[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2007 OWA co-existence with Exchange 2003

Posted on 2009-04-24
23
Medium Priority
?
1,023 Views
Last Modified: 2012-05-06
I installed Exchange 2007 SP1 on Windows 2008 server.  I have not moved any users yet from the 2003 server.  I have some questions about the Outlook web access.  

Currently, the way it's setup, users go to http://mail.domain.com and they're automatically redirected to the HTTPS Outlook web access (internally and externally).  i.e. https://mail.domain.com/exchweb/bin/auth/owalogon.asp?url=https://mail.domain.com/exchange&reason=0

1.  I'd like to use only 1 OWA site during the migration so that I don't have users going to 2 different sites.  From what I've been reading, you can use Exchange 2007 OWA and it will automatically redirect users to the correct site.  

2.  I need users to go to the default site without having to put in http://mail.domain.com/exchange or http://mail.domain.com/owa 

I did some testing on the Exchange 2007 server by going to https://mail5/owa   and https://mail5/exchange  and they both took me to the same place (OWA for 2007).  Mail5 is the name of the server.

How should the redirect work?  Will the user login first and then Exchange determines where they should go??

Here's a couple of articles I ran across:

http://msexchangeteam.com/archive/2007/02/07/434523.aspx

http://social.technet.microsoft.com/Forums/en/exchangesvrmigration/thread/be54ead6-09da-4652-9854-b57ffe714f0b
0
Comment
Question by:Florescu
  • 12
  • 6
  • 5
23 Comments
 
LVL 9

Expert Comment

by:Raghuv
ID: 24230926
Hi, if you have CAS role & Mailbox role installed on separate servers, then you need to worry. You can go ahead and point your existing Public URL (https://mail.domain.com/exchange) to the CAS server and

1) if an user uses https://mail.domain.com/exchange and his Mailbox is located on Exchange 2007 then the CAS server would automatically redirect it to /owa and the user would get OWA 2007 experience.

2) if an user uses https://mail.domain.com/exchange and his Mailbox is located on Exchange 2003 then the CAS server would automatically redirect it to /exchange on Exchange 2003 Mailbox Server and the user would get OWA 2003 experience.

In case you have a Single Exchange 2007 server with all roles (CAS+MBX+HUB), then the redirect (Step#2 above) for Exchange 2003 user's will not occur, so to resolve the same either install CAS and MBX roles on separate servers or have two Public URL's (One pointing to Exchange 2003 for E2k3 users and one pointing to Exchange 2007 for E2k7 users)
0
 

Author Comment

by:Florescu
ID: 24232361
I do have separate CAS role and Mailbox role servers.  

However, as per my original post, it doesn't work.  When I attempt to login to the new CAS Outlook web access, it just tells me "invalid user".  It doesn't redirect me to Exchange 2003 OWA.  

0
 
LVL 9

Expert Comment

by:Raghuv
ID: 24232411
Ensure Integrated windows authentication is enabled on the Exchange virtual directory on Exchange 2003 server (IIS Manager), also disable FBA (Forms based authentication) on the Exchange 2003 server.

Also while entering the username, try the format (domain\username)
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:Florescu
ID: 24232692
That didn't work.  I even did an IISRESET for good measure.

Outlook Web Access could not find a mailbox for DOMAIN\Username. If the problem continues, contact technical support for your organization and tell them the following: The mailbox may be stored on a Microsoft Exchange 2000 or Microsoft Exchange 2003 server, or the Active Directory user account was created recently and has not yet replicated to the Active Directory site where this Client Access server is hosted.

Request
Url: https://mail5:443/owa/auth/error.aspx
0
 
LVL 9

Expert Comment

by:Raghuv
ID: 24232739
What is the URL you are using ?? To access an Exchange 2003 user, ensure it's https://mail5/exchange and not https://mail5/owa

0
 

Author Comment

by:Florescu
ID: 24232747
I tried both of those and no luck.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24232779
as already said /exchange should work for both 2003 and 2007 users as long as your CAS is NOT a mailbox server

kindly provide us with a screen shot of the error

0
 
LVL 9

Expert Comment

by:Raghuv
ID: 24232783
Open the Exchange Management Console -> Server Configuration -> Client Access -> Right click on OWA and check what the Internal URL set as and using the same URL try and access the account and put /exchange in the end instead of /owa
0
 

Author Comment

by:Florescu
ID: 24233213
Internal URL is listed as: https://mail5.domain.com/owa

I tried putting /exchange but no luck.

It kicks me back to the same logon screen and I get this:
"The user name or password that you entered is not valid. Try entering it again. "
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24233527
looks like a different issue to me

have you tried domain\user or user@domain.com as username isntead of only user?
0
 

Author Comment

by:Florescu
ID: 24233576
Yes, I have.  It's the same thing.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24233590
I am confused previously you wrote

>>Outlook Web Access could not find a mailbox for DOMAIN\Username. If the problem continues, contact technical support for your organization and tell them the following: The mailbox may be stored on a Microsoft Exchange 2000 or Microsoft Exchange 2003 server, or the Active Directory user account was created recently and has not yet replicated to the Active Directory site where this Client Access server is hosted.<<<

but now you are telling us
>>"The user name or password that you entered is not valid. Try entering it again. "<<

these 2 messages are completely different
0
 

Author Comment

by:Florescu
ID: 24233602
I get both messages.  

I get the User name or password that you entered is not valid the 1st time

If I keep trying, it will give me the other message after a few times.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24233609
Florescu i don't mean to be skeptical but you need to help us here

if you are using the /exchange directory it is not possible you are getting

>>Outlook Web Access could not find a mailbox for DOMAIN\Username. If the problem continues, contact technical support for your organization and tell them the following: The mailbox may be stored on a Microsoft Exchange 2000 or Microsoft Exchange 2003 server, or the Active Directory user account was created recently and has not yet replicated to the Active Directory site where this Client Access server is hosted.<<<

this is the kind of error you will have when accessing /owa and the mailbox is on 2k3

are you doing these tests from internal ?

make sure you are going for the /exchange path and not /owa
0
 

Author Comment

by:Florescu
ID: 24233640
That's funny... I am the technical support for my company.  

Yes, that's exactly what I'm telling you that I get those results if I use /exchange OR if I use /owa.  
I am doing these tests internally.  

There must be something else wrong here, maybe I misconfigured something after I setup CAS server.
0
 

Author Comment

by:Florescu
ID: 24233886
I tried domain\username and that didn't work.  Then I tried username@domain and that seemed to work on this address:

https://mail5/exchange 

1.  I only have 1 domain so I just need the users to put in their username only.  

2.  I still need to have only 1 OWA.  Currently I have to go to https://mail5/owa for Exchange 07 and https://mail5/exchange for Exchange 03.  How do I combine that into 1 so the users don't have to know 2 URLs?
0
 
LVL 9

Accepted Solution

by:
Raghuv earned 2000 total points
ID: 24234879
k, so now we are getting closure to resolution ;)

Open the Exchange Management Shell -> Server Config -> Client Access -> OWA properties -> Authentication tab -> Choose the last option which says "Username Only" and then choose the domain name as well.

Now, try accessing a Exchange 2003 account using https://mail5/exchange.

Also try accessing a Exchange 2007 account using https://mail5/exchange.

PS: You cannot use /owa with an Exchange 2003 account.

If you are having issues with Exchange 2007 account, then ensure on the Mailbox server (2007), the Exchange virtual directory (using IIS Manager) has Integrated Windows authentication & Basic authentication enabled.

And also ensure only Basic authentication is enabled on Exchange virtual directory (IIS Manager) on the CAS server.
0
 

Author Comment

by:Florescu
ID: 24236244
Ok, that all worked.  Thank you

One more thing:  How do I make the /exchange the default website so users don't have to type that in ??
0
 
LVL 9

Expert Comment

by:Raghuv
ID: 24236313
1) Open IIS Manager
2) Right-click Default Web Site, click Properties, and then click the Home Directory tab.
3) Under When connecting to this resource, the content should come from, click A redirection to a URL.
4) In the Redirect to box, type /exchange.
5) Under The client will be sent to, click A directory below this one.
6) Stop and start the Default Web Site.

http://support.microsoft.com/kb/839357
0
 

Author Comment

by:Florescu
ID: 24245509
That's IIS6 instructions.  Do you have the instructions for IIS 7 ?
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24245587
create a new file in the root of your directory called index.html and insert in it


<meta http-equiv="refresh" content="0;URL=/exchange">
0
 

Author Comment

by:Florescu
ID: 24256555
I found the answer here:

http://social.technet.microsoft.com/Forums/en-US/exchangesvrmobility/thread/d76dfb03-1f66-4dd1-8854-509535e442fc

By default, IIS7 has built-in automatic HTTP Redirect feature which allows us to redirect to any URL without us having to write any custom scripts.

To accomplish the task, you can follow these steps on the CAS server role hosting OWA:

Step 1:

1,Log on Interne Information Services (IIS) Manager

2, Switch back to Features view of the "Default Web Site" and double click on "Error Pages".

3, In the Actions pane, click on "Edit Feature Settings" and under "Error Responses", select: "Custom Error Pages". Then click OK

4, In the Actions pane, click on "Add" and configure the following

a) Status code: 403.4

b) Click on Respond with a 302 redirect and provide the absolute URL: https://owa.mycompany.com/owa

Note: Make sure you are using "https"
 
Step 2:

1,Open IIS 7 Manager

2,Highlight the Default Website and ensure we are in the Features View

3, Double click on HTTP Redirect icon

4, Check the option "Redirect requests to this destination:" and type the absolute OWA URL: https://owa.mycompany.com/owa

5, Under Redirect Behavior section, select the option "Only redirect requests to content in this directory (not subdirectories)"

6, From the drop down, select the Status code: Found (302)

7, Click Apply to save the settings

8, Run IISRESET /noforce command in CMD for the settings to take effect.

After that, please test this issue.

--------------------------------------------

I did have a problem with finding HTTP Redirect in IIS.  I had to install it as part of a Role Feature in Server Management.
0
 

Author Comment

by:Florescu
ID: 24260249
I changed the Internal and external URL names for OWA in Exchange Management console to read https://mail.domain.com        I've done some more testing and here's what I'm finding out:

1.  If I go to http://mail.domain.com/exchange and try to login, I get a 404 not found error.  The URL gets listed as https://mail.dcipa.com/exchange/exchange   <--notice the double /exchange
2.  If I go to https://mail.domain.com/exchange, I get the same thing
3.  If I go to http://mail.domain.com/owa, I can login to the Exchange 2007 successfully
4.  If I go to https://mail.domain.com/owa, I can login to the Exchange 2007 successfully.

I tried changing the SSL settings on the OWA to "require SSL" and then I couldn't login to it, I kept getting a 404 error.  

Basically what I want to do is to require SSL no matter what, so if somebody goes to http://mail.domain.com/owa  or http://mail.domain.com/exchange, they would be forced to use SSL.  

Currently it's not allowing me to login if I specify the URLs above.

If I just go to mail.domain.com, I can login just fine.  
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question