[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 609
  • Last Modified:

Exchange 2003 and Exchange 2010 OWA

I'm in the process of moving to from Exchange 2003 to Exchange 2010. I ran the set-owavirtualdirectory command to redirect my 2003 users to the correct 2003 OWA server. He is my problem. My 2003 OWA uses a self-signed certificate. IN my set-owa command I used the external ip address instead of the host name becuase the old 2003 OWA A record will be delete once we could over (this is want mangements wants) anyway. WHen I connect to the 2010 OWA server using my account which is still on 2003 I get a Error code 403 message. I'm almost positive this is becuase my 2003 OWA server and ISA is using a self-signed certificate that references the host name and not the external ip. How can I make the self-signed certificated use the external ip address
0
compdigit44
Asked:
compdigit44
  • 10
  • 8
2 Solutions
 
spiderwilk007Commented:
Generally that is not how you would want to do it. If you setup a Legacy DNS record that points to the 2003 OWA server (internally and externally)for example: legacy.contoso.com. Then redirect the old DNS records to the new 2010 server and have it manage everything. The 2010 server will automatically detect if the users mailbox is on the new server or the old server and redirect the clients to legacy.contoso.com for OWA. You will also need to change the virual directories in 2003 to reflect the change:

http://technet.microsoft.com/en-us/library/ee332348.aspx

0
 
compdigit44Author Commented:
I konw this is not recommend but for internal reason we have to do it like this..

Anyway to do what I need to do though?
0
 
spiderwilk007Commented:
Without using the legacy DNS record you will have to connect directly to the ip address you will not be able to go through exchange 2010 to get to OWA for 2003.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
spiderwilk007Commented:
Also, there is no way to make the self signed certificate use the IP address, you can try to create a new certificate and include the IP address. There is no way to update a certificate it has to be recreated.
0
 
compdigit44Author Commented:
But when I connec to 2010 OWA with my 2003 account is does redirect me to the certifiate warning screen for 2003 and when I click on the contine warning message is when I get the Error 403 message... I find it hard to believe that 2010 cannot redirect to an 2003 server based on ip
0
 
spiderwilk007Commented:
if you go directly to the address without using 2010 to redirect does it work? or do you still get the 403 error message? Have you changed the virtual directories to reflect the IP address in Exchange 2003 instead of the DNS name?
0
 
compdigit44Author Commented:
OK.. If I go to the Exchange 2003 external IP  directly I still get the Error 403 message..

Suggestions
0
 
spiderwilk007Commented:
Try the internal servername or IP address to access the server, if you still get the 403 error message it's not a certificate problem, instead you have services that aren't working or configured properly on the exchange 2003 server and need to make sure IIS and exchange services are all properly configured and started.
0
 
spiderwilk007Commented:
Also, you will need to make sure you browsing to the exact directory and not just to the root folder: https://{servername}/owa
0
 
spiderwilk007Commented:
Also, did you setup a NAT policy pointing the external IP address to the Internal IP address on your firewall or router?
0
 
compdigit44Author Commented:
No should I setup this policy on my ISA server or TMG server?
0
 
compdigit44Author Commented:
ALso can I have two NAT rules in place one that point to the host name and one that point to the external ip
0
 
spiderwilk007Commented:
You just have to assign this on what ever you are using for the gateway or firewall. I don't believe you can do a NAT based on host name you just NAT the public IP address to private IP address. What are you using for the default gateway?
0
 
compdigit44Author Commented:
What do you mean default gateway on OWA, ISA where?

0
 
spiderwilk007Commented:
The defualt gateway is your companies default Router or Firewall. It separates your network from the outside world. It has public IP addresses assigned by your ISP pointed to it. You need to open traffic on port 443 to you internal ISA or Exchange 2003 server (depending on how you have it set up and maybe to both on seperate IP's). If this was setup previously but now it points to the 2010 server you need set up a seperate path from the outside world to your exchange 2003 server, if you want the public IP address to work. I would like a little more information on how you are accessing your exchange server currently. Do you have a private IP address schema setup on the exchange servers? Usually 192.168.X.X or 10.X.X.X or 172.X.X.X.  If so these IP addresses are not publically accessible and you need to assign a NAT for an external IP to get to a private IP. This is handled at the network level on the physical Router or Firewall
0
 
compdigit44Author Commented:
I think I'm making progress I setup a new web rule on my ISA 2004 server that point to the internal ip of my OWA server. Now I'm getting an Error 500 which according to Microsoft is a certificate name problem. How can I update or generate an a new internal certificate to include the interal ip address in instead of the host name
0
 
compdigit44Author Commented:
I was able to revoke the certificate on my OWA server and reissue one with the common name being then internal ip since I have an ISA server..

Eveything is working now....
0
 
spiderwilk007Commented:
Good to hear you got everything working.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 10
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now