"In-depth Exchange 2013"08 agents, redirects, coexistence

Looking back at what you said before, CAS does not directly provide a mailbox connection to clients, but instead ensures that the client is connected to the correct MBX in two ways: proxy or and redirect. In a proxy connection, the CAS receives the client connection and forwards it to the appropriate server; In a redirected connection, CAs simply responds to the client's FQDN of an appropriate server to allow the client to initiate the connection again.

In a Exchange2013 environment, CAS only perform redirection actions in a few cases. This is due to the redirection forcing the client to reconnect again, which is not acceptable for all client types.

Agent

CAS proxy actions are slightly more complex to be designed in Ex2010 and Ex2007, and have been simplified in Ex2013, but for some issues involving boundaries, such as traffic that needs to be proxied to the underlying Exchange server or through a complex ad site topology, You have to think it over when you're in this situation.

First, there are two things that must be done before CAS proxies anything, one is that the CAs that received the initial connection (called the initial CAs) have to authenticate the client, and then it has to decide which MBX is owning the active database copy of the mailbox.

After these two steps are complete, the initial CAS begins to proxy traffic. The simplest proxy action: IMAP and POP,CAS can always proxy both traffic regardless of the exchange version of the target MBX.

Other Exchange protocols include Outlook Anywhere, Autodiscover, Outlook Web App, Exchange ActiveSync (EAC), availability service, and Exchange Web service. They are hosted over HTTP or HTTPS, and CAs do not care about the content in these protocol traffic, only the destination endpoint where those protocols are located. For example: EX2010 has a client mailbox, initiated a Autodiscover request, the request was received by Ex2013 CAs, and then the CAS agent request to Ex2010 cas,ex2010 CAs return Ex2010 MBX where, Reply to Ex2013 's CAs, and then Ex2013 the CAs to reply to these Autodiscover information for the client.

The above is the coexistence of Ex2010 and Ex2013 agent situation, and then look at the coexistence of Ex2007 and Ex2013, the current Ex2013 CAs received a Autodiscover request from the client, the client's mailbox is on Ex2007 mbx, Ex2013 CAS proxies this link to Ex2013 's mbx, not Ex2007, because Ex2013 MBX has a special posture (code) to handle the Ex2007 request.

Note that we discussed above is the Autodiscover proxy method, the mixed Environment Outlook Anywhere Proxy way is more conventional, how to general, with the Outlook Anywhere I have talked about the three version of the difference I think about it.

If more than one Ex2010 CAs in the current ad topology can be used as the target of proxy traffic, how does Ex2013 CAs know that these servers are functioning properly? We take a step-by-step look at the beginning, Ex2010 will query the ad to get a all Ex2007 or Ex2010cas server table. An HTTP head request is then sent to the virtual directory for each of the servers in these tables, and this request is made every 60 seconds. HTTP HEAD requests, unlike HTTP GET requests, require only those virtual directories to be the page headers of the endpoints of the protocol we call, and then determine if the virtual directories are available based on the response returned, if the endpoint returns an HTTP response of Class 300 or class 400. Then Ex2013 CAs believes that these endpoints of this server can be used as proxy traffic targets. If the request times out or returns an HTTP 500 class response, the HTTP head request will be retried immediately, and if the second HTTP head request fails again, the server's endpoint is considered down and no more traffic will be proxied to it.

Tips: If you are in a mixed environment with multiple Ex2010cas and Ex2013cas, you want to designate a Ex2010 CAs to be excluded from proxy traffic (stop receiving Ex2013 proxy traffic), say you are currently opening a maintenance window (temporarily stop the station Ex2010 CAs for upgrade patching and so on), or if you plan to cut it directly, you can use a parameter-isoutofservice in the Set-clientaccessserver command to get it off the hook. The command is as follows:

Set-clientaccessserver–identity Ex2010cas01–isoutofservice $true

After you run this command, the Ex2010 will remain idle until you reset-isoutofservice to $ false.

Redirect:

In the following cases, Exchange CAs redirects the connection:

1. When inbound Unified messaging calls are received.

2. When a user with a mailbox in Ex2007 MBX opens Outlook Web App, Ex2013cas redirects the request to Ex2007 's CAs because Ex2007 does not accept Ex2013 's Outlook Web App proxy connection traffic.

3. When a Ex2013 user who is located in another AD site initiates an Outlook Web app connection, and the external address is also set on the CAS of this other ad site, the local ex2013cas that receives the connection request is redirected. For example, Beijing's users in Shanghai site, visit the Shanghai site of Ex2013 CAs Outlookwebapp, and his mailbox is located in Beijing site MBX, and Beijing site's CAs set up an external access URL, The CAs in Shanghai will then return the external access URL of the CAs in Beijing to the client, allowing the client to redirect. If the CAs at the Beijing site do not have an external access URL or are set up with the same external access URL as the CAs in Shanghai, then the CAS in Shanghai will proxy the connection instead of redirecting.

There is also a redirect is IIS redirection, that you visit https://mail.contoso.com without the back of the/owa/, this configuration everyone should have done, very user-friendly settings, if you have not played this, then you can refer to here:https:// technet.microsoft.com/en-us/library/aa998359 (v=exchg.150). aspx

CAS coexistence and migration of

The first task of coexistence is to install a Ex2013 CAs and put all inbound traffic on the new CAs. The main thing to do with this change is to modify the architecture configuration of the entire system, rather than configuring exchange, and we comb through these tasks:

1. Evaluate the ad's site topology to see if any changes need to be made

2. Re-request and install the certificate for the new CAS server. (We'll talk about Exchange certificates in the next chapter)

3. Prepare for changes: including reverse proxy, firewall, load balancer.

4. Consider the external and internal DNS modifications.

When you are ready for the above tasks, you can try to install an Exchange 2013 CAs, and then verify that inbound traffic flows as you expect. Microsoft recommends placing this Exchange 2013 CAS on 1, external-facing 2, processing Autodiscover requests, so that Ex2013 's CAs can handle these Autodiscover requests. In other words, you have to change the public network mapping to this one, configure the external access address of this Ex2013 CAs, verify the external access of this Ex2013, you can add more Ex2013 server. Of course there are a lot of subsequent steps, this is just the beginning, just!

The effects of mixed URLs on Ex2010 migration to Ex2013

In Ex2010, Microsoft recommends that you do not let external clients resolve directly to the CAS array, and then the CAS array is separate from the Outlook Anywhere host name. To do these two points is very simple, change the DNS on the line. If you assign the same URL to both services, you can also run normally, as many administrators do: Outlook anywhere is set to the same namespace as the RPC CAS array. Mail.contoso.com, and then relies on split-brain DNS to allow external clients to access only external IP addresses, outside is also called mail.contoso.com. You can then do the same for other services, such as Exchange ActiveSync and Outlook Web apps. At this point we think that the domain name of Mail.contoso.com is a mixed URL. Similar to the following picture:

650) this.width=650; "title=" clip_image002 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M00/6F/40/ Wkiom1wvha-zzf6oaaicwnguc8k418.jpg "height=" 659 "/>

After you have installed Exchange CAs, you will find that the MAPI client in the environment is not available! Because they are still accessing your unified set of external addresses, mail.contoso.com, and this address now points to the ex 2013 CAs, and Ex2013 CAs does not receive any MAPI direct connections. If this is the case, the MAPI connection is unsuccessful and Outlook automatically rolls back to the Outlook any where connection mode.

Then we wonder if we opened Outlookanywhere before installing Exchange 2013, and in the old environment, notice that there are two lines in the Configuration dialog box for your Outlook any where.

650) this.width=650; "title=" clip_image003 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image003 "src=" http://s3.51cto.com/wyfs02/M00/6F/3D/wKioL1WVh3agi_ 52aab0yqllbu4744.jpg "height=" "/>"

That is, if we want the outlook any where client to use the RPC over HTTP connection instead of the RPC direct connection in the internal environment, we have to tick the first one, which is not a client-side matching? Do not, these two configuration is included in the Autodiscover configuration file, remember the last chapter we said Autodiscover There are various provider, this configuration by Outlookprovider to handle. Therefore, in Exchange 2010 EMS to execute such two commands, you can modify the Autodiscover configuration file, to update the purpose of these two configurations:

Set-outlookprovider Expr-outlookproviderflags:serverexclusiveconnectset-outlookprovider EXCH- Outlookproviderflags:serverexclusiveconnect

If you want to adjust this option back for some reason, perform

Set-outlookprovider Expr-outlookproviderflags:noneset-outlookprovider Exch-outlookproviderflags:none

After the change, wait for Autodiscover refresh all the client, randomly pick a few to verify, see if as shown

650) this.width=650; "title=" clip_image004 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image004 "src=" Http://s3.51cto.com/wyfs02/M00/6F/40/wKiom1WVha_ Dtq66aab0yqkkqws374.jpg "height="/>

This way the connection process becomes the following two images:

650) this.width=650; "title=" clip_image006 "style=" Border-top:0px;border-right:0px;border-bottom:0px;border-left : 0px; "border=" 0 "alt=" clip_image006 "src=" http://s3.51cto.com/wyfs02/M01/6F/3D/ Wkiol1wvh3et7aeraal9oxib3ow737.jpg "height=" 797 "/>

With these steps, we guarantee that the Outlook client will use RPC/HTTPS for MAPI to connect to EX2013 's CAs, whether internal or external, so it doesn't matter if you're mixing URLs. When it comes to this, you should understand why in the previous chapters, as long as Exchange 2013 is ready to appear in a coexistence environment, you must first open Outlook anywhere on the older CAS server.

Breath and pull a lot of, speaking or more abstract, we have to combine the usual environment to think more, the next chapter we talk about a lighter topic: Certificates in Exchange.

At the end of the campaign:

650) this.width=650; "height=" 107 "title=" clip_image001 "alt=" clip_image001 "src=" Http://s3.51cto.com/wyfs02/M02/6E /d5/wkiol1wjljwrgz9oaabc44dzlpk214.jpg "border=" 0 "style=" padding:0px;margin:0px;vertical-align:top;border:0px; " />

http://www.itcharger.com/

The IT gas station around you!

Also welcome to pay attention to Itcharger's public number, updated weekly articles will be published on this; There are also other articles about Microsoft's private cloud technology to share.

650) this.width=650; "height=" 269 "title=" clip_image002 "alt=" clip_image002 "src=" Http://s3.51cto.com/wyfs02/M02/6E /d9/wkiom1wjlhyxurifaadcfys9vre020.jpg "border=" 0 "style=" padding:0px;margin:0px;vertical-align:top;border:0px; " />

This article is from the "Castamere Rainy season" blog, be sure to keep this source http://sodaxu.blog.51cto.com/8850288/1670391

"In-depth Exchange 2013"08 agents, redirects, coexistence