Exchange virtual directory not working as it should

We have an existing Exchange 2003 environment, with an Front-End server and two back-end servers. We have introduced an Exchange 2007 server with the CA role, and another Exchange 2007 server with the Mailbox and Hub Transport roles.

We want all clients to access the CA for web access.  The /owa works OK for the 2007 mailboxes, but the 2007 mailbox users cannot login using the /exchange url.  I always get a "HTTP Error 403.4 - Forbidden: SSL is required to view this resource"
I am using SSL.

Also, the /exchange virtual directory is set for forms-based authentication, and the logon format is "user name only" as I have specified the domain name (we only have one domain), but I need to log in twice for the 2003 mailbox users.  If I specify DOMAIN\username, everything works OK.

The connectors and mailflow is otherwise working OK, just this web access problem.
jlee069Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

alshahnazCommented:
checkout this KB,

http://support.microsoft.com/kb/946957

Thanks,
Shan
0
jlee069Author Commented:
Thanks alshahnaz

I checked the kb, but this is when the mailbox is located on an Exchange 2003 server.  In my case, the mailbox is on the Exchange 2007 server.  I'm trying to use the CAS as my common front-end for both 2003 and 2007 mailboxes.

Access for 2003 mailboxes is fundamentally working, but not for the 2007 mailbox users.
0
alshahnazCommented:
is Integrated Windows authentication for /owa virtual directory selected ?. also enable Integrated Windows authentication for /Exchange virtual directory and try, it should work.

Thanks,
Shan
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

jlee069Author Commented:
Integrated Windows authentication is now selected for both exchange and owa virtual directories, still same problem.
0
alshahnazCommented:
i belive the reson why while u use /owa it works is because it is handled by the eprox.dl. whereahs when u use /exchange it handled by davex.dll . So when u use /exchange the davex.dll redirect exchange 2007 mailbox users to /owa diretry and that is where its failing.  
0
jlee069Author Commented:
I know davex is supposed to redirect to /owa,  I just don't know why it doesnt.
0
alshahnazCommented:
try deleteing the OWA directtory and recreate again

On your exchange server, open up the PowerShell command
2.) Type Get-OwaVirtualDirectory. This will list all of the virtual directories on any of the exchange servers currently in your domain.
3.) Type Remove-OwaVirtualDirectory -identity owa (Default Web Site). This will remove the OWA directory in about 10 to 30 seconds.
4.) Type New-OwaVirtualDirectory -OwaVersion Exchange20073 -Name owa (Default Web Site). This will create the Virtual Directory again.

Thanks,
Shan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jlee069Author Commented:
I finally figured out that I had to untick "Require secure channel (SSL)" on the 2007 mailbox server.  Thanks for your help on this anyway.  Justin
0
kevwitData Science Solutions ManagerCommented:
If you have this issue please check handler mappings under IIS 7 and under the exchange/exadmin/exchweb applications. I found on one server that a bunch were missing basically because .Net 1.1 was uninstalled. Some of the older DAV technology and legacy stuff still uses .Net 1.1, so I've seen a few times where removing .Net 1.1 (even if you have a good security reason to do so) isn't a good idea.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.