Blog Post

Exchange Team Blog
15 MIN READ

Transitioning Client Access to Exchange Server 2010

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Nov 20, 2009
NOTE: This article has been updated to correct the MSAS URLs mentioned in this article. By now most of you have heard about the release of Exchange 2010.  Those of you that are upgrading from Ex...
Published Nov 20, 2009
Version 1.0
Deleted's avatar
Deleted
Nov 28, 2009
Great post!  Thanks for your continued effort to spoon feed us through this blog.  :)



Down to business…


From my first Exchange 2010 deployment to the end of your blog post, I’m still not clear on the need for this second namespace and the difficulties it brings me.



I’m using expensive VeriSign Extended Validation certificates and training my users to ensure they see the green bar before logging in.  Your secondary name space gives me two (2) options.  Either buy a second set of ridiculously expensive certificates or educate

my users to expect a missing ‘Green Bar’ temporarily until they are upgraded to 2010 (I’d still have to buy some cheap cert for the legacy.mycompany.com FQDN).



For me, neither option seems like a good one.  I can’t justify the expense of duplicate certificates and I can’t convince myself to go out and reverse-educate users counter to all of our ‘Green Bar’ hammering over the past few years.



One last note, all of my users are external, as I’ve deployed my Exchange 2007 and 2010 in a data centre that’s always remote to my entire user base.  I’m using ISA 2006 SP1 and TMG 2010 with Forms Based Authentication (FBA) in front of everything.



So here’s what I’m thinking.   From your post, you confirm that Ex2010 CAS is happy to help me to proxy OAS, EAS, and “WS” - which I think means Exchange Web Service (EWS).   To me this means only OWA is going to be left without proxy, from the 2010CAS to the

2007CAS, thereby needing that separate external URL.  Since you’ve conveniently dropped the ‘Office’ from the name ‘Outlook Web App’ in Exchange 2010, and ‘Office Outlook Web Access’ just goes better with a /OOWA URL anyway, why not use ISA/TMG to publish

https://mycompany.com/OWA (Outlook Web App) and /ECP (Exchange Control Panel) to the Ex2010 CAS and leave

https://mycompany.com/OOWA (Office Outlook Web Access) where it belongs on the Ex2007 CAS.


We already know some legacy devices don’t like redirection on EAS, so let’s just remove the External URL for EAS from the Ex2007 CAS and let Ex2010 CAS do the proxying for that and for Outlook Anywhere.



I’ve done this already in my production environment and have yet to uncover anything that’s not working, but it’s only been running since the Friday after your WW release, so there’s still a chance some user will discover something before me.  Anything I need

to watch out for?