Solved

OWA redirect issue

Posted on 2014-04-17
19
838 Views
Last Modified: 2014-07-15
We have 2 CAS servers, one for parentdomain and one for subdomain and we have been transitioning from 2003 to 2010. When trying to log into https://webmail.subdomain.com, a message comes up:

"A temporary change has occurred that requires you to connect to a different server. To connect, click the button below. For security reasons, you'll be asked to enter your user name and password again."

this then redirects them to https://webmail.parentdomain.com

I'm at a loss as to where the redirect is coming from as this causes not only OWA login issues for the subdomain, but also issues connecting with a mobile device.

Since all of the mailboxes have now been moved to 2010, the legacy redirect should in theory not affect the login unless I'm mistaken.

Has anyone seen this come up in a setup with multiple domains?
0
Comment
Question by:schnazzer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 8
19 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007124
Hello,

In EMC, expand Server Configuration - Client Access. Click on the CAS server you are connecting to then click on the Outlook Web App tab. Open the Properties page for the owa virtual directory. Make sure the external URL field contains https://webmail.subdomain.com/owa

-JJ
0
 

Author Comment

by:schnazzer
ID: 40007152
it does.. that's why I'm at a loss.

External for parentCAS   https://webmail.parentdomain.com/owa
external for subCAS        https://webmail.subdomain.com/owa

I'm also seeing similar behavior when setting up a mobile device with the subdomain. particularly on iPhone.. it seems to revert the server to webmail.parentdomain.com

scratching my head.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007173
Are both CAS servers in the same Active Directory site?

-JJ
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:schnazzer
ID: 40007182
no, each is in its own site.

there is only 1 mailbox server though.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007198
I'm assuming the mailbox server is in the same site as the parent CAS server. The client needs to connect to that CAS server to connect to the mailbox. The CAS server in the other site will redirect when the ExternalURL field is populated. If the ExternalURL field is blank the CAS server in the other site will proxy the connection instead, so delete the entry for the ExternalURL field and populate the internalURL field instead.

-JJ
0
 

Author Comment

by:schnazzer
ID: 40007251
yes, mailbox server is in the same site as parent CAS server.


OWA works fine if I use webmail.parentdomain.com

username:     subdomain\username

this method doesn't work with the mobile devices though it seems.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007257
All your mobile devices will need to go through the CAS server that is in the same site as the mailbox server. Is there a reason you would want them going through the other CAS server?

-JJ
0
 

Author Comment

by:schnazzer
ID: 40007261
If I had the subdomain server in the same site as the mailbox server, would this behavior go away?

the original 2003 servers were in the same site. They were also all in one boxes though which the 2010 servers are not.
0
 

Author Comment

by:schnazzer
ID: 40007273
in response to your previous question,

the reason they go through the subdomain CAS is partially for legacy reasons. that domain uses    subdomain.parentdomain.com for web and mail services, not parentdomain.com
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007286
I can understand why you would want to use a different URL for webmail but the user wouldn't even see the mail server name in their mobile device unless then went into the settings.

All the CAS servers in the same site need to share the same URLs.

-JJ
0
 

Author Comment

by:schnazzer
ID: 40007308
right now I have things set as you had suggested. for the subdomain, I have the external url blank..

it appears android phones work, but for iphone users, the settings I'm using are..

server:    webmail.parentdomain.com

Domain: blank

Username:  username@subdomain.parentdomain.com

this then accepts the settings but upon entering email, it fails to connect to the server.


webmail.parentdomain.com users have no issues.


I should note: I have tried various entries to get it to work. none seem to.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007320
Trying using the samaccount for the username and fill in the domain.

-JJ
0
 

Author Comment

by:schnazzer
ID: 40007321
I'm wondering, am I going to need to build a mailbox server for the subdomain site to get it to work properly?
0
 

Author Comment

by:schnazzer
ID: 40007326
I've tried just about every combination I could think of
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007334
Is the subdomain just an email subdomain or is this also an AD subdomain?

-JJ
0
 

Author Comment

by:schnazzer
ID: 40007350
It is a AD subdomain.  This is also the reason for the url
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40007359
I'm not sure why your setup works for your Android phones but not your iPhones. It should work for both.

-JJ
0
 

Author Comment

by:schnazzer
ID: 40007374
yeah, its really got me scratching my head.

the webmail url to parent domain we can live with... but something is funky with the subdomain.

I should note that when I enter the info on iPhone, it puts a checkmark next to each field.. as if it accepts the settings.

Its not until you try going into the mail account that I get the message that it is unable to connect to the server.
0
 
LVL 11

Accepted Solution

by:
hecgomrec earned 500 total points
ID: 40009991
Please make sure all your exchange servers are updated with the last roll up and all servers are the same version... no legacy.

Usually this error is presented when you try to access a mailbox using a legacy access point.  I think you are trying to access a mailbox that resides on a 2010 server using owa or activesync from a 2003 server.

If you try the opposite, you will get a different kind of error and you won't be able to get to the mailbox.

If you still want to have more than one CAS internet facing please read more here:

http://technet.microsoft.com/en-us/library/dd351198(v=exchg.141).aspx
http://technet.microsoft.com/en-us/library/bb310763.aspx
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question