Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

OWA issues with Exchange 2003 to 2007 migration

Posted on 2008-06-24
9
Medium Priority
?
930 Views
Last Modified: 2008-06-25
We are in the middle of a migration from Exchange 2003 to 2007.  The migration is probably going to take the next two weeks, and we would like users to have access to OWA during this time regardless of where their mailbox resides.  Currently we have:

    * 1 Exchange 2003 FE server
    * 3 Exchange 2003 BE servers
    * 1 Exchange 2007 server with Mailbox, Hub Transport, and Client Access roles
    * 1 Exchange 2007 server with Mailbox and Hub Transport roles

I have moved some mailboxes of former users to one of the 2007 servers for testing.  I have shut down the FE server and added its IP address to the Exchange 2007 CA Server.  Now from the internet I can access https://webmail.company.com/owa to get to mailboxes on the 2007 server.  I cannot get to the mailboxes on my 2003 BE servers.  I expected that though, and according to the documentation I've read, I need to hit the /exchange folder instead to be redirected properly.  I tried that, and I get an internet explorer Page Not Found error.  I also tried accessing https://fqdn/exchange locally and after supplying credentials, I also get the Page Not Found error.  Any ideas on how I can get this working for both 2003 and 2007 mailboxes?  I should add that we can't really afford any additional hardware/licenses for this.  Thanks!
0
Comment
Question by:CoventryFirst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21856738
Does the CAS server you are forwarding incoming http traffic to actually have an Exchange Virtual Directory?  See if you can see it listed in IIS manager.  If it's there, what happens if you right-click it, and select Browse... ?
0
 

Author Comment

by:CoventryFirst
ID: 21857077
The exchange folder does exist in IIS.  If I right-click and select browse it tells me that I must view it over a secure channel by typing in https.  That's not too surprising as I have SSL required on the entire site.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21857177
If you look at your current IIS Log File, can you see any GET requests for /Exchange that result in the 404 (not found) status?

Also, if your Exchange VDir has Forms-based Auth enabled, you will get a confusing Not Found error if Active Server Pages are not installed on the server, or the Active Server Pages Web Extension is disabled in IIS Manager.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:CoventryFirst
ID: 21857210
I removed the SSL requirement for only the exchange folder and now things have changed.  If I use the address http://webmail.companyname.com/exchange, I get a login box.  If I enter the credentials for a user with a 2003 mailbox, it asks for my credentials again.  Once I enter them again, I am presented with the original OWA 2003 interface.  If I enter the credentials for a user with a 2007 mailbox, it asks for my credentials again, and redirects me to the server on which my mailbox is located.  It then asks for my credentials a third time and finally redirects me to the https://fqdn.com/owa site and the OWA 2007 interface.  The problem now is:

-Users should not have to logon 3 times to get to 2007
-The certificate used for SSL on 2007 is for webmail.company.com, so once the user get to the OWA 2007 interface they get a certificate error
-All communication should be SSL

Any ideas?
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21857317
First thing is to check is that the authentication schemes on your OWA and Exchange VDirs have the same settings.  For example, if one has Basic and the other Integrated, then you will need to log in again as you get transferred from one to the other.  Having Forms-based auth enabled on both/either will add further complication since the auth cookies will not work across the two VDirs (I assume!).  The fact that disabling SSL helped makes me think that you do have FBA enabled on at least the Exchange VDir.  If you're going to use FBA on Exchange, look in the Web Service Extensions container in IIS Manager, and make sure that Active Server Pages is allowed.
0
 

Author Comment

by:CoventryFirst
ID: 21858344
I don't have FBA enabled on either site.  The exchange vdir has both intergrated and basic enabled.  I unchecked basic and that didn't seem to change anything.  I should also mention that if I try to access http://webmail.compnay.com/exchange from outside of the internal network, the referral to other servers fails since the fqdn of our servers doesn't resolve to anything on the internet.
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 1500 total points
ID: 21861316
When you say you don't have FBA enabled on either site, do you mean that you don't have FBA enabled on either /owa or /exchange on the CAS server?  I'm assuming that's what you meant, but I need to check, because it's important, and technically /owa and /exchange are two Virtual Directories within the same site.

Anyway, having assumed that, can you look at the authentication requirements on the /owa VDir in your EMC.  Note whether Integrated and/or Basic is enabled, and then look at the /Exchange VDir under the WebDAV settings.  Make sure that the authentication requirements are exactly the same.

Also note that if you go to http://servername/owa , and then get redirected to /exchange , if the servername part in your IE address bar has changed, then it will not know that it is supposed to use the same credentials, and it will ask you to log in again.
0
 

Author Comment

by:CoventryFirst
ID: 21865047
Thanks for your input Lee.  Unfortunately this is already taking longer than our time table allows for, so we are implementing an alternate solution.  We are going to have a separate webmail address for those people that have been moved over to 2007 until everyone is moved.  Then we will point both webmail addresses to the new CA server.  Users will be notified when their mailbox is moved.  

Thanks again.  I will accept your most recent comment as the solution.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21865065
Okay, thanks.  Sorry we ran out of time.  Let me know if you need any more help with it.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question