Link to home
Start Free TrialLog in
Avatar of Terellion
TerellionFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Exchange 2007 Coexistence with 2013

Hi there,

Hope you can help,

Currently we have 2 2007 Exchange Servers (Both have CAS and Mailbox installed) and the URL for these are https://mail01.domain.local and https://mail02.domain.local. We can connect via OWA to any of those URL's with a 2007 mailbox..

Now we have 6 2013 Exchange servers, 3 CAS and 3 Mailbox.. NLB is set up for the CAS Array and all of the CAS servers use https://cas.domain.local as their OWA address.. is there a way we can set up all the 2007 mailboxes to use https://cas.domain.local as their OWA address and then redirects to either mail01 or mail02 if that makes sense?

We want to be able to sync mobile devices to either environment also...

Thanks :)
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

There is no CAS Array on Exchange 2013, so whatever you think you have done with regards to a CAS Array should be undone.

Exchange 2007 mailboxes take their OWA address from the address configured on the server. That needs to be different to Exchange 2013 address, so to answer your question, no it is not possible to configure the 2007 mailboxes to announce their OWA address as the Exchange 2013 environment.

However there is nothing to stop the end users from entering an Exchange 2013 OWA address. As long as you have the URLs and authentication types set correctly, then Exchange will redirect them to the correct place.

ActiveSync is much easier as that can proxy across to 2007 - just remove the external URL configuration from the 2007 servers ActiveSync virtual directory.

Simon.
Avatar of Terellion

ASKER

Hi Simon,

I have configured all the Virtual Directory URL's for the 2013 CAS servers to be cas.domain.local and they all work fine? a DNS record called CAS exists which points to the NLB virtual address (think I may of explained CAS Array wrong, 3 CAS servers with 2 NIC's each, 1 for MAPI and 1 for NLB).

The Authentication types for the OWA and ECP directories are identical on both 2007 and 2013 environment so not sure why it isn't redirecting to the 2007 environment?
When you install Exchange 2013 co-existence with 2007 or 2010, out of the box it should auto redirect without any issues. So something has been configured improperly for this to happen.

Based on what your current setup i see a few issues...
- 2013 CAS should not have a 2 NIC's one for MAPI and NLB ( you should only have 1 NIC on each server and have that IP assigned to the NLB, you are probably getting confused with a DAG setup where you have a MAPI and Replicaiton Networks)

- 2007 CAS servers should not have different Internal URL's if the CAS servers are in the same active directory site. These servers are now dependant on each other because they are not load balanced. If you lose one of your 2007 CAS servers AD will continue to send requests to the CAS server that is also offline.

Also as Simon stated you only need to configure Autodiscover URI using the same URL for both environments. You can test this using https://testconnectivity.microsoft.com/ or right click the Outlook icon in the system tray and then select "Test Email Auto Configuration"

Select the autodiscover test and see what your clients are pointing to for AutoDiscover.

Will.
Hi Will,

Thats really good to know, I read a couple of posts where it mentioned the CAS servers having 2 NIC's also thats all, but thats fine I can remove the other NIC's just leaving the NLB ones on there.

When I ran autodiscover test it says attempting URL https://mail-01.domain.local/autodiscover/autodiscover.xml found through SCP

Then it says Autodiscover URL redirection to https://cas.domain.local/autodiscover/autodiscover.xml

The 2 2007 servers have always had different internal URL's but still work fine, like I said with a 2007 mailbox I can do https://mail01/owa or https://mail02/owa and they both work.

Thanks
run

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

The result that comes back should be identical across all servers. If it is not, then set it identically.

Did you test things before implementing NLB? If not, then that was the first error. You should always test all Exchange functionality because NLB can cause a lot of problems. I will keep kicking Windows NLB because it is an awful tool to use, no place in a production Exchange environment.

Simon.
Will this not cause issues for our 2007 clients though if I set them all to https://cas.domain.local as CAS is the DNS record for the 2013 NLB?

MAIL01 and MAIL02 are the 2007 servers

Identity                                                                             AutoDiscoverServiceInternalUri                                                      
--------                                                                             ------------------------------                                                      
MAIL01                                                                            https://mail01.domain.local/autodiscover/autodiscover.xml                          
MAIL02                                                                             https://mail02.domain.local/Autodiscover/Autodiscover.xml                         
CAS-01                                                                               https://cas.domain.local/Autodiscover/Autodiscover.xml                           
CAS-02                                                                               https://cas.domain.local/Autodiscover/Autodiscover.xml                           
CAS-03                                                                               https://cas.domain.local/Autodiscover/Autodiscover.xml
You do not use different AudodiscoverURi's for Exchange in a co-existence. You need to have them both set to the same values.

Will.
So the Exchange 2007 clients won't get any password prompts or anything if I change this?
By having different URLs set at present, the URL published to the domain keeps changing. Only one URL can be present per AD site at any one time. Therefore Exchange 2013 users could be sent to one of the Exchange 2007 servers for their information.

By changing the URL, all clients will access Exchange 2013 for Autodiscover - no prompts from any clients will be returned and it will work correctly.

Simon.
You can have them either set to the same vaule or you can set the Exchange 2007 to $null and it will use Exchange 2013 Autodiscover to find and correct to the users mailbox.

Will.
Thanks, 1 more question then... if I was to do a Connection Status on a mailbox that was on 2007 but the autodiscover was pointing to the 2013 environment would this still work?

Also we are using NTLM for 2013 but 2007 is set to Negotiate at present... we have XP machines also which I understand won't work with 2013 so will this make any difference?
No this should not make a difference. Autodiscover is an availability service that points your clients to the correct server/s to access their mailbox. Thats what it is there for. You should not run into any issues using NTLM and Negotiate. Just make sure that your authentication on the Server side is also using NTLM and you will be fine.

Will.
Negotiate is for the 2007 exchange environment and NTLM is on for the 2013 environment, so you think this should still be okay?
When you are uisng Negotiate it will select between NTLM or Kerberos (whatever it is configured on the back end).

If the clients are configured with NTLM and you have a different authentication type this is where it fails.

Will.
The clients are just configured using autodiscover so guessing thats where the Negotiate comes from, so this will still be fine then even though we have XP clients?
I'm getting the following error when trying to access 2013 OWA from 2007.

Outlook Web Access is currently unavailable. If the problem continues, contact technical support for your organization and tell them the following: No Client Access servers of the appropriate version can be accessed from the Internet

Must be something else that isn't configured correctly for OWA to redirect to the correct server
For OWA, you need to ensure that the external URL is configured correctly. It needs to be unique to Exchange 2007. Test it from outside, you should be able to access the Exchange 2007 directly. if that doesn't work, then redirection will not work either.

Simon.
We don't have anything set up for external as we don't allow anyone externally to access OWA, so it's just the redirect between 2007 and 2013 that I need to get my head round...
The same goes for internal.
The internal URL needs to be different, and resolve to the correct place.
You should be able to access both servers directly.

Simon.
Redirection should happen automatically, there should be nothing to confiugre. What happens when someone with a mailbox on Exchange 2007 uses the OWA link for 2013? It should auto re-direct by design.

Have you power cycled the Exchange Servers? Or made sure that all of the services and App Pools are stated? Also checking the event viewer as well to see if there are any issues regarding redirection.

Will.
If I sign into 2013 OWA with a 2007 mailbox it comes up with a blank page and the URL it goes to is:

https://cas.domain.local/owa/?bO=1

Had a look in event viewer and it comes up with:

[RpcHttp] Marking ClientAccess 2010 server MAIL01.domain.local (https://mail01.domain.local/rpc/rpcproxy.dll) as unhealthy due to exception: System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)

Not sure why it says MAIL01 is a 2010 server when it is a 2007 server...
Those are two different things - completely unrelated.
RPC Proxy is Outlook Anywhere. You will need to enable that on your Exchange 2007 server if you are intending to proxy Outlook Anywhere traffic through the server.

You definitely have two different URLs - something different on Exchange 2007 and 2010?
The authentication is set the same (it should be FBA if you want it to be silent).

Simon.
Hi Simon,

Thanks for all the replies by the way much appreciate it :)

I need to enable Outlook anywhere on 2007 even though this is for OWA?

Have 2 different URL's for OWA yep but thought it would of redirected, authentication is set as Windows and Basic to mirror what 2007 is currently set up as.

Hope this helps.
SOLUTION
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Simon, we need to enable FBA on both 2013 and 2007? So there is no way it can re-route from 2013 to 2007 using windows or basic authentication?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Simon,

I think I actually love you a little bit! HAHA FBA has done the trick!!!!!!!!! AMAZING! Thank you so much!!!