jlee069
asked on
Exchange virtual directory not working as it should
We have an existing Exchange 2003 environment, with an Front-End server and two back-end servers. We have introduced an Exchange 2007 server with the CA role, and another Exchange 2007 server with the Mailbox and Hub Transport roles.
We want all clients to access the CA for web access. The /owa works OK for the 2007 mailboxes, but the 2007 mailbox users cannot login using the /exchange url. I always get a "HTTP Error 403.4 - Forbidden: SSL is required to view this resource"
I am using SSL.
Also, the /exchange virtual directory is set for forms-based authentication, and the logon format is "user name only" as I have specified the domain name (we only have one domain), but I need to log in twice for the 2003 mailbox users. If I specify DOMAIN\username, everything works OK.
The connectors and mailflow is otherwise working OK, just this web access problem.
We want all clients to access the CA for web access. The /owa works OK for the 2007 mailboxes, but the 2007 mailbox users cannot login using the /exchange url. I always get a "HTTP Error 403.4 - Forbidden: SSL is required to view this resource"
I am using SSL.
Also, the /exchange virtual directory is set for forms-based authentication, and the logon format is "user name only" as I have specified the domain name (we only have one domain), but I need to log in twice for the 2003 mailbox users. If I specify DOMAIN\username, everything works OK.
The connectors and mailflow is otherwise working OK, just this web access problem.
ASKER
Thanks alshahnaz
I checked the kb, but this is when the mailbox is located on an Exchange 2003 server. In my case, the mailbox is on the Exchange 2007 server. I'm trying to use the CAS as my common front-end for both 2003 and 2007 mailboxes.
Access for 2003 mailboxes is fundamentally working, but not for the 2007 mailbox users.
I checked the kb, but this is when the mailbox is located on an Exchange 2003 server. In my case, the mailbox is on the Exchange 2007 server. I'm trying to use the CAS as my common front-end for both 2003 and 2007 mailboxes.
Access for 2003 mailboxes is fundamentally working, but not for the 2007 mailbox users.
is Integrated Windows authentication for /owa virtual directory selected ?. also enable Integrated Windows authentication for /Exchange virtual directory and try, it should work.
Thanks,
Shan
Thanks,
Shan
ASKER
Integrated Windows authentication is now selected for both exchange and owa virtual directories, still same problem.
i belive the reson why while u use /owa it works is because it is handled by the eprox.dl. whereahs when u use /exchange it handled by davex.dll . So when u use /exchange the davex.dll redirect exchange 2007 mailbox users to /owa diretry and that is where its failing.
ASKER
I know davex is supposed to redirect to /owa, I just don't know why it doesnt.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I finally figured out that I had to untick "Require secure channel (SSL)" on the 2007 mailbox server. Thanks for your help on this anyway. Justin
If you have this issue please check handler mappings under IIS 7 and under the exchange/exadmin/exchweb applications. I found on one server that a bunch were missing basically because .Net 1.1 was uninstalled. Some of the older DAV technology and legacy stuff still uses .Net 1.1, so I've seen a few times where removing .Net 1.1 (even if you have a good security reason to do so) isn't a good idea.
http://support.microsoft.com/kb/946957
Thanks,
Shan