Exchange 2010 OWA cannot access mailboxes hosted on Exchange 2003
I have a Exchange server 2003 server. I also have a front-end Exchange 2003 server for OWA setup.
I have now installed an Exchange 2010 server.
I ran the command in Powershell on Exchange 2010.
Set-OWAVirtualDirectory <CASHUB01>\OWA ‘
-ExternalURL https://exchange2010/OWA ‘
-Exchange2003URL https://exchange2003.domain.com/exchange
Users hosted on Exchange 2010 can access their mailbox when going to https://exchange2010/OWA. Users hosted on Exchange2003 cannot access their mailbox when going to https://exchange2010/OWA. Can anyone assist?
The exchange2003.domain.com is publicly available. The https://exchange2010 is internal only. I am trying to access it from internally only at this stage.
I have now installed an Exchange 2010 server.
I ran the command in Powershell on Exchange 2010.
Set-OWAVirtualDirectory <CASHUB01>\OWA ‘
-ExternalURL https://exchange2010/OWA ‘
-Exchange2003URL https://exchange2003.domain.com/exchange
Users hosted on Exchange 2010 can access their mailbox when going to https://exchange2010/OWA. Users hosted on Exchange2003 cannot access their mailbox when going to https://exchange2010/OWA. Can anyone assist?
The exchange2003.domain.com is publicly available. The https://exchange2010 is internal only. I am trying to access it from internally only at this stage.
ASKER
I have a single Exchange 2010 server with all roles installed on the same server.
When I go to http://exchange2003frontendserver/exchange - and try to get into a mailbox on exchange 2010, it gives me access denied (403 - Forbidden; access denied).
When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.
When I go to http://exchange2003frontendserver/exchange - and try to get into a mailbox on exchange 2010, it gives me access denied (403 - Forbidden; access denied).
When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.
The problem here is that the redirection only works when coming from outside the organization. i explain:
From inside the org:
2010 users: https://exchange2010/OWA
2003 users: https://exchange2003frontendserver/exchange
from outside the org you need 2 outside A records. one for 2010 and the other for 2003.
then you need to have forms based enabled on 2003 front end.
and you need a correct external url configured with the external name, and the other external name configured on the 2003url
hope it helps
From inside the org:
2010 users: https://exchange2010/OWA
2003 users: https://exchange2003frontendserver/exchange
from outside the org you need 2 outside A records. one for 2010 and the other for 2003.
then you need to have forms based enabled on 2003 front end.
and you need a correct external url configured with the external name, and the other external name configured on the 2003url
hope it helps
There is no reason why it wouldn't redirect internally if the hostnames were the same.
you can only set one exchange2003url.. and by design you should set it with one external hostname, such as exchange2003.domain.com
if you want this url to work internally you should have a internal split dns zone domain.com to be able to resolve the exchange2003.domain.com internally, or else he is going to forward your request outside and also you will need one A record public.
if you want this url to work internally you should have a internal split dns zone domain.com to be able to resolve the exchange2003.domain.com internally, or else he is going to forward your request outside and also you will need one A record public.
ASKER
Thanks, already using a split tunnel DNS.
ASKER
P.S> GrreatVargas - can you explain the forms based authentication. Does that have to be enabled on the front-end server or the back-end 2003 Exchange server?
It needs to be enabled on the Front-End Server, do you get a form to fill in when logging in to the 2003 server or a pop-up box?
If a form then you already have FBA enabled.
If a form then you already have FBA enabled.
Like Demazter said, it's on the front end server that has to be enabled... for single sign-on purposes. Not beeing enabled only has double authentication issues.
ASKER
Then that's not the issue with regards to the form. As stated above, the issue is...
When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.
Could I have run the powershell command incorrectly?
When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.
Could I have run the powershell command incorrectly?
dont use https://exchange2010/exchange to access 2003 mailboxes. use https://exchange2010/owa to access 2010 mailboxes and use https://exchange2003/exchange to access 2003 mailboxes.
the exchange2003url is a redirection url. to redirect 2003 mailboxes that use 2010 cas to access to that url.. that is pointing to 2003 server.
the test you must do is access https://exchange2010/OWA with a 2003 mailbox and see if you get redirected to the exchange2003url
whats the result?
the exchange2003url is a redirection url. to redirect 2003 mailboxes that use 2010 cas to access to that url.. that is pointing to 2003 server.
the test you must do is access https://exchange2010/OWA with a 2003 mailbox and see if you get redirected to the exchange2003url
whats the result?
ASKER
Ok, here is the story. I've read somewhere that there could be issues having a CAS server and a mailbox server on the same box when accessing Exchange2003. Therefore, I have created a new Exchange server with just the CAS role on it.
It sees the main Exchange 2010 server no issues.
I ran this on the new CAS server:
[PS] C:\Windows\system32>Set-Ow
I got the following errror:
The operation couldn't be performed because object '<Servername of new CAS SERVER>\https://<Servername of new CAS SERVER>/OWA' couldn't be found
on 'DC.com'.
+ CategoryInfo : NotSpecified: (0:Int32) [Set-OwaVirtualDirectory],
+ FullyQualifiedErrorId : 2671AFC6,Microsoft.Exchang
Any suggestions?
It sees the main Exchange 2010 server no issues.
I ran this on the new CAS server:
[PS] C:\Windows\system32>Set-Ow
I got the following errror:
The operation couldn't be performed because object '<Servername of new CAS SERVER>\https://<Servername of new CAS SERVER>/OWA' couldn't be found
on 'DC.com'.
+ CategoryInfo : NotSpecified: (0:Int32) [Set-OwaVirtualDirectory],
+ FullyQualifiedErrorId : 2671AFC6,Microsoft.Exchang
Any suggestions?
Set-OWAVirtualDirectory <CAS2010>\OWA* -Exchange2003URL https://legacy.contoso.com/exchange
you are not typping well next to set-owavirtualdirectory
use <CAS2010>\OWA*
you are not typping well next to set-owavirtualdirectory
use <CAS2010>\OWA*
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you goto https://exchange2003server/exchange does it work OK?
And if you goto https://exchange2010/exchange what happens then?