Posted on 2013-11-18
Last Modified: 2013-12-15
Before we start I have a basic Administrative/Support understanding of Ex 2003/2007/2010

Environment Before Issue
1 x Ex 2003 OWA server (located at the DMZ) I know, not good - Front End
1 x 2003 Bridgehead server (Master)
4 x 2003 Mail Servers

Environment now
1 x 2003 Bridgehead server (Master) - Now the Front End - Firewall points directly to this server
4 x 2003 Mail Servers - no changes made
1 x Ex 2010 Hub/Cas Server - Introduced in view of migrating 2003 to 2010

What happened between the above Before & After
The OWA server was located at a COLO site hosting DMZ servers, we then move all DMZ servers including the OWA to a new site. Same COLO hosting services company and no internal/external IP changes necessary. I have since decommissioned the OWA server which is now not part of the Exchange environment.

WebMail was working fine before the move and then when I tested WebMail at the new site we received the HTTP 500 Error, Page cannot be displayed. All other DMZ servers are fine and Exchange internally and externally is fine, just WebMail failing.

Also, we have implemented a new Exchange 2010 server just before the DMZ move so that is currently in a status of coexistence and I have a couple of LIVE mailboxes migrated across and both users have full Active Sync and Web App services.

So long story short, 1,000 users on Ex 2003 have Active Sync services on their mobiles but no WebMail access. The best solution here would be to continue with the 2003 - 2010 migration as we know that works but that is going to take a few weeks so I need to provide WebMail services to 1,000 users via Ex 2003.

I have checked Virtual Directories, Firewall Rules and when other settings but happy to start again from ground zero and maybe cover the basics again as all mail services are functioning as they should be other than WebMail.

In advance thank you for your support.
Question by:CTCRM
  • 4
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39656227
Offering to pay for assistance outside of the site is against the rules of the site.

I presume you have checked the legacyURL configuration is correct on Exchange 2010? If so then the your problem is the server in the DMZ.

I would suggest that you build a new Frontend Exchange 2003 server that is inside the firewall. Then configure that with the legacy address, adjusting DNS etc as required. Then remove that server that is in the DMZ using add/remove programs.

OWA doesn't proxy, it redirects. ActiveSync goes over the proxy.


Author Comment

ID: 39656268
Hi Simon

The OWA server that was in the DMZ has been uninstalled from the Exchange environment and the firewall now points directly at the Ex Bridge Server which is now the Front End server.

Is the above a correct setup? And should I now configure the Bridge Server with the Legacy address?

If OWA redirects and the requests come straight in to the Bridge where does/should the Bridge redirect the requests to?
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39657993
All you have to do is get the traffic to the frontend server. Exchange 2003 then does the rest. Have you checked the frontend server is actually working correctly? You should be able to connect to it directly and access OWA. If that isn't happening then the problem is there.

The most common issue with frontend servers is a version mismatch between the frontend and the backend.

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.


Author Comment

ID: 39659278
Hi Simon

I've managed to do the following:

running a web browser internally for provides me with the Outlook Web Access logon screen and

running a web browser externally for provides me with the Outlook Web Access logon screen.

However, when logging on using a test account with associates Ex2003 mailbox entering domain\username, and password, the OL Web Access logon screen just refreshes clearing the credentials from the fields.

Is this permissions and/or login settings at the properties of the owaauth.dll or owalogon.asp level?

Accepted Solution

CTCRM earned 0 total points
ID: 39659293
I'm not sure what authentication method settings should be set on the Front End Bridgehead server in terms of the ExchWeb>bin>auth>owaauth or owalogon!

Should I have 'Enable anonymous access' check box ticked, Integrated Windows authentication?

And also with regards to the owaauth.dll Properties>File (tab)> should I have the local resource pointing to 'The designated file', or, 'A redirection to a URL'?

I wouldn't have thought the Redirection to a URL should be used if the Bridgehead server is acting as a proxy for EX 2003 traffic.

Author Closing Comment

ID: 39719710

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question