RoboMunch
asked on
Exchange 2007 CAS not able to connect to 2003 backend
I'm doing a transition to Exchange 2007 from Exchange 2003 and I'm having a little trouble with the 2007 CAS. Here's the scenario
Previous environment
1 Exchange 2003 Front End server
1 Exchange 2003 Backend Server
I've installed the mailbox and hub transport rolls on a Server 2008 box, and installed the CAS roll on a Server 2003 box.
Current environment
1 Exchange 2003 Front End server
1 Exchange 2003 Backend server
1 Exchange 2007 CAS server
1 Exchange 2007 mailbox server
I'm leaving the Exchange 2003 FE server up until I get everything working on the 2007 box.
Here's the problem...when I try to access OWA (https://FQDN/exchange) on the Exchange 2007 CAS server I get the following results:
- If the user has a mailbox on the Exchange 2007 mailbox server, OWA comes up fine.
- If the user has a mailbox on the Exchange 2003 BE server, I get a "The website cannot display the page" error message in the browser. The URL is redirected to "https://fqdn/exchweb/bin/auth/owaauth.dll" when I get the message.
Any ideas? Thanks in advance!
Previous environment
1 Exchange 2003 Front End server
1 Exchange 2003 Backend Server
I've installed the mailbox and hub transport rolls on a Server 2008 box, and installed the CAS roll on a Server 2003 box.
Current environment
1 Exchange 2003 Front End server
1 Exchange 2003 Backend server
1 Exchange 2007 CAS server
1 Exchange 2007 mailbox server
I'm leaving the Exchange 2003 FE server up until I get everything working on the 2007 box.
Here's the problem...when I try to access OWA (https://FQDN/exchange) on the Exchange 2007 CAS server I get the following results:
- If the user has a mailbox on the Exchange 2007 mailbox server, OWA comes up fine.
- If the user has a mailbox on the Exchange 2003 BE server, I get a "The website cannot display the page" error message in the browser. The URL is redirected to "https://fqdn/exchweb/bin/auth/owaauth.dll" when I get the message.
Any ideas? Thanks in advance!
If none of your users are on E2k3 and you still want to work with E2k3 FE server.
You want o re-direct the request from FE server to E2k7 using /owa instead of /exchange (automatically)
This is explained in the link below.
http://www.amset.info/exchange/owa-defaultpage.asp
However, if you want the request to flow from E2k7 to E2k3 for OWA - i believe /exchange is what they should be looking at - unfortunately E2k7 does not re-direct any more - only version used is proxy client access request, hence both servers should be on the same platform for it to work.
Please feel free to get your queries answered by posting on this thread.
You want o re-direct the request from FE server to E2k7 using /owa instead of /exchange (automatically)
This is explained in the link below.
http://www.amset.info/exchange/owa-defaultpage.asp
However, if you want the request to flow from E2k7 to E2k3 for OWA - i believe /exchange is what they should be looking at - unfortunately E2k7 does not re-direct any more - only version used is proxy client access request, hence both servers should be on the same platform for it to work.
Please feel free to get your queries answered by posting on this thread.
ASKER
Thanks for the replies!
@Rudram - that's the exact scenario I have set up, however when we try to access http://exchange2007casname
@Exchange_Geek - You said that E2k7 doesn't ridirect any more, is that something that happened with SP1?
In this writeup, it sounded like it should work. Example #3 is the exact scenario (other than me still having the E2k3 FE server in place) we have now and it says it should work. http://msexchangeteam.com/
@Rudram - that's the exact scenario I have set up, however when we try to access http://exchange2007casname
@Exchange_Geek - You said that E2k7 doesn't ridirect any more, is that something that happened with SP1?
In this writeup, it sounded like it should work. Example #3 is the exact scenario (other than me still having the E2k3 FE server in place) we have now and it says it should work. http://msexchangeteam.com/
If you have a CAS only box, yes co-existense should work. Can you check your E2K7 CAS box IIS log and paste the relevant request
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
* Also could you post the hexadecimal error code (0x8******) that comes along with the "website cannot display the page" error
(^_^)
(^_^)
ASKER
Our intention is to phase out the E2k3 FE server, but that is the one everyone is using until l can solve this problem on the E2k7 CAS server.
If I didn't make it clear, I'm having the problem when I try to access OWA through the E2k7 CAS (FE) server. I'm trying to do exactly what Microsoft is saying should work, but it isn't. From the example:
If the your mailbox is on an E2007 server
* requests to /exchange on the CAS or Mailbox server will redirect the user to /owa. Authentication credentials transparently passed through. - Works
If your mailbox is on an E2003 server
* requests to /exchange or /public on a CAS will be proxied by exprox to /exchange or /public on the BE server and yield the OWA 2003 experience - Not working, I get the error mentioned in the OP
I hope all this makes sense, and thanks for the help!
If I didn't make it clear, I'm having the problem when I try to access OWA through the E2k7 CAS (FE) server. I'm trying to do exactly what Microsoft is saying should work, but it isn't. From the example:
If the your mailbox is on an E2007 server
* requests to /exchange on the CAS or Mailbox server will redirect the user to /owa. Authentication credentials transparently passed through. - Works
If your mailbox is on an E2003 server
* requests to /exchange or /public on a CAS will be proxied by exprox to /exchange or /public on the BE server and yield the OWA 2003 experience - Not working, I get the error mentioned in the OP
I hope all this makes sense, and thanks for the help!
1) Paste the request that is send from CAS to E2K3 BE from IIS log
2) Make sure SSL is not selected on default website, /exchange and /public on E2K3 BE as well as make sure Integrated authentication is selected on /exchange and /public. If you do any changes, iisreset.
2) Make sure SSL is not selected on default website, /exchange and /public on E2K3 BE as well as make sure Integrated authentication is selected on /exchange and /public. If you do any changes, iisreset.
ASKER
@abdulzis - Here's what I think is the relevant part of the log, the rest would be way too much to post...if you need more let me know:
2008-10-31 17:40:55 W3SVC1 192.168.110.22 POST /owa/auth/owaauth.dll - 443 - 192.168.108.71 Mozilla/4.0+(compatible;+M
2008-10-31 17:40:55 W3SVC1 192.168.110.22 GET /owa/8.1.291.1/themes/base
2008-10-31 17:40:55 W3SVC1 192.168.110.22 GET /exchange - 443 my.name@mydomain.com 192.168.108.71 Mozilla/4.0+(compatible;+M
2008-10-31 17:40:55 W3SVC1 192.168.110.22 GET /owa/8.1.291.1/scripts/pre
That's it, there's nothing after that. I checked the logs on the 2k3 box to see if the request might have gotten there, but can't find anything.
@Rudram - Where would I find that error?
2008-10-31 17:40:55 W3SVC1 192.168.110.22 POST /owa/auth/owaauth.dll - 443 - 192.168.108.71 Mozilla/4.0+(compatible;+M
2008-10-31 17:40:55 W3SVC1 192.168.110.22 GET /owa/8.1.291.1/themes/base
2008-10-31 17:40:55 W3SVC1 192.168.110.22 GET /exchange - 443 my.name@mydomain.com 192.168.108.71 Mozilla/4.0+(compatible;+M
2008-10-31 17:40:55 W3SVC1 192.168.110.22 GET /owa/8.1.291.1/scripts/pre
That's it, there's nothing after that. I checked the logs on the 2k3 box to see if the request might have gotten there, but can't find anything.
@Rudram - Where would I find that error?
* You can find that somewhere at the bottom of the page where its displayed
* Taking the below blog as a reference we could strike something:
http://groups.google.com/group/microsoft.public.exchange.admin/browse_thread/thread/d04819a0482a3241
http://groups.google.com/group/microsoft.public.exchange.admin/browse_thread/thread/d04819a0482a3241
Disabling HTTP Friendly Error Messages in Internet Explorer
http://technet.microsoft.com/en-us/library/cc778248.aspx
http://technet.microsoft.com/en-us/library/cc778248.aspx
ASKER
Sorry, but I can't find the error code. =/ I've even asked one of our developers to find and have him scratching his head.
"requests to /exchange or /public on a CAS will be proxied by exprox to /exchange or /public on the BE server and yield the OWA 2003 experience - Not working, I get the error mentioned in the OP"
If you go to ExchWeb - Bin - Auth - goto properties and check for application pool at the end - which pool do you see there ??
ExchangeApplicationPool or something else
I am talking about checking on the same box - whose name is being referred on
https://<servername>/exchweb/bin/a
If you go to ExchWeb - Bin - Auth - goto properties and check for application pool at the end - which pool do you see there ??
ExchangeApplicationPool or something else
I am talking about checking on the same box - whose name is being referred on
https://<servername>/exchweb/bin/a
Infact i came across this article, worth reading and of course checking on your box.
http://support.microsoft.com/kb/829167
http://support.microsoft.com/kb/829167
ASKER
Sorry for the delay in getting back. Turns out the problem was with the account I was testing with. It had a mailbox on the '03 server, but for some reason it wouldn't work...I had to delete/create the account in order for it to work.
https://www.experts-exchange.com/questions/23786098/front-end-Exchange-2007-for-OWA-with-a-exchange-2003-back-end.html
Good Luck (^_^)