directory.
-
Click the Outlook Web Access tab.
-
Right-click the /owa virtual directory, and then click Properties.
-
In the virtual directory properties dialog box, click the General tab.
-
Delete the value in External URL.
-
Click OK to save your changes and close the properties window.
To use the Exchange Management Shell to set the external URL on the Client Access server being proxied to null
-
Log on to the Client Access server being proxied to.
-
Run the following command to set the external URL for the /owa virtual directory on the Default Web Site to null:
Copy Code Set-owavirtualdirectory -identity "owa (default web site)" -ExternalURL $Null
For more information about syntax and parameters, see Set-OwaVirtualDirectory.