Solved

OWA redirect issue

Posted on 2014-04-17
19
738 Views
Last Modified: 2014-07-15
We have 2 CAS servers, one for parentdomain and one for subdomain and we have been transitioning from 2003 to 2010. When trying to log into https://webmail.subdomain.com, a message comes up:

"A temporary change has occurred that requires you to connect to a different server. To connect, click the button below. For security reasons, you'll be asked to enter your user name and password again."

this then redirects them to https://webmail.parentdomain.com

I'm at a loss as to where the redirect is coming from as this causes not only OWA login issues for the subdomain, but also issues connecting with a mobile device.

Since all of the mailboxes have now been moved to 2010, the legacy redirect should in theory not affect the login unless I'm mistaken.

Has anyone seen this come up in a setup with multiple domains?
0
Comment
Question by:schnazzer
  • 10
  • 8
19 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
Hello,

In EMC, expand Server Configuration - Client Access. Click on the CAS server you are connecting to then click on the Outlook Web App tab. Open the Properties page for the owa virtual directory. Make sure the external URL field contains https://webmail.subdomain.com/owa

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
it does.. that's why I'm at a loss.

External for parentCAS   https://webmail.parentdomain.com/owa
external for subCAS        https://webmail.subdomain.com/owa

I'm also seeing similar behavior when setting up a mobile device with the subdomain. particularly on iPhone.. it seems to revert the server to webmail.parentdomain.com

scratching my head.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
Are both CAS servers in the same Active Directory site?

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
no, each is in its own site.

there is only 1 mailbox server though.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
I'm assuming the mailbox server is in the same site as the parent CAS server. The client needs to connect to that CAS server to connect to the mailbox. The CAS server in the other site will redirect when the ExternalURL field is populated. If the ExternalURL field is blank the CAS server in the other site will proxy the connection instead, so delete the entry for the ExternalURL field and populate the internalURL field instead.

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
yes, mailbox server is in the same site as parent CAS server.


OWA works fine if I use webmail.parentdomain.com

username:     subdomain\username

this method doesn't work with the mobile devices though it seems.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
All your mobile devices will need to go through the CAS server that is in the same site as the mailbox server. Is there a reason you would want them going through the other CAS server?

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
If I had the subdomain server in the same site as the mailbox server, would this behavior go away?

the original 2003 servers were in the same site. They were also all in one boxes though which the 2010 servers are not.
0
 

Author Comment

by:schnazzer
Comment Utility
in response to your previous question,

the reason they go through the subdomain CAS is partially for legacy reasons. that domain uses    subdomain.parentdomain.com for web and mail services, not parentdomain.com
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
I can understand why you would want to use a different URL for webmail but the user wouldn't even see the mail server name in their mobile device unless then went into the settings.

All the CAS servers in the same site need to share the same URLs.

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
right now I have things set as you had suggested. for the subdomain, I have the external url blank..

it appears android phones work, but for iphone users, the settings I'm using are..

server:    webmail.parentdomain.com

Domain: blank

Username:  username@subdomain.parentdomain.com

this then accepts the settings but upon entering email, it fails to connect to the server.


webmail.parentdomain.com users have no issues.


I should note: I have tried various entries to get it to work. none seem to.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
Trying using the samaccount for the username and fill in the domain.

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
I'm wondering, am I going to need to build a mailbox server for the subdomain site to get it to work properly?
0
 

Author Comment

by:schnazzer
Comment Utility
I've tried just about every combination I could think of
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
Is the subdomain just an email subdomain or is this also an AD subdomain?

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
It is a AD subdomain.  This is also the reason for the url
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
I'm not sure why your setup works for your Android phones but not your iPhones. It should work for both.

-JJ
0
 

Author Comment

by:schnazzer
Comment Utility
yeah, its really got me scratching my head.

the webmail url to parent domain we can live with... but something is funky with the subdomain.

I should note that when I enter the info on iPhone, it puts a checkmark next to each field.. as if it accepts the settings.

Its not until you try going into the mail account that I get the message that it is unable to connect to the server.
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
Comment Utility
Please make sure all your exchange servers are updated with the last roll up and all servers are the same version... no legacy.

Usually this error is presented when you try to access a mailbox using a legacy access point.  I think you are trying to access a mailbox that resides on a 2010 server using owa or activesync from a 2003 server.

If you try the opposite, you will get a different kind of error and you won't be able to get to the mailbox.

If you still want to have more than one CAS internet facing please read more here:

http://technet.microsoft.com/en-us/library/dd351198(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/bb310763.aspx
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now