Solved

OWA issues with Exchange 2003 to 2007 migration

Posted on 2008-06-24
9
921 Views
Last Modified: 2008-06-25
We are in the middle of a migration from Exchange 2003 to 2007.  The migration is probably going to take the next two weeks, and we would like users to have access to OWA during this time regardless of where their mailbox resides.  Currently we have:

    * 1 Exchange 2003 FE server
    * 3 Exchange 2003 BE servers
    * 1 Exchange 2007 server with Mailbox, Hub Transport, and Client Access roles
    * 1 Exchange 2007 server with Mailbox and Hub Transport roles

I have moved some mailboxes of former users to one of the 2007 servers for testing.  I have shut down the FE server and added its IP address to the Exchange 2007 CA Server.  Now from the internet I can access https://webmail.company.com/owa to get to mailboxes on the 2007 server.  I cannot get to the mailboxes on my 2003 BE servers.  I expected that though, and according to the documentation I've read, I need to hit the /exchange folder instead to be redirected properly.  I tried that, and I get an internet explorer Page Not Found error.  I also tried accessing https://fqdn/exchange locally and after supplying credentials, I also get the Page Not Found error.  Any ideas on how I can get this working for both 2003 and 2007 mailboxes?  I should add that we can't really afford any additional hardware/licenses for this.  Thanks!
0
Comment
Question by:CoventryFirst
  • 5
  • 4
9 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21856738
Does the CAS server you are forwarding incoming http traffic to actually have an Exchange Virtual Directory?  See if you can see it listed in IIS manager.  If it's there, what happens if you right-click it, and select Browse... ?
0
 

Author Comment

by:CoventryFirst
ID: 21857077
The exchange folder does exist in IIS.  If I right-click and select browse it tells me that I must view it over a secure channel by typing in https.  That's not too surprising as I have SSL required on the entire site.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21857177
If you look at your current IIS Log File, can you see any GET requests for /Exchange that result in the 404 (not found) status?

Also, if your Exchange VDir has Forms-based Auth enabled, you will get a confusing Not Found error if Active Server Pages are not installed on the server, or the Active Server Pages Web Extension is disabled in IIS Manager.
0
 

Author Comment

by:CoventryFirst
ID: 21857210
I removed the SSL requirement for only the exchange folder and now things have changed.  If I use the address http://webmail.companyname.com/exchange, I get a login box.  If I enter the credentials for a user with a 2003 mailbox, it asks for my credentials again.  Once I enter them again, I am presented with the original OWA 2003 interface.  If I enter the credentials for a user with a 2007 mailbox, it asks for my credentials again, and redirects me to the server on which my mailbox is located.  It then asks for my credentials a third time and finally redirects me to the https://fqdn.com/owa site and the OWA 2007 interface.  The problem now is:

-Users should not have to logon 3 times to get to 2007
-The certificate used for SSL on 2007 is for webmail.company.com, so once the user get to the OWA 2007 interface they get a certificate error
-All communication should be SSL

Any ideas?
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21857317
First thing is to check is that the authentication schemes on your OWA and Exchange VDirs have the same settings.  For example, if one has Basic and the other Integrated, then you will need to log in again as you get transferred from one to the other.  Having Forms-based auth enabled on both/either will add further complication since the auth cookies will not work across the two VDirs (I assume!).  The fact that disabling SSL helped makes me think that you do have FBA enabled on at least the Exchange VDir.  If you're going to use FBA on Exchange, look in the Web Service Extensions container in IIS Manager, and make sure that Active Server Pages is allowed.
0
 

Author Comment

by:CoventryFirst
ID: 21858344
I don't have FBA enabled on either site.  The exchange vdir has both intergrated and basic enabled.  I unchecked basic and that didn't seem to change anything.  I should also mention that if I try to access http://webmail.compnay.com/exchange from outside of the internal network, the referral to other servers fails since the fqdn of our servers doesn't resolve to anything on the internet.
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
ID: 21861316
When you say you don't have FBA enabled on either site, do you mean that you don't have FBA enabled on either /owa or /exchange on the CAS server?  I'm assuming that's what you meant, but I need to check, because it's important, and technically /owa and /exchange are two Virtual Directories within the same site.

Anyway, having assumed that, can you look at the authentication requirements on the /owa VDir in your EMC.  Note whether Integrated and/or Basic is enabled, and then look at the /Exchange VDir under the WebDAV settings.  Make sure that the authentication requirements are exactly the same.

Also note that if you go to http://servername/owa , and then get redirected to /exchange , if the servername part in your IE address bar has changed, then it will not know that it is supposed to use the same credentials, and it will ask you to log in again.
0
 

Author Comment

by:CoventryFirst
ID: 21865047
Thanks for your input Lee.  Unfortunately this is already taking longer than our time table allows for, so we are implementing an alternate solution.  We are going to have a separate webmail address for those people that have been moved over to 2007 until everyone is moved.  Then we will point both webmail addresses to the new CA server.  Users will be notified when their mailbox is moved.  

Thanks again.  I will accept your most recent comment as the solution.
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 21865065
Okay, thanks.  Sorry we ran out of time.  Let me know if you need any more help with it.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now