Solved

Exchange 2010 OWA cannot access mailboxes hosted on Exchange 2003

Posted on 2011-03-14
14
1,482 Views
Last Modified: 2012-05-11
I have a Exchange server 2003 server.  I also have a front-end Exchange 2003 server for OWA setup.

I have now installed an Exchange 2010 server.  
I ran the command in Powershell on Exchange 2010.
Set-OWAVirtualDirectory <CASHUB01>\OWA ‘
-ExternalURL https://exchange2010/OWA
-Exchange2003URL https://exchange2003.domain.com/exchange

Users hosted on Exchange 2010 can access their mailbox when going to https://exchange2010/OWA.  Users hosted on Exchange2003 cannot access their mailbox when going to https://exchange2010/OWA.  Can anyone assist?

The exchange2003.domain.com is publicly available.  The https://exchange2010 is internal only.  I am trying to access it from internally only at this stage.
0
Comment
Question by:lodgingsit
  • 5
  • 5
  • 4
14 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35130581
Do you have a separate CAS server or a single Exchange 2010 server?

If you goto https://exchange2003server/exchange does it work OK?

And if you goto https://exchange2010/exchange what happens then?
0
 
LVL 1

Author Comment

by:lodgingsit
ID: 35130617
I have a single Exchange 2010 server with all roles installed on the same server.

When I go to http://exchange2003frontendserver/exchange - and try to get into a mailbox on exchange 2010, it gives me access denied (403 - Forbidden; access denied).

When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 35130686
The problem here is that the redirection only works when coming from outside the organization. i explain:

From inside the org:
2010 users: https://exchange2010/OWA
2003 users: https://exchange2003frontendserver/exchange

from outside the org you need 2 outside A records. one for 2010 and the other for 2003.

then you need to have forms based enabled on 2003 front end.

and you need a correct external url configured with the external name, and the other external name configured on the 2003url

hope it helps
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35130758
There is no reason why it wouldn't redirect internally if the hostnames were the same.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 35131386
you can only set one exchange2003url.. and by design you should set it with one external hostname, such as exchange2003.domain.com

if you want this url to work internally you should have a internal split dns zone domain.com to be able to resolve the exchange2003.domain.com internally, or else he is going to forward your request outside and also you will need one A record public.
0
 
LVL 1

Author Comment

by:lodgingsit
ID: 35133138
Thanks, already using a split tunnel DNS.
0
 
LVL 1

Author Comment

by:lodgingsit
ID: 35133157
P.S>  GrreatVargas - can you explain the forms based authentication.  Does that have to be enabled on the front-end server or the back-end 2003 Exchange server?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 74

Expert Comment

by:Glen Knight
ID: 35133198
It needs to be enabled on the Front-End Server, do you get a form to fill in when logging in to the 2003 server or a pop-up box?

If a form then you already have FBA enabled.
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 35133423
Like Demazter said, it's on the front end server that has to be enabled... for single sign-on purposes. Not beeing enabled only has double authentication issues.
0
 
LVL 1

Author Comment

by:lodgingsit
ID: 35138364
Then that's not the issue with regards to the form.  As stated above, the issue is...

When I go to https://exchange2010/exchange and try to access a mailbox on Exchange 2003 then I get the following error:
Your request couldn't be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk.

Could I have run the powershell command incorrectly?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 35139427
dont use  https://exchange2010/exchange  to access 2003 mailboxes. use  https://exchange2010/owa to access 2010 mailboxes and use  https://exchange2003/exchange to access 2003 mailboxes.

the exchange2003url is a redirection url. to redirect 2003 mailboxes that use 2010 cas to access to that url.. that is pointing to 2003 server.

the test you must do is access https://exchange2010/OWA with a 2003 mailbox and see if you get redirected to the exchange2003url

whats the result?
0
 
LVL 1

Author Comment

by:lodgingsit
ID: 35166856
Ok, here is the story.  I've read somewhere that there could be issues having a CAS server and a mailbox server on the same box when accessing Exchange2003.  Therefore, I have created a new Exchange server with just the CAS role on it.

It sees the main Exchange 2010 server no issues.

I ran this on the new CAS server:
[PS] C:\Windows\system32>Set-OwaVirtualDirectory https://<Servername of new CAS SERVER>/OWA -ExternalURL https://<< Public DNS NAME OF NEW CAS SERVER>/OWA -Exchange2003URL http://<Public DNS Name of Exchangbe 2003 Front-end OWA server>/exchange

I got the following errror:

The operation couldn't be performed because object '<Servername of new CAS SERVER>\https://<Servername of new CAS SERVER>/OWA' couldn't be found
on 'DC.com'.
    + CategoryInfo          : NotSpecified: (0:Int32) [Set-OwaVirtualDirectory], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : 2671AFC6,Microsoft.Exchange.Management.SystemConfigurationTasks.SetOwaVirtualDirectory


Any suggestions?
0
 
LVL 15

Expert Comment

by:GreatVargas
ID: 35182051
Set-OWAVirtualDirectory <CAS2010>\OWA* -Exchange2003URL https://legacy.contoso.com/exchange

you are not typping well next to set-owavirtualdirectory

use <CAS2010>\OWA*
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 500 total points
ID: 35182077
the problem is because the Exchange 2003 server is not using SSL, as far as I am aware this will not work.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
how to add IIS SMTP to handle application/Scanner relays into office 365.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now