Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 858
  • Last Modified:

Exchange 2003-2010 OWA logon

I'm in the transition period from Exchange 2003-2010 and having dome trouble with OWA logon for users with mailboxes on 2010 not 2003.

I have the legacy hostname A record setup in external and internal DNS and it works fine and when users go to https://webmail.domainname.com they are redirected to the 2003 OWA no problem from the 2010 OWA logon page. (you can see the legacy domainname in the url being redirected).
When a user who has a mailbox on 2010 however uses the same link nothing happens, they are presented with the 2010 OWA logon and when they try to logon the screen just freezes - nothing.

I have the internal firewall pointing https and mail to the new 2010 Exchange server. I also have redirrection on OWA so when a users types in https://webmail.domainname.com they are redirected to https://webmail.domainname.com/owa

Listed below are the steps from MS I took:

http://technet.microsoft.com/en-us/library/ee332348.aspx

How to verify the legacy host name can be accessed from the Internet

From outside your firewall, using your specific domain name instead of contoso, perform the following steps:

Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on an Exchange 2010 server. Failed

Navigate to https://legacy.contoso.com/exchange, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server. Success

Navigate to https://mail.contoso.com/owa, and verify that you can access Outlook Web App for a user whose mailbox is on a legacy Exchange server. Success

Also, users with mailboxes on Exchange 2003 and 2010 cannot connect using RPC\HTTP when I point mail in the firewall to the new Exchange 2010 server. When I point it back to the Exchange 2003 server then users with mailboxes on 2003 can use RPC\HTTP but 2010 users still cannot.

What went wrong with the configuration?
0
tolinrome
Asked:
tolinrome
  • 5
  • 5
  • 3
  • +1
1 Solution
 
abhijitmdpCommented:
The best way of configuring OWA in a mixed environment is to populate Exchange 2010 OWA to all internal and external firewall, and make a redirection at OWA configuration for exchange 2003 users, if any exchange users will try to login they will get the exchange 2010 OWA but after user name and password they will be redirected to exchange 2003 OWA page, for this you'll need to follow below:
1. Create separate internal and external DNS for Exchange 2010 OWA.
2. Configure Firewalls for the same.
3. Configure External and internal URLs for OWA from CAS server, OWA properties.
4. Run below cmdlet to configure exchange 2010 to 2003 OWA redirection in exchange management shell:
Set-OWAVirtualDirectory -identity E2K10CASHUB\OWA* -ExternalURL https://mail.corporation.com/OWA -Exchange2003URL https://email.corporation.com/exchange

Change the link names as per your environment.

For referance you can also check below MS article:
http://technet.microsoft.com/en-us/library/dd298140.aspx

0
 
abhijitmdpCommented:
One more recommendation:
Update your exchange server with latest windows update and exchange patches before applying above steps, i know this seems meaningless but lotz of security updates are required if you are making external connections to your exchange, this is a best practice.

-
0
 
AkhaterCommented:
Tell me one thing how did you do the redirection between webmail.domain.com and webmail.domain.com/owa ?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
tolinromeAuthor Commented:
On the 2010 Server in IIS on the owa virtual directory I used redirection (HTTP Redirect icon). The redirection is working fine. All users see the 2010 OWA and when 2003 mailbox users login they are redirected using the legacy host name.
When 2010 users login nothing happens ..

Used this blog fo rth eredirection:

http://briandesmond.com/blog/redirecting-owa-urls-in-exchange-2010/

firewall is now configured where mail.domainname.com IP is pointing to Exchange 2010 server (using https)
0
 
AkhaterCommented:
guess this is the issue, i hate this method of redirection

please run the below and try again owa

Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -LogonAndErrorLanguage 1033
Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -DefaultClientLanguage 1033
0
 
e_aravindCommented:
If you have just E2010 and E2k3 servers in your setup.

> Check if you have the FBA enabled on the E2k3 servers?
If not should you try and configure the same on the E2k3 servers

Reference:
(around point #5: Installing Exchange 2010 )
You must enable forms-based authentication on the Exchange 2003 front-end server to allow your users to access their mailboxes through a single sign-on during the coexistence period.

Upgrade from Exchange 2003 Client Access
http://technet.microsoft.com/en-us/library/ee332348(EXCHG.140).aspx
0
 
AkhaterCommented:
@e_aravind redirection from 2003 to 2010 is working his issue is with 2010 mailboxes
0
 
e_aravindCommented:
My bad...missed it completely

Then, i would double check if the "Exchange related services" are up and running or not.
(one of the impartant would be "MSExchangeFBA")

Need to check the response @ Browser and the IIS logs to plan\proceed further

Authentication:
==========
> on the default iisstart.htm or welcome.png....configure those files with the basic-authentication configure...confirm if those files are accessible without any issues

>> Just in case if we remove the redirection...do we have any success?
0
 
tolinromeAuthor Commented:
yes, MSExchangeFBA services are running and redirection is working as mentioned.
This is the situation:

all users who go to webmail.domain.com are directed to 2010 owa and 2003 mailbox users login and are redirected (with legacy URL) to their 2003 owa mailbox. 2010 mailbox users are redirected as well (because of the redirection url) but since their mailboxes are obviously on 2010 the screen just freezes. ( I thought 2010 would know that since it's a 2010 mailbox user it wouldnt direct them, guess not).

On Exchange 2010 in IIS requests for https://webmail.domain.com and redirected to https://webmail.domain.com/owa.

Even when I point the mail.domain.com and webmail.domain.com IP to the 2010 server in the firewall 2010 mailbox users still cannot logon to owa (I suspect this is also because of redirection, I dont know).

I'm trying to have everything seamless where both 2003 and 2010 mailbox users can use webmail.domain.com for owa and mail.domain.com for RPC\HTTP.
If I have to add another URL for 2010 users for these services then it's going to be confusing to tell people to use different URL's for the same service.

Currently webmail.domain.com is for owa and mail.domain.com is for rpc\http.
0
 
e_aravindCommented:
Do you have redirection configured for the folder /owa

e.g
Default web site can redirect the request to https://webmail.domain.com/owa.

But if the "Default Web Site\OWA" is redirecting the requests to https://webmail.domain.com/owa.

.....then i would prefer to clean-up the redirection configuration atleast @ the "Default Web Site\OWA" location
0
 
tolinromeAuthor Commented:
yes for the /owa virtual directory and the default website I have redirect requests to this destination: https://webmail.domain.com/owa

How do you sugest I clean it up? Is this what is causing the problem?
0
 
AkhaterCommented:
I told you from the start the redirection is causing your issue, did you simply try to run
Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -LogonAndErrorLanguage 1033
Set-OwaVirtualDirectory -identity "Owa (Default Web Site)" -DefaultClientLanguage 1033
0
 
tolinromeAuthor Commented:
Hi Akhater,
No I didnt try that yet. Why? Because I need to know how to go back in case it does something. Will it effect 2003 users?
0
 
AkhaterCommented:
it will not affect 2003 users and it just set the default language of owa to english
0
 
tolinromeAuthor Commented:
Ok, I did the commands and although it completed successfully and said that nothing was modified, I can now logon to OWA 2010 with a 2010 mailbox user!!! Although everytime I click on a message to open it I receive anerror that says "An unexpected error occcurred and your request couldnt be handled".

Good job!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now