What is 451 Redirect?
When the Exchange server is not able to access the user’s mailbox due to any reason or if there is more efficient server available to reach the user’s mailbox, then a 451 redirect error is returned. A more efficient Client Access server is determined based on Active Directory sites and whether a Client Access server is considered "Internet-facing." A client access server is considered to be internet facing if the ExternalUrl property on the Microsoft-Server-ActiveSync virtual directory is specified.
Note: If the user mailbox is not in the same Active Directory site as the Client Access server that is being accessed, there may be a Client Access server in the site with the mailbox server that has the ExternalUrl property set.
What does Secure Email Gateway (SEG) do during a 451 redirect?
When the Exchange server is not able to communicate with the device’s mailbox, it throws a 451 redirect error. The SEG receives this error and redirects the devices mailbox to communicate with the nearest possible CAS server as suggested by the Exchange server. The SEG is built to handle these redirects and prevents such errors to reach the device. This helps to maintain the device’s connection to SEG. It is important for SEG to handle these redirects or else the device would attempt to directly connect to the mail server specified in the redirect instead of connecting through SEG.
SEG caches the updated mail server endpoint for that specific device/mailbox combination and then routes all future requests to that endpoint. To view the current set of mappings on a given SEG server, navigate to http://localhost/microsoft-server-activesync/Diagnostic/UserDestinationMapping.aspx.
In the above figure: (1). The email client sends request to AD Site 1 via SEG server (2). The Exchange server throws a 451 Redirect Error (3). The SEG receives the 451 redirect error and silently redirects the email client to the new AD Site 2 (4). The Email Client receives the mails from the new AD Site 2.
Upon making an options request
OPTIONS /Microsoft-Server-ActiveSync Content-Type: application/vnd.ms-sync.wbxml MS-ASProtocolVersion: 14.0
The mail server responds with a 451 redirect
HTTP/1.1 451 Date: Tue, 08 Dec 2009 19:43:24 GMT Server: Microsoft-IIS/7.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 X-MS-Location: https://mail.contoso.com/Microsoft-Server-ActiveSync Cache-Control: private Content-Length: 0
If an X-MS-Location header is present in the response, all subsequent requests SHOULD use the URL specified within the X-MS-Location header.