dfollis
asked on
Exchange 2010 Migration, OWA 2003 reporting 503 error
Hello-
I have started my Exchange 2010 install. Been researching this for months but I've obviously missed something as OWA and Activesync were dead this AM. Last night I installed the CAS server. That is the only role I currently have installed. I have not modified any SSL certs, or DNS records, or firewall rules. Existing Exchange 2003 BE and FE remain untouched. But login to 2003 OWA results in HTTP/1.1 503 Service Unavailable. I was under the impression that until I applied the new certificate and modified DNS this would not be an issue. HELP!!!
I have started my Exchange 2010 install. Been researching this for months but I've obviously missed something as OWA and Activesync were dead this AM. Last night I installed the CAS server. That is the only role I currently have installed. I have not modified any SSL certs, or DNS records, or firewall rules. Existing Exchange 2003 BE and FE remain untouched. But login to 2003 OWA results in HTTP/1.1 503 Service Unavailable. I was under the impression that until I applied the new certificate and modified DNS this would not be an issue. HELP!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So I went ahead and called PSS. We have SA so no cost. I feel like a complete idiot. For some reason the IIS service on the BE Exchange server had stopped. Still not sure what caused this, but starting it up again fixed it of course. Moral of this story is always check the simple things first.
ASKER
Not directly related to my problem but still good information.
When you install the CAS role does it modify something on the ExchangeFE box?
When we are adding E2010 CAS server on the setup
We should get the few other AD-Groups (atleast 5 groups) added for some permission on the E2k3 servers/stores...so the CAS code can access the mailboxes without any issues
When we are adding E2010 CAS server on the setup
We should get the few other AD-Groups (atleast 5 groups) added for some permission on the E2k3 servers/stores...so the CAS code can access the mailboxes without any issues
ASKER
e_aravind-
I don't think the CAS server modifies anything on the FE. From what I understand, after you install the CAS, you have to setup the legacy.company.X and autodiscover.company.X DNS records (internal and external if you have split DNS) and procure the new SSL certificates. After that is done and they are applied to the CAS, the final step is to point your OWA traffic from the firewall to the CAS server. It should now act as a proxy between your old Exchange FE/BE config and the new Exchange CAS/MBX config. All OWA logins hit the CAS first. If the CAS server determines the person's mailbox is still on the the 2003 BE server it points them to the OWA 2003 on the FE server. If it determines the person has a mailbox on the 2010 MBX server it responds with the OWA 2010 pages.
Regarding the permissons, most of that is done by adding users to groups. I think the user you install as is added to the new groups. I've done quite a bit of reading and I haven't seen anything about needing to change permissions. Now if you are using a new service account for Exchange 2010 compared to what you used for 2003 that could be a different story.
I don't think the CAS server modifies anything on the FE. From what I understand, after you install the CAS, you have to setup the legacy.company.X and autodiscover.company.X DNS records (internal and external if you have split DNS) and procure the new SSL certificates. After that is done and they are applied to the CAS, the final step is to point your OWA traffic from the firewall to the CAS server. It should now act as a proxy between your old Exchange FE/BE config and the new Exchange CAS/MBX config. All OWA logins hit the CAS first. If the CAS server determines the person's mailbox is still on the the 2003 BE server it points them to the OWA 2003 on the FE server. If it determines the person has a mailbox on the 2010 MBX server it responds with the OWA 2010 pages.
Regarding the permissons, most of that is done by adding users to groups. I think the user you install as is added to the new groups. I've done quite a bit of reading and I haven't seen anything about needing to change permissions. Now if you are using a new service account for Exchange 2010 compared to what you used for 2003 that could be a different story.
ASKER
Thanks for this. I'm reading but I think I might be confused as I have a split DNS sturcture. Our interal DNS is company.local. Of course external is company.com. Current structure is this:
webmail.company.com --> exchangeFE.company.local
mail.company.com --> exchangeBE.company.local
After the CAS install; I have not installed the HT or MB Exchange 2010 servers yet (no EDGE will be used), I now have the following DNS records setup:
webmail.company.com --> exchangeFE.company.local
mail.company.com --> exchangeBE.company.local
legacy.company.local --> exchangeFE.company.local
autodiscover.company.local
I have not modified any of my external DNS records yet. I simply need to get OWA working. I'm not able to access OWA 2003 or OWA 2010 via external or internal hostnames. Nor by localhost via the console of those systems. Something in IIS is broken or has been changed. When you install the CAS role does it modify something on the ExchangeFE box? Nothing I have read indicated this.