Link to home
Start Free TrialLog in
Avatar of xzay1967
xzay1967

asked on

Cannot log on to OWA 2010 from 2003

I am working on a 2003 to 2010 exchange migration. The site has a netscaler that handles the ssl offloading so I turned off ssl encryption on the internal urls for owa, ecp, oab, and exchange. I created a legacy url as such: set-owavirtualdirectory -exchange2003url "http:\\legacy.ghostriders.com/exchange -identity "cassserver\owa*" I can get to the owa logon screen fine, but when I enter the username and password of a user that still has a 2003 mailbox, I get the following error: Your request couldn’t be completed because no server with the correct security settings was found to handle the request. If the problem continues, contact your helpdesk. Sometimes I get to the screen and regardless of what credentials I put in, it is not accepted. I created a wildcard cert on the cas server, then imported it into the 2003 server. The error still happensl.
Avatar of Radweld
Radweld
Flag of United Kingdom of Great Britain and Northern Ireland image
Is your exchange 2003 server setup for secure https on owa? I think this happens whenyou redirect from secure to non secure or vise versa.
Avatar of xzay1967
xzay1967

ASKER

No it is not, the netscaler is doing SSL offloading. That means that the encryption is stripped before it hits the mail server. Because of the netscaler handling the ssl, i also turned off ssl on the 2010 servers, and also the virtual directory. The only thing not enabled on the 2003 server, is form based authentication.
Avatar of Radweld
Radweld
Flag of United Kingdom of Great Britain and Northern Ireland image
Remember it's a redirect, fba is needed for it to work. Does the certificate on yout firewall contain the URL your using for legacy redirect? If not the client will be attempting to make a connection to your legacy exchange 2003 front end server over https when the virtual directories are not configured to do so hence the error.
Avatar of xzay1967
xzay1967

ASKER

The company does not use fba. Is there a way around that, or would they HAVE to use fba until the complete switch over to 2010? As for the  redirect, I am only testing internal right now, so not going thru Netscaler.
ASKER CERTIFIED SOLUTION
Avatar of Radweld
Radweld
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of xzay1967
xzay1967

ASKER

Thanks Radweld. I am using a wildcard cert, and it is on 2010 and 2003 servers. However, I will double check the dns entry for the legacy url.
SOLUTION
Avatar of Radweld
Radweld
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial