We help IT Professionals succeed at work.

Exchange 2003 OWA Referral through IIS to Exchange 2007 OWA

budgetblinds
budgetblinds asked
on
Okay, I've got a tricky one for you Experts. Background:

I have a front end Exchange 2003 Server running on Server 2003. It's running IIS serving up a forward facing, password protected website acting as a portal page for customers. When you login to this page (using Basic Auth), you have a link on the "Intranet" to connect to your Exchange OWA account sitting on the same box. Follow me so far?

We have recently introduced an Exchange 2007 on a 2008 SP2 server into the network, and are planning to migrate to it. Right now it's living as the backend server as we slowly migrate the customers mailboxes onto it.

So I have noticed that when I go to the "Intranet" internally (behind the network firewall) and login using a mailbox account that has been moved to the new Exchange server, when I click on the email link (which is really just www.mycompany.com/exhange) - it will refer me to the 2007 OWA. It asks me twice to reenter my user / pass, but then it gives me my OWA box. The logging in twice is fine, but the weird thing is that when I hit this same exact page externally (Outside the corporate firewall) it won't refer me to the new page. The page just come's up not found.

I have setup external DNS to reflect the correct names, and I can hit OWA on that same Exchange 2007 server fine if I use the direct link to it, but I would like to be able to have customers be redirected to the new OWA during the transition over. I believe this problem is related to DNS, but I can't be sure.

Does anyone have any ideas?

Thanks!
Comment
Watch Question

Awarded 2009
Top Expert 2010
Commented:
You need an Exchange 2007 Client Access server to replace the front end 2003 server.

Exchange 2003 cannot proxy for Exchange 2007 and exchange 2007 will not proxy if it has a mailbox role on it.

Author

Commented:
And I will eventually replace it with a CAS  once the transition is complete. The problem here is that it DOES proxy for it - or at least refer it to the 2007 OWA when I hit it internally. I guess the question should be, what function is referring it to the Exchange 2007 when I hit it, and how can I duplicate that externally (only temporarily) while the transition happens.
Awarded 2009
Top Expert 2010

Commented:
I don't know how it is working because it doesn't.

Exchange 2003 front end DOES not proxy for Exchange 2007 there is no way around this.  The first server to be upgraded should always be the front end server.

Author

Commented:
Okay, maybe frontend is wrong term. It was the only Exchange box in the network until we introduced the 2007, so it holds all the mailboxes for the network. Like I said, IIS on the Exchange 2003 box which is hosting OWA - for whatever reason - IS referring over to the Exchange 2007 OWA client. Im just trying to figure out what the function is there. It is, however, not passing through Authentication, which I think maybe is the point you are trying to make.
Awarded 2009
Top Expert 2010

Commented:
OK, so what you need to do is introduce a temporary CAS server (just the CAS role) and forward port 443 to this instead of the 2003 server.

Do this and it will all start to work.

Author

Commented:
Here is the issue with that: I have a 1300 customers that access this specific website on a daily basis, checking their email through OWA. If I introduce a CAS server, it will not refer back to the mailboxes that are still in the process of being moved that are still located on the Exchange 2003 box. Basically, I was hoping to avoid downtime with this by keeping the existing website as is, and if their mailbox had been moved already then when they login and click the link on the website it would refer them to another login for the Exchange 2007 OWA. It works internally, but externally.
Awarded 2009
Top Expert 2010

Commented:
The 2007 CAS will proxy for both Exchange 2007 and 2003 so no downtime will be required other than the few seconds it takes to switch port 443 from the 2003 server to the 2007 one.

Just make sure you have the CAS working with SSL certificate installed before you do the switch.

Author

Commented:
Sorry, but you are incorrect. 2007 will not proxy for 2003. When a mailbox is sitting on an Exchange 2003 box, a CAS server will not hand off OWA in anyway to the 2003 box. Proof:

"Outlook Web Access could not find a mailbox for MYCORP\myuser. If the problem continues, contact technical support for your organization and tell them the following: The mailbox may be stored on a Microsoft Exchange 2000 or Microsoft Exchange 2003 server, or the Active Directory user account was created recently and has not yet replicated to the Active Directory site where this Client Access server is hosted. "

This is when I got when I tried to go in reverse. If what you said was true, then it would have handed off to the Exchange 2003 box.
Awarded 2009
Top Expert 2010
Commented:
You continue to use /exchange not /OWA

the 2007 users will be redirected to OWA and the 2003 users will be redirected to the 2003 server.

It DOES work. And it WILL proxy, I have done it hundreds of times!
Awarded 2009
Top Expert 2010
Commented:
Which server are you trying this from? It will not proxy if it has the mailbox role in it

Author

Commented:
It does have the Mailbox role on it, so that makes sense that it wouldn't forward it if it has that role on it.

I will bring up a CAS role server to see if that will resolve our problem. Thanks for your help and I will let you know.

Author

Commented:
Thanks demazter. We now have our CAS proxying between our old 2003 Exchange & "new" 2007 Exchange.