Supportability for multiple OWA/ Exchange Web Sites on Client Access Servers in Exchange Server 2007 and Exchange Server 2007 Service Pack 1


Customers frequently ask Exchange Customer Support Services (CSS) engineers how Exchange Server organizations can be managed using multiple Web sites for Exchange Server-related virtual directories.  This is often used for segmentation purposes or for access by certain applications, apart from Web users. 

Microsoft Hosted Messaging and Collaboration (HMC) solutions are available for customers with a need to manage multiple Exchange "organizations" from the same platform.  However, many customers simply wish to use existing hardware and software without using an HMC solution.

With non-HMC solutions, Microsoft Exchange Server 2007 and Microsoft Exchange Server 2007 Service Pack 1 have some limitations in configuring Outlook Web Access and other Exchange Server-related virtual directories.  The following outlines the general supportability guidelines for Microsoft Exchange Server 2007 with and without Service Pack 1.

  1. If you are using Forms-Based Authentication for your /OWA and/or legacy (/Exchange and /ExchWeb) virtual directories, Microsoft supports a single Web site per Client Access Server. Further, the /OWA and legacy virtual directories must be in the same Application Pool (AppPool).
  2. If you do not use Forms-Based Authentication, you can use as many Exchange Server-related Web sites as needed for your organization. 
    However, Microsoft recommends that you use a Microsoft ISA Server 2006 server to handle Forms-Based Authentication for your various Web sites, in this circumstance.
  3. If Forms-Based Authentication must be used on the Exchange Server 2007 computer *and legacy virtual directories are not used*, you can use multiple Application Pools (AppPools) for each Web site. 
    Note:  Lack of legacy virtual directories will prevent proxy to Exchange Server 2003 mailbox servers and prevent Entourage clients from synchronizing with the Exchange Server using the Exchange service. 
  4. Outlook Anywhere (formerly known as RPC over HTTP) can only be set for a single Web site, per Client Access Server.  If you wish to use an approximation of a Hosted solution for Outlook Anywhere, it would have to be done using redirection per the following TechNet topic. 
    "Configure Client Access Servers": http://www.microsoft.com/technet/serviceproviders/hmc4/CMSU_HEFE_Deploy_PROC_Configure_the_Exchange_2007_Client_Access_Server.mspx?mfr=true

Troubleshooting using tracing and crash dumps to troubleshoot issues may not be conclusive in situations where multiple web sites are used in a non-HMC environment.  This may result in requests to stop the secondary web sites for verification of traces or crashes. Also, there is an additional issue around performance counters. In multiple Web site situations, they can give you unpredictable results. The reason for this is that they are not instanced on per-Web site basis and they will overwrite each other's values, making them unpredictable.

In situations where Forms-Based Authentication must be used on the Exchange Server virtual directories, and cannot be offloaded to ISA Server 2006, but multiple Web sites are required with the same or similar virtual directories, a second Client Access Server dedicated to the second Web site or an HMC solution is recommended.

- Will Duff


Share this post :

Comments (7)
  1. Darryl says:

    I work at a Firm that wants everything redundant.  No single points of failure. So in light this fact, can two CAS servers in a load balanced configuration sit behind a ISA2006 NLB Array reverse proxy setup for OWA access purposes?

    Thanks..

  2. Tony Q. says:

    Not related but maybe one of you can answer my question.

    Do I need to upgrade the schema for Windows 2008 in order to install win2k8 and Ex2k7 SP1? I already got the schema ready for SP1 but do I need to extend the schema for a windows 2008 member server? All my DCs will remain 2k3 for a while and will it be fine if I have one 2008 server with Exch 2k7sp1 on one domain and a 2003 server with Exch 2k7sp1 on another domain same forest.

    Thanks

  3. Dmitri Gaikovoi says:

    HMC does not have support for multiple OWA sites. It has guidline how to setup default one, and how to setup Autodiscover to support multiple domains by redirecting incoming requests to single URL (this procedure is well documented in Exchange 2007 Autodiscover white-paper ;-).

    Outlook Anywhere can be set for second (third, etc.) web site on the same CAS server by follow procedure:

    1. Save Default Web Site config to XML file

    2. On second web site create RPC virtual directory using saved configuration from step 1

    3. Export configuration object for "Rpc (Default Web Site)" from AD to text file using ldifde. Object DN is CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=CAS_server,CN=Servers, CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=…

    4. Update file to reflect name of the second IIS web site

    5. Use ldifde to create new object in AD.

  4. Will Duff says:

    Darryl, I checked with the ISA team and their answer was:

    ————

    YES, if you have multiple Exchange Front End/CAS servers you can create a server farm on ISA. The topic, "Publishing Exchange Server 2007 with ISA Server 2006" has documentation about that at http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx.  The topic below was an example they provided.

    Create a server farm (optional)

    When you have more than one Exchange front-end server, you can use ISA Server to provide load balancing for these servers. This will enable you to publish the Web site once, instead of having to run the wizard multiple times. Also, this eliminates the need for a third-party product to load balance a Web site. If one of the servers is unavailable, ISA Server detects that the server is not available and directs users to servers that are working. ISA Server verifies on regular intervals that the servers that are members of the server farm are functioning.

  5. Darryl says:

    Will,  Thanks for the info.  Kind of makes sense.  My main concern was maintaining session afinity.  Thanks again.

  6. Derek Osborne says:

    Is it possible to redirect
    http://cname to https://nlbname/owa in a configuration where two CAS servers are loadbalanced via NLB. I am looking to allow users to access OWA by typing
    http://webmail into their browser. THis is for internal use only.

  7. Peter says:

    Dmitri Gaikovoi !

    will it work with 2 default wesites (on difrent ip-adress)

    so that the clients can have dirrent owa/rpc/autodiscover adresses

Comments are closed.

Skip to main content