Solved: Exchange 2010 + OWA Proxy?

Geoff_Moore · ‎03-21-2011

Hello,

I'm currently in the process of upgrading our Ex2003 to Ex2010. I have the 2010 servers added to EV, tasks created, and my test accounts are enabled and can manually archive. My issue comes with OWA. On my 2003 config, we used an application pool in IIS "EnterpriseVaultProxy" to allow the proxy from OWA to our EV server without having any ISA or externally resolvable EV sever. When installing the extensions for 2010 on the CAS servers, I don't see this being created.

This is causing an issue when trying to hit OWA from off site you get a 404, which makes sense. If you use OWA from on the network, OWA will redirect you to the FQDN of the EV server, but will use your windows session credentials for auth, so it will be my personal archive explorer or if I click on a shortcut I get access denied, which makes sense if it's not using a proxy via OWA, the wrong user credentials being used.

I've seen mention that ISA or publishing the EV server externally will be a resolve for this, but I don't want to do it this way unless I have to. I have (I think) all the settings on the EV server correct because this is working properly on 2003.

Can something similar be done for 2010? I'm finding SOME info, particularly in tech note 63250, but I'm not quite sure if this is what I want. Would recreating the application like on my 2003 servers do the trick?

Any help would be appreciated!

JesusWept3 · ‎03-21-2011

Since Exchange 2007 the only way it can be done is to publish the /EnterpriseVault virtual directory from the EV machine directly out through ISA or Forefront or whichever firewall type application you wish to use.

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

JesusWept3 · ‎03-21-2011

Since Exchange 2007 the only way it can be done is to publish the /EnterpriseVault virtual directory from the EV machine directly out through ISA or Forefront or whichever firewall type application you wish to use.

https://www.linkedin.com/in/alex-allen-turl-07370146

FreKac2 · ‎03-22-2011

Don't the following tech note explain most of it ?

http://www.symantec.com/business/support/index?page=content&id=TECH61472

Which use the same listener that OWA use but when /enterprisevault is in the URL it will redirect it to the EV server. So e.g. you don't have to publish the internal ev server name to the internet.

/Fredrik

Geoff_Moore · ‎03-22-2011

I guess that I wanted a solution which didn't involve another server for ISA. We currently have an application pool in IIS for this, which works well, and I can't find a concrete answer why this won't work in later versions. The EV server can obviously handle it, as it still is, and I'd like to make it a similar set up for 2010. If someone can tell me why it won't support this vs just saying that it won't work in 2007 and later, I'd understand the issue better.

Thanks!

FreKac2 · ‎03-22-2011

Ahh, ok I read your post too quickly :)

As far as I can remember right now, opening e-mails by double-clicking on an item should work more or less like before because it's picked up by the CAS extensions to trigger a download of the item.

Search and AE however requires the Enterprisevault VD to be published.

What authentication method do you use when accessing OWA ?

Might be a good idea to trace an external login just to see what it says. (you need to edit/add EV parameters in the web.config file on the CAS server/s).

/Fredrik

Geoff_Moore · ‎03-22-2011

Currently using forms based auth. I'm almost thinking opening the ports and publishing the VD would be the best solution.

FreKac2 · ‎03-24-2011

That is of course an option but you may want to run a trace first just to make sure what is happening when a user login and open an archived item.

VOX

Exchange 2010 + OWA Proxy?