tolinrome
asked on
Exchange 2003-2010 OWA logon
I'm in the transition period from Exchange 2003-2010 and having dome trouble with OWA logon for users with mailboxes on 2010 not 2003.
I have the legacy hostname A record setup in external and internal DNS and it works fine and when users go to https://webmail.domainname.com they are redirected to the 2003 OWA no problem from the 2010 OWA logon page. (you can see the legacy domainname in the url being redirected).
When a user who has a mailbox on 2010 however uses the same link nothing happens, they are presented with the 2010 OWA logon and when they try to logon the screen just freezes - nothing.
I have the internal firewall pointing https and mail to the new 2010 Exchange server. I also have redirrection on OWA so when a users types in https://webmail.domainname.com they are redirected to https://webmail.domainname.com/owa
Listed below are the steps from MS I took:
http://technet.microsoft.com/en-us/library/ee332348.aspx
How to verify the legacy host name can be accessed from the Internet
From outside your firewall, using your specific domain name instead of contoso, perform the following steps:
Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on an Exchange 2010 server. Failed
Navigate to https://legacy.contoso.com/exchange, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server. Success
Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server. Success
Also, users with mailboxes on Exchange 2003 and 2010 cannot connect using RPC\HTTP when I point mail in the firewall to the new Exchange 2010 server. When I point it back to the Exchange 2003 server then users with mailboxes on 2003 can use RPC\HTTP but 2010 users still cannot.
What went wrong with the configuration?
I have the legacy hostname A record setup in external and internal DNS and it works fine and when users go to https://webmail.domainname.com they are redirected to the 2003 OWA no problem from the 2010 OWA logon page. (you can see the legacy domainname in the url being redirected).
When a user who has a mailbox on 2010 however uses the same link nothing happens, they are presented with the 2010 OWA logon and when they try to logon the screen just freezes - nothing.
I have the internal firewall pointing https and mail to the new 2010 Exchange server. I also have redirrection on OWA so when a users types in https://webmail.domainname.com they are redirected to https://webmail.domainname.com/owa
Listed below are the steps from MS I took:
http://technet.microsoft.com/en-us/library/ee332348.aspx
How to verify the legacy host name can be accessed from the Internet
From outside your firewall, using your specific domain name instead of contoso, perform the following steps:
Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on an Exchange 2010 server. Failed
Navigate to https://legacy.contoso.com/exchange, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server. Success
Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server. Success
Also, users with mailboxes on Exchange 2003 and 2010 cannot connect using RPC\HTTP when I point mail in the firewall to the new Exchange 2010 server. When I point it back to the Exchange 2003 server then users with mailboxes on 2003 can use RPC\HTTP but 2010 users still cannot.
What went wrong with the configuration?
One more recommendation:
Update your exchange server with latest windows update and exchange patches before applying above steps, i know this seems meaningless but lotz of security updates are required if you are making external connections to your exchange, this is a best practice.
-
Update your exchange server with latest windows update and exchange patches before applying above steps, i know this seems meaningless but lotz of security updates are required if you are making external connections to your exchange, this is a best practice.
-
Tell me one thing how did you do the redirection between webmail.domain.com and webmail.domain.com/owa ?
ASKER
On the 2010 Server in IIS on the owa virtual directory I used redirection (HTTP Redirect icon). The redirection is working fine. All users see the 2010 OWA and when 2003 mailbox users login they are redirected using the legacy host name.
When 2010 users login nothing happens ..
Used this blog fo rth eredirection:
http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/
firewall is now configured where mail.domainname.com IP is pointing to Exchange 2010 server (using https)
When 2010 users login nothing happens ..
Used this blog fo rth eredirection:
http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/
firewall is now configured where mail.domainname.com IP is pointing to Exchange 2010 server (using https)
guess this is the issue, i hate this method of redirection
please run the below and try again owa
Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -LogonAndErrorLanguage 1033
Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -DefaultClientLanguage 1033
please run the below and try again owa
Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -LogonAndErrorLanguage 1033
Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -DefaultClientLanguage 1033
If you have just E2010 and E2k3 servers in your setup.
> Check if you have the FBA enabled on the E2k3 servers?
If not should you try and configure the same on the E2k3 servers
Reference:
(around point #5: Installing Exchange 2010 )
You must enable forms-based authentication on the Exchange 2003 front-end server to allow your users to access their mailboxes through a single sign-on during the coexistence period.
Upgrade from Exchange 2003 Client Access
http://technet.microsoft.com/en-us/library/ee332348(EXCHG.140).aspx
> Check if you have the FBA enabled on the E2k3 servers?
If not should you try and configure the same on the E2k3 servers
Reference:
(around point #5: Installing Exchange 2010 )
You must enable forms-based authentication on the Exchange 2003 front-end server to allow your users to access their mailboxes through a single sign-on during the coexistence period.
Upgrade from Exchange 2003 Client Access
http://technet.microsoft.com/en-us/library/ee332348(EXCHG.140).aspx
@e_aravind redirection from 2003 to 2010 is working his issue is with 2010 mailboxes
My bad...missed it completely
Then, i would double check if the "Exchange related services" are up and running or not.
(one of the impartant would be "MSExchangeFBA")
Need to check the response @ Browser and the IIS logs to plan\proceed further
Authentication:
==========
> on the default iisstart.htm or welcome.png....configure those files with the basic-authentication configure...confirm if those files are accessible without any issues
>> Just in case if we remove the redirection...do we have any success?
Then, i would double check if the "Exchange related services" are up and running or not.
(one of the impartant would be "MSExchangeFBA")
Need to check the response @ Browser and the IIS logs to plan\proceed further
Authentication:
==========
> on the default iisstart.htm or welcome.png....configure those files with the basic-authentication configure...confirm if those files are accessible without any issues
>> Just in case if we remove the redirection...do we have any success?
ASKER
yes, MSExchangeFBA services are running and redirection is working as mentioned.
This is the situation:
all users who go to webmail.domain.com are directed to 2010 owa and 2003 mailbox users login and are redirected (with legacy URL) to their 2003 owa mailbox. 2010 mailbox users are redirected as well (because of the redirection url) but since their mailboxes are obviously on 2010 the screen just freezes. ( I thought 2010 would know that since it's a 2010 mailbox user it wouldnt direct them, guess not).
On Exchange 2010 in IIS requests for https://webmail.domain.com and redirected to https://webmail.domain.com/owa.
Even when I point the mail.domain.com and webmail.domain.com IP to the 2010 server in the firewall 2010 mailbox users still cannot logon to owa (I suspect this is also because of redirection, I dont know).
I'm trying to have everything seamless where both 2003 and 2010 mailbox users can use webmail.domain.com for owa and mail.domain.com for RPC\HTTP.
If I have to add another URL for 2010 users for these services then it's going to be confusing to tell people to use different URL's for the same service.
Currently webmail.domain.com is for owa and mail.domain.com is for rpc\http.
This is the situation:
all users who go to webmail.domain.com are directed to 2010 owa and 2003 mailbox users login and are redirected (with legacy URL) to their 2003 owa mailbox. 2010 mailbox users are redirected as well (because of the redirection url) but since their mailboxes are obviously on 2010 the screen just freezes. ( I thought 2010 would know that since it's a 2010 mailbox user it wouldnt direct them, guess not).
On Exchange 2010 in IIS requests for https://webmail.domain.com and redirected to https://webmail.domain.com/owa.
Even when I point the mail.domain.com and webmail.domain.com IP to the 2010 server in the firewall 2010 mailbox users still cannot logon to owa (I suspect this is also because of redirection, I dont know).
I'm trying to have everything seamless where both 2003 and 2010 mailbox users can use webmail.domain.com for owa and mail.domain.com for RPC\HTTP.
If I have to add another URL for 2010 users for these services then it's going to be confusing to tell people to use different URL's for the same service.
Currently webmail.domain.com is for owa and mail.domain.com is for rpc\http.
Do you have redirection configured for the folder /owa
e.g
Default web site can redirect the request to https://webmail.domain.com/owa.
But if the "Default Web Site\OWA" is redirecting the requests to https://webmail.domain.com/owa.
.....then i would prefer to clean-up the redirection configuration atleast @ the "Default Web Site\OWA" location
e.g
Default web site can redirect the request to https://webmail.domain.com/owa.
But if the "Default Web Site\OWA" is redirecting the requests to https://webmail.domain.com/owa.
.....then i would prefer to clean-up the redirection configuration atleast @ the "Default Web Site\OWA" location
ASKER
yes for the /owa virtual directory and the default website I have redirect requests to this destination: https://webmail.domain.com/owa
How do you sugest I clean it up? Is this what is causing the problem?
How do you sugest I clean it up? Is this what is causing the problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Akhater,
No I didnt try that yet. Why? Because I need to know how to go back in case it does something. Will it effect 2003 users?
No I didnt try that yet. Why? Because I need to know how to go back in case it does something. Will it effect 2003 users?
it will not affect 2003 users and it just set the default language of owa to english
ASKER
Ok, I did the commands and although it completed successfully and said that nothing was modified, I can now logon to OWA 2010 with a 2010 mailbox user!!! Although everytime I click on a message to open it I receive anerror that says "An unexpected error occcurred and your request couldnt be handled".
Good job!
Good job!
1. Create separate internal and external DNS for Exchange 2010 OWA.
2. Configure Firewalls for the same.
3. Configure External and internal URLs for OWA from CAS server, OWA properties.
4. Run below cmdlet to configure exchange 2010 to 2003 OWA redirection in exchange management shell:
Set-OWAVirtualDirectory -identity E2K10CASHUB\OWA* -ExternalURL https://mail.corporation.com/OWA -Exchange2003URL https://email.corporation.com/exchange
Change the link names as per your environment.
For referance you can also check below MS article:
http://technet.microsoft.com/en-us/library/dd298140.aspx