Exchange 2010 OWA FailbackURL when database is mounted in secondary datacenter

I want to share with you an interesting story

The Story

CONTOSO corporate has  a main data center in JFK with all mailboxes there. People use to access their outlook web app, and this points to JFK data center.

owa failbackurl 3232


You have a backup or recovery data center in LON. Now everything went down in JFK, and you have somehow get the databases mounted in LON data center.

You are thinking that you need to change the IP address of to point to LON data center so that users can continue working using owa.

owa failbackurl 34353


Now JFK site is back to normal and you changed the DNS entry for to point to the JFK CAS servers.

The problem

The client need to wait for the TTL for to expire (usually set the TTL to 5 minutes), and also after the cache expires, the browser will still cache the DNS entry for another 20 minutes.

So a loop will happen here as the browser will go to which will go to the secondary CAS NLB in LON data center because of the browser cache, and the secondary CAS array in LON will send an OWA redirection message “Hey… You should be using for best performance.” Because the mailbox is active in the primary site (JFK) now and the OWA ExternalURL for the primary CAS array (in JFK) is

The user may think “ODD, I just did log in at that site! Silly computer, let me log in again.”

owa failbackurl aaa333

The Solution : FailBackURL

Microsoft has added a nice option called FailbackURL and it works like this :

The second time the user logs in to, he will probably still hit the secondary CAS array servers because of their browser cache still isn’t updated. The secondary CAS array servers are intelligent enough to see this 2nd logon attempt (via a web canary) and then know “OH… this user’s DNS cache is old. They don’t know we failed back to the other datacenter. Send him the FailbackURL for the primary CAS servers.

The user is then prompted with a slightly different page with a “CONTINUE” button and it explains to them that the mailbox is in the process of being brought online in different datacenter. He clicks continue, which takes him to the FailbackURL (for example : They log in again and this time is successfully in OWA.

So the Secondary CAS array will detect if the primary CAS servers has the failbackURL configured, and if it is, it will redirect the client to it to end the loop. If there is no failbackURL configured, then the secondary CAS array will send an error page to the client indicating that he should close his browser and try again.


For this to work, you need to include the (which is the failbackURL for owa) to your CAS certificate SAN entries. You also need a DNS entry or Alias for to point to You can configure failbackurl using the Set-OwaVirtualDirectory


owa failbackurl 324444


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s