Blog Post

Exchange Team Blog
6 MIN READ

Overview of Exchange Server 2007 CAS Proxying and Redirection

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Sep 05, 2007
In a Microsoft Exchange Server 2007 organization, a computer that is running Exchange 2007 that has the Client Access Server role installed can act as a proxy for other Client Access Servers wit...
Updated Jul 01, 2019
Version 2.0
client access
Exchange 2007
Mobility
OWA
Deleted's avatar
Deleted
Sep 06, 2007
Hi Everyone,


It just so happens that Vandy is out on vacation so I was asked to stop by and address some of the questions popping up about the post.



CAS server in DMZ

It can work but don't do it.  But don't take my word for it, here's a quote from the PM for Front End Server:



Rahul Dhar said:

Hi Andrew,


You should NOT put CAS in the DMZ.  It's not a scenario we test, support, or recommend.  CAS isn't designed to live there.  ISA is designed to work in the DMZ.  You can put ISA there, and have it connect to the CAS in your internal network.



You can read the entire entry here:


http://msexchangeteam.com/archive/2007/02/07/434523.aspx



Jice and Craig


You are both right, that image isn't very clear on what is happening.  A CAS server will connect directly to the mailbox server on behalf of the user.  A CAS server may 'proxy' this request to another CAS server in the local site of the mailbox server but in

the case of Exchange 2003 it goes right for it.



In regards to the ISA question, if I understand you correctly, you are asking if ISA is able to determine a site 'affinity' and redirect clients to the appropriate CAS server.  To my knowledge, no.  ISA will publish the CAS server and the CAS server will handle

that.  I'm sure we'll hear all about it if I'm wrong so stay tuned for any updates on that one and please correct me if I'm not understanding your question.



Elan


If I follow you correctly, yes you appear to understand how this works.  I'm sure you have read plenty of blogs and technet articles already but this may help if you don't mind me dropping down a few links:



How to Configure Exchange Services for the Autodiscover Service

http://technet.microsoft.com/en-us/library/bb201695.aspx



White Paper: Exchange 2007 Autodiscover Service

http://technet.microsoft.com/en-us/library/bb332063.aspx



Of course this leads to the certificates can of worms:


Exchange 2007 Autodiscover and certificates

http://msexchangeteam.com/archive/2007/04/30/438249.aspx



and this is one of the best articles ever written in the history of mankind.  The authors of this are clearly brilliant and good looking:


More on Exchange 2007 and certificates - with real world scenarios

http://msexchangeteam.com/archive/2007/07/02/445698.aspx