Proxy vs redirection in CAS
How does Proxy differs from redirection in CAS role in exchange 2010
Aditya Mediratta
Thanks for such a good example Jim-XU , kindly elaborate more on "manual redirection VS silent"
Aditya Mediratta
All explained in the link I posted above. Did you read it?
Silent When this setting is configured, a user’s web browser is automatically redirected whenever a Client Access server must redirect an Outlook Web App request to Client Access server or server array located in another Active
Directory site. When forms-based authentication is configured on the source and target CAS OWA virtual directories (SSL is required), then the silent redirection is also a single sign-on event. For redirection to occur, the target Client Access server Outlook
Web App virtual directory must have an ExternalURL value configured.
Manual When this setting is configured, users will receive a notification that they’re accessing the wrong URL and that they must click a link to access the correct Outlook Web App URL for their mailbox. This notification only
occurs when a Client Access server determines that it must redirect an Outlook Web App request to Client Access server or server array located in another Active Directory site. For redirection to occur, the target Client Access server Outlook Web App virtual
directory must have an ExternalURL value configured.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
Similar Messages
-
We have a CFTV system running on Win2008R2 that listens on 4 sequential port numbers and the last port is the Web Browser Port number for management and viwing cameras
When we configure the port 8077 on the software, it opens 8077, 8078, 8079 and 8080 and works with no problem
But...
When we try to configure ports 77 (and therefore 77, 78, 79 and 80) thw applications hangs and seems like not be possible to configure to use port 80
I could confirm that, using NETSTAT and the main CFTV application open all required ports with no problem, but only works on ports with a different number from "80", wich is what i want, to make users more confortable, avoiding to type ":PORT_NUMBER"
after the URL, it will be more "ellegant" solution to use default port 80 for user´s connections
The question is: How to do a PortForward/Port Proxy? Redirecting traffic from port 8080 to 80 on the SAME machine?
May i Use NETSH? (based on Help, it can be used to do this, but on different machines, not the same one)
There is a RELIABLE application, running as a service, that can do the port forward/redirect?Hi,
I’m sorry to tell you that we can’t redirect traffic from a port to another port on the same server itself. But we can do it with a router which is configured to portfoward.
By the way, according to your description, another program may use the port 80. Is there an IIS installed on the server? If it is necessary, you can consult your CFTV system vendor.
Hope this helps.
Steven Lee
TechNet Community Support -
Unable to use HTTPS proxy when redirecting HTTP/HTTPS via NAT
I'm trying to get the WSA to work when redirecting HTTP and HTTPS traffic along the lines of the following:
object network WSA-HOST
host 10.0.210.2
object network obj-10.0.1.0 subnet 10.0.1.0 255.255.255.0
object service ORIG-HTTP-PORT
service tcp destination eq www
object service WSA-HTTP-DEST-PORT
service tcp destination eq 8080
object service ORIG-HTTPS-PORT
service tcp destination eq https
object service WSA-HTTPS-DEST-PORT
service tcp destination eq https << also tried 8080 etc.
nat (inside,outside) source dynamic obj-10.0.1.0 interface destination static obj_any WSA-HOST service ORIG-HTTP-PORT WSA-HTTP-DEST-PORT
nat (inside,outside) source dynamic obj-10.0.1.0 interface destination static obj_any WSA-PROXY-HOST service ORIG-HTTPS-PORT WSA-HTTPS-DEST-PORT
This works just fine for HTTP, but with HTTPS I get the following response from the Ironport WSA:
Based on your corporate access policies, access to this web site ( https://www.rbsdigital.com/ ) has been blocked.
Notification codes: (1, POLICY, UNKNOWN, 0x00000082, 1329750248.609, QAAAAAAAAAAAAAAAyf8AAP8AAAD/AAAAAAAAAAAAAAE=,
https://www.rbsdigital.com/)
The access log gives me the following:
1329750248.602 404 10.0.4.140 NONE_SSL/200 0 TCP_CONNECT 10.0.210.2:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
1329750248.609 0 10.0.4.140 TCP_DENIED_SSL/403 1840 GET https://www.rbsdigital.com:443/ - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
If anyone has any idea why the WSA simply denies the connection instead of proxying it then I'd be grateful.
The WSA and the decryption policies work fine in explisit mode.
Thanks in advance!The policy doesn't require authentication. Now here are two tests I did, seconds apart, from the same client on 10.0.4.140:
First one is where I use NAT as shown above:
1329757052.027 118 10.0.4.140 NONE_SSL/200 0 TCP_CONNECT 10.0.210.2:443 - NONE/- - OTHER-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
1329757052.311 0 10.0.4.140 TCP_DENIED_SSL/403 1840 GET https://www.rbsdigital.com:443/ - NONE/- - BLOCK_ADMIN-HTTPS-NonLocalDestination-NONE-NONE-NONE-NONE-NONE-NONE <-,-,"-","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,-,-,"-","-","-","-","-","-",0.00,0,[Local],"-","-"> -
Second test case is when I reconfigured the browser to explisitely use the WSA as a proxy on port 8080:
1329757138.274 344 10.0.4.140 TCP_CLIENT_REFRESH_MISS_SSL/200 39 CONNECT tunnel://www.rbsdigital.com:443/ - DIRECT/www.rbsdigital.com - DECRYPT_WBRS_7-DefaultGroup-UK_Office-NONE-NONE-NONE-DefaultGroup -
1329757138.566 200 10.0.4.140 TCP_CLIENT_REFRESH_MISS_SSL/200 39 CONNECT tunnel://www.rbsdigital.com:443/ - DIRECT/www.rbsdigital.com - DECRYPT_WBRS_7-DefaultGroup-UK_Office-NONE-NONE-NONE-DefaultGroup -
Non-categorised stuff should be passed through:
Global Policy
Identity: All
Pass Through: 1
Monitor: 65
Disabled
Pass Through
Any thoughts ? -
OWA 2013 Redirect to CAS Servers 2010 Randomly
Hello there!!
I think my case is not a problem, I just need a workaround or some fine adjustment to serve my needs. Follow my scenario:
One Exchange 2013 Server (CU3) with Mailbox and CAS role (coexisting with the 2010 Servers, ready for migration)
Two Exchange 2010 CAS Servers SP3 no rollups
Two Exchange 2010 Mailbox Servers SP3 no rollups (in a DAG)
I have two organizations who share the same exchange infrastructure, just using different smtp address, for example, some users use @yyy.com addresses and others use @zzz.com. We have two CAS servers just to use two different and customized OWA layouts (with
distinct OWA Internet addresses), one for @yyy.com users and other for the @zzz.com users
Also, I have the following database organization:
DB01 - @yyy.com mailboxes - 2010
DB02 - @zzz.com mailboxes - 2010
DB03 - @zzz.com mailboxes - will migrate to 2013
I need to do a partial migration to Exchange 2013, which is to migrate all mailboxes from DB03 database to Exchange 2013,
which will use the owa address for the @zzz.com addresses (We will point it to the new 2013 server).
The problem is that when users from DB02 try to use the 2013 OWA (@zzz.com), Exchange will bring up one of the 2010 OWA interfaces, sometimes the yyy.com customized interface and sometimes the zzz.com customized interface, and I need them to use just
the zzz.com interface.
There is any way that I can force Exchange 2013 to redirect the 2010 OWA users from a specific database to a specific CAS server? I found the command "Set-MailboxDatabase "Database Name" -RpcClientAccessServer EX2010-1.domain.local"",
but this work only for internal use (Outlook over RPC)
Best Regards FolksHi,
Firstly, I’d like to explain, the property RpcClientAccessServer shows the CAS server which mailbox connects to. It applies to all users and has no influence on OWA redirection. Because this value determines the location of the RPC end point and OWA request
use HTTPS protocol.
As far as I know, when there are many CAS Servers with same version in the same site, we couldn’t determine the CAS server which OWA request will redirect to.
Maybe we can take advantage of Proxy: proxy request from Exchange 2013 to Exchange 2010 and "disable" redirection:
http://social.technet.microsoft.com/Forums/exchange/en-US/999e3d3c-5919-4fa2-8e3e-a2c952214159/exchange-2010-cas-redirection
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support -
SAP EP - How to redirect in case of a reqest for a non-existent portal pag
Hello,
I am not 100% sure if this is the right forum to ask my question but I will give it a try anyway.
I would like to customize the error handling of the SAP EP 6.0 in the following way. If a user tries to access a page of the portal that does not exist, the user should receive an error page describing the problem occured and should be redirected to the homepage after a short period of time.
In a portal environment with default configuration the user would immediately be redirected to the homepage. There is no error message displayed.
Does anyone know where to start digging? I think I need a better understanding of SAP EP error handling. I appreciate all answers, hints and suggestions.
Cheers
Martin
Message was edited by: Martin Kellermann
Message was edited by: Martin KellermannHi guys,
I am sorry to start discussion on that topic again. But I definitely need some help. Due to Samuli's help I have been able to modify the error handling of the portal in the following way.
<b>Customization:</b>
User attempts to access a wrong url within the portal (e.g. http://<portal_server>:50000irjportalwrongurl). Instead of the standard "404 the requested resource is not available" error page I see my own error page. That's nice.
<b>What did I do:</b>
I added the following lines to the portal's web.xml (/usr/sap/J2E/JC00/j2ee/cluster/server0/apps/sap.com/irj/servlet_jsp/irj/root/web-infweb.xml):
<error-page>
<error-code>404</error-code>
<location>/customerrors/404.html</location>
</error-page>
Additionally, I created a the 404.html file and put it in folder (/usr/sap/J2E/JC00/j2ee/cluster/server0/apps/sap.com/irj/servlet_jsp/irj/root/customerrors/.
<b>What else?</b>
Well, I am using KM to make files accessible through the EP platform. If I access a KM file via the portal (http://<portal_server>:50000/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/Public%20Documents/Testfile.txt)an extra window opens and shows me the content of the file. In case I enter a wrong url (e.g. http://<portal_server>:50000/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/Public%20Documents/wrong_file_name.txt)I see the standard "404 The requested resource is not available" error page. But I want to see my customized error page.
<b>How to</b>
I think I have to modify the web.xml of the KM the same way I did for the portal. But I do not know where to find the KM web.xml? Please could someone advise me where to look?
I appreciate all kinds of help!
Martin -
Exchange 2013 CAS IMAP Proxying to offline 2007 CAS Server
We're running in coexistence mode with 2013 and 2007. We had one of our 2007 CAS servers go down. We have IMAP users that keep getting a login prompt now. Looking at the IMAP logs it's failing when the 2013 CAS server tries
to proxy the IMAP session to the down 2007 CAS server. Is there any way to stop 2013 from attempting to proxy to the down 2007 CAS server? We have 3 other 2007 CAS servers that are available.Hi,
I‘m following up this thread and if you have any question about the above information I provided, please feel free to let me know.
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Angela Shi
TechNet Community Support -
Hello,
I've installed Exchange 2013 into Exchange 2010 infrastructure
[ single Exchange 2010 server; single AD site; AD = 2003 ],
and moved one mailbox [ Test user ] to Exchange 2013.
When I login internally through 2013 OWA to access mailboxes on 2010, then proxy works fine.
When I login internally through 2010 OWA to access mailboxes on 2013, then a message appears:
Use the following link to open this mailbox with the best performance: with link to 2013 OWA...
What is wrong ?
I've checked and changed settings by:
Get-OwaVirtualDirectory, Set-OwaVirtualDirectory
[PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex10\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
Server : EX10
Name : owa (Default Web Site)
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : True
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
RedirectToOptimalOWAServer : True
LegacyRedirectType : Silent
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl : https://ex10.contoso.com/owa
ExternalUrl : https://ex10.contoso.com/owa
[PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex13\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
Server : EX13
Name : owa (Default Web Site)
ClientAuthCleanupLevel : High
InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
BasicAuthentication : True
WindowsAuthentication : True
DigestAuthentication : False
FormsAuthentication : False
LiveIdAuthentication : False
AdfsAuthentication : False
OAuthAuthentication : False
ExternalAuthenticationMethods : {Fba}
RedirectToOptimalOWAServer : True
LegacyRedirectType : Silent
Url : {}
SetPhotoURL :
Exchange2003Url :
FailbackUrl :
InternalUrl : https://ex13.contoso.com/owa
ExternalUrl :
best regards Janusz SuchHi Janusz Such,
Based on my knowledge, CAS proxy can only from later version to previous version.
Some like CAS2013 to CAS2010/2007, CAS2013 to CAS2013.
Thanks
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support -
Hi
We wish to introduce an Exchange 2013 server in our existing Exchange 2010 environment.
The Exchange 2013 server is only needed for migration purposes where we wish to leverage the new features of the migration-batch functionality.
It’s important that the Exchange 2013 server will not have any “visible” impact on the Exchange 2010 environment, or take over any functionality, right now, since the customer wish to stay on 2010.
Can you guys come up with anything to be aware of?
Oblivious we disable the Autodiscover SCP for the Exchange 2013 server, so that the clients will not hit this server. Nor will we point any URLs to the Exchange 2013
I can see that a new “Default Offline Address Book (Exch2013)” is created and set as default when EX2013 is installed. We will change this back to the default EX2010.
The server will properly take part in the Shadow Redundancy feature, and is doesn’t seem to be possible to exclude the server or avoid, unless disabling Shadow Reduncancy.
I can only come up with these 3 things that will have a "direct" impact on the environment, but any input will be highly appreciated!
BR,
MartinHi,
I agree with Li Zhen’s suggestion. If you don’t migrate from Exchange 2010 to Exchange 2013, we can disable add services in Exchange 2013 and don’t use it any more.
If you want that the Exchange 2013 server will not have any “visible” impact on the Exchange 2010 environment, or take over any functionality, please keep the published server to pointed to Exchange 2010. Then the original configuration in Exchange 2010
would not be changed to the new configuration in Exchange 2013.
If you want to use Exchange 2013, then we can point the published server to Exchange 2013 and configure the virtual directories in Exchange 2013. Though all mailboxes are still located in Exchange 2010, all external requests would be proxy or redirected
from CAS 2013 TO CAS 2010 automatically.
For more information about Client Connectivity in an Exchange 2013 Coexistence Environment, please refer to:
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Regards,
Winnie Liang
TechNet Community Support -
2010 UK Primavera User Conference - Book NOW!
Leading Oracle Primavera UK representatives, Milestone and ForgeTrack, with the support of Oracle Primavera Global Business Unit and UK Oracle User Group are pleased to announce that together we are hosting the 2010 UK Primavera User Conference.
The event will take place Thursday 20th May 2010 at The National Motor Cycle Museum, Birmingham UK
The conference has an exciting agenda, including the following:
- Opening address by Dick Faris, SVP – Products, Primavera GBU
- Primavera “Latest Releases and Road Ahead” sessions
- Multiple streaming sessions throughout the day
- Customer Case Studies
- Hot-fork Buffet lunch
- Guest Speaker - Benedict Allen, Pioneering Explorer, Author & TV Filmmaker
- Exhibition Area – see the latest added-value applications for Primavera
- Post-conference drinks reception with visit to museum
The cost to attend the event will be £100 + VAT per delegate.
REGISTER ONLINE AT http://www.milestoneuk.com/seminars/2010-uk-primavera-user-conference-book-now.htmlHi,
I agree with Li Zhen’s suggestion. If you don’t migrate from Exchange 2010 to Exchange 2013, we can disable add services in Exchange 2013 and don’t use it any more.
If you want that the Exchange 2013 server will not have any “visible” impact on the Exchange 2010 environment, or take over any functionality, please keep the published server to pointed to Exchange 2010. Then the original configuration in Exchange 2010
would not be changed to the new configuration in Exchange 2013.
If you want to use Exchange 2013, then we can point the published server to Exchange 2013 and configure the virtual directories in Exchange 2013. Though all mailboxes are still located in Exchange 2010, all external requests would be proxy or redirected
from CAS 2013 TO CAS 2010 automatically.
For more information about Client Connectivity in an Exchange 2013 Coexistence Environment, please refer to:
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
Regards,
Winnie Liang
TechNet Community Support -
Issues with cross-site CAS redirect of OWA users
Hi,
I am having an issue with our CAS servers, possibly since upgrading to SP3 (I am not 100% if the upgrade caused it). We are currently on Exchange 2010 SP3 RU4.
I have tested logging into OWA on each CAS server with a mailbox from the same site as the CAS, and it works fine.
But if I am using a mailbox from the opposing site, I get this scenario:
1. User reaches site 1 CAS server
2. User logs into site 1 CAS server with a site 2 mailbox
3. Site 1 CAS server redirects the user to another form authentication on a site 2 CAS with this URL:
https://Site2CAS.domain.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fSite2CAS.domain.com%2fowa%2fping.owa
4. User again fills out the form to log in
5. User gets a blank page with this URL:
https://Site2CAS.domain.com/owa/ping.owa
The workaround is that the user then can get their inbox page to load by deleting out the "ping.owa" from the URL. But obviously this is not the intended user experience.
The redirect would apparently work fine if it wasn't for the addition of this "ping.owa" to the URL. Although I would prefer the user only have to fill the forms authentication out once, the main problem is the blank page.
ThanksRule of the GAME
For scenario:
CAS Array in Internet Facing AD Site and CAS Array in non Internet facing AD site
It will be CAS Proxy and NOT Redirection
TO force exchange to use Redirection only, set external URL in non Internet facing site CAS as $Null
Internet Facing Site
Internal URL= CAS NLB internal FQDN for that site CAS Array
External URL= CAS NLB Alias published in external DNS
Authentication= Form Based with Basic Auth
Non Internet Facing Site
Internal URL= CAS NLB internal FQDN for that site CAS array
External URL= Null
Authentication= NON Form Based (Integrated Windows Auth)
Thats All
Understanding Proxying and Redirection
http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
Thanks,
Soumen
Soumen Ghosh -
How to redirect CAS servers to a new manager
Hi Guys,
We have deployed some CAS servers into our network and was managed by a 3310 NAM. Due to its limitation we decided to replace this with a 3350 NAM but didn't realize to disconnect the CAS servers to the old 3310 NAM. Now we are having issues redirecting these CAS servers to the new 3350 NAM.
Please let us know how we can deal with it. Thanks in advanceThe NAC Servers get their configuration from the NAC Manager at every reboot. If the old NAC Manager is offline and you reboot the NAC Server, can you add the NAC Server to the new NAC Manager?
-Dan Laden -
Hi there,
I have clients look up via the 5.2p4 proxy pair. Currently I have a single group which directs an app user to a single ldap master pair. I now have more DITs on new masters and I want the proxy to redirect client searches based upon the BIND, I know proxy can do this.
Ive struggled to get on a proxy course as they very rarely run, can anybody point me in the direction for configuring this please?
Also, has anybody ever used a proxy setup (currently we have a load balanced pair of high spec X4200's) to handle connections in the region of 15K per second?
Any help would be appreciated.
thanks
Andy HolmesHi
Arp is used to obtain a mac address from an IP address. For a machine to send a packet to another machine on the same network it needs to obtain the mac-address of that machine.
Now lets say you have this statement on your pix
static (inside,outside) 206.156.17.1 192.168.1.2 netmask 255.255.255.255
which says present the internal address of 192.168.1.2 as a public ip address 206.156.17.1 to users on the outside of the pix.
Proxy arp allows the pix to respond to arp requests for hosts behind it. So when an arp request is made for 206.156.17.1 the pix will respond with it's own mac-address, receive the IP packets and forward them on to the internal host 192.168.1.2.
Without proxy arp outside hosts would not be able to reach the 192.168.1.2 server.
HTH
Jon -
Reverse proxy redirecting not proxying
I'm having trouble getting a reverse proxy to work as I expected it to.
Scenario;
Webserver 7 u 3 installed on host1.domain.com, instance listening on 8080
Reverse proxy point configured for /agentsample -> http://host2.otherdomain.com:8080
Now when I go to http://host1.domain.com:8080/agentsample two redirects occur, first is back to itself, then a second redirect to http://host2.otherdimain.com:8080/agentsample. This is where I have a problem, why am I being redirected, and not proxied?
Furthermore, if I set the webserver7 up to be on port 80, crate a proxy for /agentsampe -> http://host2.otherdomain.com:8080 and then browse to http://host1.domain.com/agentsample I get redirected to http://host2.otherdomain.com/agentsample (which won't connect).
So, does anyone know why this isn't working? I have other proxy points configed on host2.domain.com /idm -> http://host3.otherdomain.com:8202 for example, it works as expected, browsing to http://host2.domain.com:8080/idm gives me the page contect from host2.otherdomain.com but with the host2.domain.com URL - true proxying, no redirects.
Any assistance appreciated.hi there,
i'm getting the same redirecting behaviour with web server 7, update 3.
the obj.conf says:
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/sun/webserver7/lib/icons" name="es-internal"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index-j2ee"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
PathCheck fn=validate_session_policy
ObjectType fn="type-j2ee"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="send-precompressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>and the instance specific obj.conf says: ( with additions from the opensso web agent )
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/opt/sun/webserver7/lib/icons" name="es-internal"
NameTrans fn="map" from="/testapp" name="reverse-proxy-/testapp" to="http:/testapp"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index-j2ee"
PathCheck fn="find-index" index-names="index.html,home.html,index.jsp"
PathCheck fn="validate_session_policy"
ObjectType fn="type-j2ee"
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"
Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"
Service method="TRACE" fn="service-trace"
Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
<Object name="j2ee">
Service fn="service-j2ee" method="*"
</Object>
<Object name="es-internal">
PathCheck fn="check-acl" acl="es-internal"
</Object>
<Object name="cgi">
ObjectType fn="force-type" type="magnus-internal/cgi"
Service fn="send-cgi"
</Object>
<Object name="send-precompressed">
PathCheck fn="find-compressed"
</Object>
<Object name="compress-on-demand">
Output fn="insert-filter" filter="http-compression"
</Object>
<Object ppath="http:*">
Service fn="proxy-retrieve" method="*"
</Object>
<Object ppath="*/UpdateAgentCacheServlet*">
Service type="text/*" method="(POST)" fn="process_notification"
</Object>
<Object ppath="*/dummypost/sunpostpreserve*">
Service type="text/*" method="(GET)" fn="append_post_data"
</Object>
<Object name="reverse-proxy-/testapp">
Route fn="set-origin-server" server="sunagent.mydomain.com:8080"
</Object>the behaviour can be observed thusly in the http headers ( thank you livehttpheaders firefox plugin..)
http://sunproxy.mydomain.com/testapp/index.html
GET /testapp/index.html HTTP/1.1
Host: sunproxy.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.x 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 26 Nov 2008 06:49:09 GMT
Location: http://sunsso.mydomain.com:80/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Content-Length: 0
http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
GET /opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html HTTP/1.1
Host: sunsso.mydomain.com:80
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.x 200 OK
Date: Wed, 26 Nov 2008 06:53:00 GMT
Cache-Control: private
Pragma: no-cache
Expires: 0
X-DSAMEVersion: 8.0 (2008-July-21 07:32)
AM_CLIENT_TYPE: genericHTML
Set-Cookie: AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; Domain=.mydomain.com; Path=/
Set-Cookie: amlbcookie=01; Domain=.mydomain.com; Path=/
Set-Cookie: JSESSIONID=D33E12C33D3B30A0905FFCA1A4D77561; Path=/opensso
Content-Type: text/html;charset=UTF-8
Connection: close
Transfer-Encoding: chunked
http://sunsso.mydomain.com/opensso/UI/Login?AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
POST /opensso/UI/Login?AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23 HTTP/1.1
Host: sunsso.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Cookie: JSESSIONID=D33E12C33D3B30A0905FFCA1A4D77561; AMAuthCookie=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; amlbcookie=01
Content-Type: application/x-www-form-urlencoded
Content-Length: 193
IDToken0=&IDToken1=amp_business_manager&IDToken2=amp_business_manager&IDButton=Log+In&goto=aHR0cDovL3N1bnByb3h5LnRob3VnaHR3b3Jrcy5jb206ODAvdGVzdGFwcC9pbmRleC5odG1s&encoded=true&gx_charset=UTF-8
HTTP/1.x 302 Moved Temporarily
Date: Wed, 26 Nov 2008 06:53:13 GMT
Cache-Control: private
Pragma: no-cache
Expires: 0
X-DSAMEVersion: 8.0 (2008-July-21 07:32)
AM_CLIENT_TYPE: genericHTML
X-AuthErrorCode: 0
Set-Cookie: iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23; Domain=.mydomain.com; Path=/
Set-Cookie: AMAuthCookie=LOGOUT; Domain=.mydomain.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Location: http://sunproxy.mydomain.com:80/testapp/index.html
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8
http://sunproxy.mydomain.com/testapp/index.html
GET /testapp/index.html HTTP/1.1
Host: sunproxy.mydomain.com:80
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Wed, 26 Nov 2008 06:49:22 GMT
Location: http://sunagent.mydomain.com:80/testapp/index.html
Content-Length: 0
Via: 1.1 https-sunproxy.mydomain.com
Proxy-agent: Sun-Java-System-Web-Server/7.0
http://sunagent.mydomain.com/testapp/index.html
GET /testapp/index.html HTTP/1.1
Host: sunagent.mydomain.com:80
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunsso.mydomain.com/opensso/UI/Login?goto=http%3A%2F%2Fsunproxy.mydomain.com%3A80%2Ftestapp%2Findex.html
Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 200 OK
Date: Wed, 26 Nov 2008 06:53:44 GMT
Set-Cookie: JSESSIONID=68F78AD040184A4F9368D636243B2C70; Path=/testapp
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 3687
Connection: close
http://sunagent.mydomain.com/testapp/images/banner.jpg;jsessionid=68F78AD040184A4F9368D636243B2C70
GET /testapp/images/banner.jpg;jsessionid=68F78AD040184A4F9368D636243B2C70 HTTP/1.1
Host: sunagent.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://sunagent.mydomain.com/testapp/index.html
Cookie: JSESSIONID=68F78AD040184A4F9368D636243B2C70; amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 200 OK
Date: Wed, 26 Nov 2008 06:53:45 GMT
Etag: W/"49462-1226285588000"
Last-Modified: Mon, 10 Nov 2008 02:53:08 GMT
Content-Type: image/jpeg
Content-Length: 49462
Connection: close
http://sunagent.mydomain.com/favicon.ico
GET /favicon.ico HTTP/1.1
Host: sunagent.mydomain.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.4) Gecko/2008111217 Fedora/3.0.4-1.fc9 Firefox/3.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: amlbcookie=01; iPlanetDirectoryPro=AQIC5wM2LY4SfcyANye01dpdxmpwm4JviJusoORmambL5kU%3D%40AAJTSQACMDE%3D%23
HTTP/1.x 404 Not Found
Date: Wed, 26 Nov 2008 06:53:48 GMT
Set-Cookie: JSESSIONID=1A8BE19023EF620D6822C0DABCEEF838; Path=/
Content-Type: text/html;charset=utf-8
Content-Length: 988
Connection: close
---------------------------------------------------------- -
Exchange 2013 MB/CAS integration with legacy Exchange 2007 CAS/MB/Trans server
Hi All,
I have an existing running Exchange 2007 SP3 RU13 server acting as MB,CAS,Transport using a Barracuda SPAM for SMTP (MX Record is assigned to here), and a TMG2010 server performing all ActiveSync, Outlook Anywhere, and OWA connectivity.
I have built a new Exchange 2013 SP1 server that will (for the meantime) act as a MB & CAS server only.
I successfully migrated a testuser mailbox to the new EX2013 server from the EX2007 server. The problem is that once migrated, OWA and Outlook can't access the mailbox.
OWA form our URL gives the message: Outlook Web Access is currently unavailable. If the problem continues, contact technical support for your organization and tell them the following: No Client Access servers of the appropriate version can be accessed from
the Internet
If I run OWA from the EX2013 URL it works ok, but not for MBs on the EX2007 server.
I tested this configuration in a VM lab and it worked ok. All I had to do was move the mailbox, then run Outlook. Outlook automatically found the new server and opened the MB.
Basically what I need to do is move all our existing MBs from the old 2007 server to the new 2013 server. I want to continue to use the exisiting transport/CAS/EDGE services on 2007 without having to rebuild both the internal and external comunications
infrastructure at the present time.
How can I get the EX2013 server to act as the MB server for the EX2007 communications infrastructure?Hi,
Please try to create a new user on Exchange 2013, and send/receive email via both Outlook and OWA to test whether the Exchange 2013 mail flow well.
If Exchange 2013 works well, please try to bypass the TMG on Exchange 2007 for a little while for testing.
Additionally, we can use CAS 2013 URL to proxy/redirect previous CAS, or publish both CAS 2007 and CAS 2013 to be internet facing server with separate URLs, as Ed suggested.
Thanks
Mavis Huang
TechNet Community Support -
Two CAS Servers on the same domain but different AD Sites
I have a customer that has 1 EXCH MB server & 1 EXCH server running the Hub Transport and Client Access roles. These two servers are in the same domain and reside in AD site A. Now he wants AD Site B (also in the same domain) to have 1 EXCH MB server
& 1 EXCH server running the HUB/CAS role. The problem is the CAS role in site A is the only one that is public interfacing. The CAS server in site B has not certificates at all, and I want all the mail to re-route to the CAS server in Site A. Does anyone
know how I can do that???The CAS in the internet facing site will proxy to the CAS in the non-internet facing site. And you do have a cert on that CAS in Site B. The default built-in one. However, if you have clients in Site B, you should replace that built-in cert with one that
is trusted by clients such as Outlook and Lync etc...It doesnt have to be a 3rd party cert, it could be on that is trusted internally.
http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
Understanding Proxying and Redirection
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.
Maybe you are looking for
-
My iPhone 5 is not recognized in iTunes 11
my iPhone 5 is not recognized in iTunes 11?
-
My MacBook pro refuses to work with my Kodak esp 3.2s?
i have bought a MacBook over a month ago i have got it checked out their are no issues with it what so ever. However the Kodak printer i have tried connecting wireless but still will not work even when i try to use t with a wired connection it still
-
How do you get rid of App Store app update notice when there are no apps to be updated?
As you can see below, I have the notification saying 8 updates yet there are no apps to update. Anyone know how I can fix this??
-
Variable Length Files and ABAP
I have a comma delimited file that is of a variable length. The first 5 fields are fixed, but then I have a counter field and then 2 fields that repeat for each counter. So if the counter field was 3, Id have 6 additional fields, but if the counter
-
Satellite L450 - How to view streamed content on an old TV?
Hi Wondering if anyone can help. I have a Satellite L4500-13x and would like to know if it is possible to view streamed content on an old TV from my laptop eg YouTube. My TV has only got an RCA input. I have an external monitor port on laptop and don