r Users in Visual C#

Generator PDF-417 2d barcode in Visual C# r Users

Outlook Anywhere Hostname: Mail.fabrikam.com Web Service URLs Mail.fabrikam.com/ews/.. Mail.fabrikam.com/oab/..

Outlook Anywhere Hostname: Failover.fabrikam.com Web Service URLs Failover.fabrikam.com/ews/.. Failover.fabrikam.com/oab/..

In this scenario the wildcard certificate allows Fabrikam to use a single namespace. The design will change slightly on Fabrikam s requirement to either try to use both datacenters actively, or treat Miami as a failover site. If Miami is only a failover site, it will be used only when all service is lost in Denver. In this case, the external DNS record for AutoDiscover needs to be updated to resolve to a Client Access server in Miami. Users accessing OWA with Mail.fabrikam.com will resolve via external DNS to a Client Access server in Denver. If externalURL is configured on the Client Access servers in Miami, users with mailboxes in Miami will be redirected. The other option is to leave externalURL

blank and proxy all requests, but this assumes that the correct authentication type, Windows Integrated, is enabled in each location. Users in Miami will have their Outlook Anywhere connections set to failover.fabrikam. com, but there will be no certificate warning because we changed the global setting for certprincipalname to *.fabrikam.com with the following Windows PowerShell cmdlet:

Note that during a move mailbox for user from Denver to Miami, the Outlook Anywhere connection may use a Client Access server in Denver and cross-site access the mailbox in Miami (and vice versa for moves in the opposite direction).

In this design we use the same configuration in both Denver and Miami. By doing this, we can only use this design for using Miami as a failover site. As you can see from the illustration in Figure 4-38, external DNS can only resolve to one site, so an administrator must manually update the DNS entries in a failover scenario. If Fabrikam could make this one Active Directory site, it s possible to make this configuration work for single database moves.

Certificate Priniciple Name: mail.fabrikam.com SAN Names: mail.fabrikam.com autodiscover.fabrikam.com Outlook Anywhere Hostname: mail.fabrikam.com Web Service URLs mail.fabrikam.com/ews/.. mail.fabrikam.com/oab/..

Certificate Priniciple Name: mail.fabrikam.com SAN Names: mail.fabrikam.com autodiscover.fabrikam.com Outlook Anywhere Hostname: mail.fabrikam.com Web Service URLs mail.fabrikam.com/ews/.. mail.fabrikam.com/oab/..

This configuration is very similar to the wildcard architecture except that it uses a certificate that supports SANs. The main reasons to use this design are the expense of using a wildcard certificate and also the maximized compatibility. Most newer clients work with wildcard certificates, but some older clients, such as Windows mobile 5.x and some Web browsers, may not work at all. The certificate must list all of the possible service points, and the subject name must be set to mail.fabrikam.com. By default the MSSTD setting matches the ExternalHostname when enabling Outlook Anywhere. For this architecture to work, we must change the global setting for certprincipalname to mail.fabrikam.com with the following Windows PowerShell cmdlet:

This way users will not get a certificate warning because the MSSTD setting matches the certificate principal name in both sites. Figure 4-39 shows this architecture.

Outlook 2003/2007 Configured: RPC Proxy End Point: mail.fabrikam.com (Denver Mailboxes) failover.fabrikam.com (Miami Mailboxes) Msstd:mail.fabrikam.com

Certificate Priniciple Name: mail.fabrikam.com SAN Names: mail.fabrikam.com failover.fabrikam.com autodiscover.fabrikam.com Outlook Anywhere Hostname: mail.fabrikam.com Web Service URLs mail.fabrikam.com/ews/.. mail.fabrikam.com/oab/..

Certificate Priniciple Name: mail.fabrikam.com SAN Names: mail.fabrikam.com failover.fabrikam.com autodiscover.fabrikam.com Outlook Anywhere Hostname: mail.fabrikam.com Web Service URLs mail.fabrikam.com/ews/.. mail.fabrikam.com/oab/..

In the event of a failover, Outlook Anywhere 2007/2010 users will not see that they are connecting to failover.fabrikam.com because this is automatically configured with AutoDiscover. Outlook 2003 users will not have to change their profiles because the mail.fabrikam.com end point they were using still exists as a SAN on the certificate and the Certificate Principal Name has not changed. In this case, it is possible that after a mailbox move or site failure the user will have a Client Access server that accesses his mailbox across sites. A total site failure in Denver would require administrators to reconfigure AutoDiscover and mail URLs to the Client Access servers in Miami.