Exchange 2010 OWA cannot access mailboxes hosted on Exchange 2003

I have a Exchange server 2003 server.  I also have a front-end Exchange 2003 server for OWA setup.

I have now installed an Exchange 2010 server.  
I ran the command in Powershell on Exchange 2010.
Set-OWAVirtualDirectory <CASHUB01>\OWA ‘
-ExternalURL https://exchange2010/OWA ‘
-Exchange2003URL https://exchange2003.domain.com/exchange 

Users hosted on Exchange 2010 can access their mailbox when going to https://exchange2010/OWA.  Users hosted on Exchange2003 cannot access their mailbox when going to https://exchange2010/OWA.  Can anyone assist?

The exchange2003.domain.com is publicly available.  The https://exchange2010 is internal only.  I am trying to access it from internally only at this stage.
LVL 1
lodgingsitAsked:
Who is Participating?
 
Glen KnightCommented:
the problem is because the Exchange 2003 server is not using SSL, as far as I am aware this will not work.
0
 
Glen KnightCommented:
Do you have a separate CAS server or a single Exchange 2010 server?

If you goto https://exchange2003server/exchange does it work OK?

And if you goto https://exchange2010/exchange what happens then?
0
 
lodgingsitAuthor Commented:
I have a single Exchange 2010 server with all roles installed on the same server.

When I go to http://exchange2003frontendserver/exchange - and try to get into a mailbox on exchange 2010, it gives me access denied (403 - Forbidden; access denied).

When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
The problem here is that the redirection only works when coming from outside the organization. i explain:

From inside the org:
2010 users: https://exchange2010/OWA 
2003 users: https://exchange2003frontendserver/exchange

from outside the org you need 2 outside A records. one for 2010 and the other for 2003.

then you need to have forms based enabled on 2003 front end.

and you need a correct external url configured with the external name, and the other external name configured on the 2003url

hope it helps
0
 
Glen KnightCommented:
There is no reason why it wouldn't redirect internally if the hostnames were the same.
0
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
you can only set one exchange2003url.. and by design you should set it with one external hostname, such as exchange2003.domain.com

if you want this url to work internally you should have a internal split dns zone domain.com to be able to resolve the exchange2003.domain.com internally, or else he is going to forward your request outside and also you will need one A record public.
0
 
lodgingsitAuthor Commented:
Thanks, already using a split tunnel DNS.
0
 
lodgingsitAuthor Commented:
P.S>  GrreatVargas - can you explain the forms based authentication.  Does that have to be enabled on the front-end server or the back-end 2003 Exchange server?
0
 
Glen KnightCommented:
It needs to be enabled on the Front-End Server, do you get a form to fill in when logging in to the 2003 server or a pop-up box?

If a form then you already have FBA enabled.
0
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
Like Demazter said, it's on the front end server that has to be enabled... for single sign-on purposes. Not beeing enabled only has double authentication issues.
0
 
lodgingsitAuthor Commented:
Then that's not the issue with regards to the form.  As stated above, the issue is...

When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.

Could I have run the powershell command incorrectly?
0
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
dont use  https://exchange2010/exchange  to access 2003 mailboxes. use  https://exchange2010/owa to access 2010 mailboxes and use  https://exchange2003/exchange to access 2003 mailboxes.

the exchange2003url is a redirection url. to redirect 2003 mailboxes that use 2010 cas to access to that url.. that is pointing to 2003 server.

the test you must do is access https://exchange2010/OWA with a 2003 mailbox and see if you get redirected to the exchange2003url

whats the result?
0
 
lodgingsitAuthor Commented:
Ok, here is the story.  I've read somewhere that there could be issues having a CAS server and a mailbox server on the same box when accessing Exchange2003.  Therefore, I have created a new Exchange server with just the CAS role on it.

It sees the main Exchange 2010 server no issues.

I ran this on the new CAS server:
[PS] C:\Windows\system32>Set-OwaVirtualDirectory https://<Servername of new CAS SERVER>/OWA -ExternalURL https://<< Public DNS NAME OF NEW CAS SERVER>/OWA -Exchange2003URL http://<Public DNS Name of Exchangbe 2003 Front-end OWA server>/exchange

I got the following errror:

The operation couldn't be performed because object '<Servername of new CAS SERVER>\https://<Servername of new CAS SERVER>/OWA' couldn't be found
on 'DC.com'.
    + CategoryInfo          : NotSpecified: (0:Int32) [Set-OwaVirtualDirectory], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 2671AFC6,Microsoft.Exchange.Management.SystemConfigurationTasks.SetOwaVirtualDirectory


Any suggestions?
0
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
Set-OWAVirtualDirectory <CAS2010>\OWA* -Exchange2003URL https://legacy.contoso.com/exchange 

you are not typping well next to set-owavirtualdirectory

use <CAS2010>\OWA*
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.