Posted on 2013-11-18
Medium Priority
Last Modified: 2013-12-15
Before we start I have a basic Administrative/Support understanding of Ex 2003/2007/2010

Environment Before Issue
1 x Ex 2003 OWA server (located at the DMZ) I know, not good - Front End
1 x 2003 Bridgehead server (Master)
4 x 2003 Mail Servers

Environment now
1 x 2003 Bridgehead server (Master) - Now the Front End - Firewall points directly to this server
4 x 2003 Mail Servers - no changes made
1 x Ex 2010 Hub/Cas Server - Introduced in view of migrating 2003 to 2010

What happened between the above Before & After
The OWA server was located at a COLO site hosting DMZ servers, we then move all DMZ servers including the OWA to a new site. Same COLO hosting services company and no internal/external IP changes necessary. I have since decommissioned the OWA server which is now not part of the Exchange environment.

WebMail was working fine before the move and then when I tested WebMail at the new site we received the HTTP 500 Error, Page cannot be displayed. All other DMZ servers are fine and Exchange internally and externally is fine, just WebMail failing.

Also, we have implemented a new Exchange 2010 server just before the DMZ move so that is currently in a status of coexistence and I have a couple of LIVE mailboxes migrated across and both users have full Active Sync and Web App services.

So long story short, 1,000 users on Ex 2003 have Active Sync services on their mobiles but no WebMail access. The best solution here would be to continue with the 2003 - 2010 migration as we know that works but that is going to take a few weeks so I need to provide WebMail services to 1,000 users via Ex 2003.

I have checked Virtual Directories, Firewall Rules and when other settings but happy to start again from ground zero and maybe cover the basics again as all mail services are functioning as they should be other than WebMail.

In advance thank you for your support.
Question by:CTCRM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39656227
Offering to pay for assistance outside of the site is against the rules of the site.

I presume you have checked the legacyURL configuration is correct on Exchange 2010? If so then the your problem is the server in the DMZ.

I would suggest that you build a new Frontend Exchange 2003 server that is inside the firewall. Then configure that with the legacy address, adjusting DNS etc as required. Then remove that server that is in the DMZ using add/remove programs.

OWA doesn't proxy, it redirects. ActiveSync goes over the proxy.


Author Comment

ID: 39656268
Hi Simon

The OWA server that was in the DMZ has been uninstalled from the Exchange environment and the firewall now points directly at the Ex Bridge Server which is now the Front End server.

Is the above a correct setup? And should I now configure the Bridge Server with the Legacy address?

If OWA redirects and the requests come straight in to the Bridge where does/should the Bridge redirect the requests to?
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39657993
All you have to do is get the traffic to the frontend server. Exchange 2003 then does the rest. Have you checked the frontend server is actually working correctly? You should be able to connect to it directly and access OWA. If that isn't happening then the problem is there.

The most common issue with frontend servers is a version mismatch between the frontend and the backend.

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 39659278
Hi Simon

I've managed to do the following:

running a web browser internally for webmail.domain.co.uk/exchweb/bin/auth.owalogon.asp provides me with the Outlook Web Access logon screen and

running a web browser externally for webmail.domain.co.uk/exchweb/bin/auth.owalogon.asp provides me with the Outlook Web Access logon screen.

However, when logging on using a test account with associates Ex2003 mailbox entering domain\username, and password, the OL Web Access logon screen just refreshes clearing the credentials from the fields.

Is this permissions and/or login settings at the properties of the owaauth.dll or owalogon.asp level?

Accepted Solution

CTCRM earned 0 total points
ID: 39659293
I'm not sure what authentication method settings should be set on the Front End Bridgehead server in terms of the ExchWeb>bin>auth>owaauth or owalogon!

Should I have 'Enable anonymous access' check box ticked, Integrated Windows authentication?

And also with regards to the owaauth.dll Properties>File (tab)> should I have the local resource pointing to 'The designated file', or, 'A redirection to a URL'?

I wouldn't have thought the Redirection to a URL should be used if the Bridgehead server is acting as a proxy for EX 2003 traffic.

Author Closing Comment

ID: 39719710

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question