Posted on 2013-11-18
Last Modified: 2013-12-15
Before we start I have a basic Administrative/Support understanding of Ex 2003/2007/2010

Environment Before Issue
1 x Ex 2003 OWA server (located at the DMZ) I know, not good - Front End
1 x 2003 Bridgehead server (Master)
4 x 2003 Mail Servers

Environment now
1 x 2003 Bridgehead server (Master) - Now the Front End - Firewall points directly to this server
4 x 2003 Mail Servers - no changes made
1 x Ex 2010 Hub/Cas Server - Introduced in view of migrating 2003 to 2010

What happened between the above Before & After
The OWA server was located at a COLO site hosting DMZ servers, we then move all DMZ servers including the OWA to a new site. Same COLO hosting services company and no internal/external IP changes necessary. I have since decommissioned the OWA server which is now not part of the Exchange environment.

WebMail was working fine before the move and then when I tested WebMail at the new site we received the HTTP 500 Error, Page cannot be displayed. All other DMZ servers are fine and Exchange internally and externally is fine, just WebMail failing.

Also, we have implemented a new Exchange 2010 server just before the DMZ move so that is currently in a status of coexistence and I have a couple of LIVE mailboxes migrated across and both users have full Active Sync and Web App services.

So long story short, 1,000 users on Ex 2003 have Active Sync services on their mobiles but no WebMail access. The best solution here would be to continue with the 2003 - 2010 migration as we know that works but that is going to take a few weeks so I need to provide WebMail services to 1,000 users via Ex 2003.

I have checked Virtual Directories, Firewall Rules and when other settings but happy to start again from ground zero and maybe cover the basics again as all mail services are functioning as they should be other than WebMail.

In advance thank you for your support.
Question by:CTCRM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39656227
Offering to pay for assistance outside of the site is against the rules of the site.

I presume you have checked the legacyURL configuration is correct on Exchange 2010? If so then the your problem is the server in the DMZ.

I would suggest that you build a new Frontend Exchange 2003 server that is inside the firewall. Then configure that with the legacy address, adjusting DNS etc as required. Then remove that server that is in the DMZ using add/remove programs.

OWA doesn't proxy, it redirects. ActiveSync goes over the proxy.


Author Comment

ID: 39656268
Hi Simon

The OWA server that was in the DMZ has been uninstalled from the Exchange environment and the firewall now points directly at the Ex Bridge Server which is now the Front End server.

Is the above a correct setup? And should I now configure the Bridge Server with the Legacy address?

If OWA redirects and the requests come straight in to the Bridge where does/should the Bridge redirect the requests to?
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39657993
All you have to do is get the traffic to the frontend server. Exchange 2003 then does the rest. Have you checked the frontend server is actually working correctly? You should be able to connect to it directly and access OWA. If that isn't happening then the problem is there.

The most common issue with frontend servers is a version mismatch between the frontend and the backend.

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 39659278
Hi Simon

I've managed to do the following:

running a web browser internally for provides me with the Outlook Web Access logon screen and

running a web browser externally for provides me with the Outlook Web Access logon screen.

However, when logging on using a test account with associates Ex2003 mailbox entering domain\username, and password, the OL Web Access logon screen just refreshes clearing the credentials from the fields.

Is this permissions and/or login settings at the properties of the owaauth.dll or owalogon.asp level?

Accepted Solution

CTCRM earned 0 total points
ID: 39659293
I'm not sure what authentication method settings should be set on the Front End Bridgehead server in terms of the ExchWeb>bin>auth>owaauth or owalogon!

Should I have 'Enable anonymous access' check box ticked, Integrated Windows authentication?

And also with regards to the owaauth.dll Properties>File (tab)> should I have the local resource pointing to 'The designated file', or, 'A redirection to a URL'?

I wouldn't have thought the Redirection to a URL should be used if the Bridgehead server is acting as a proxy for EX 2003 traffic.

Author Closing Comment

ID: 39719710

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question