Exchange 2007 Coexistence with 2013

Hi there,

Hope you can help,

Currently we have 2 2007 Exchange Servers (Both have CAS and Mailbox installed) and the URL for these are https://mail01.domain.local and https://mail02.domain.local. We can connect via OWA to any of those URL's with a 2007 mailbox..

Now we have 6 2013 Exchange servers, 3 CAS and 3 Mailbox.. NLB is set up for the CAS Array and all of the CAS servers use https://cas.domain.local as their OWA address.. is there a way we can set up all the 2007 mailboxes to use https://cas.domain.local as their OWA address and then redirects to either mail01 or mail02 if that makes sense?

We want to be able to sync mobile devices to either environment also...

Thanks :)
TerellionAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
There is no CAS Array on Exchange 2013, so whatever you think you have done with regards to a CAS Array should be undone.

Exchange 2007 mailboxes take their OWA address from the address configured on the server. That needs to be different to Exchange 2013 address, so to answer your question, no it is not possible to configure the 2007 mailboxes to announce their OWA address as the Exchange 2013 environment.

However there is nothing to stop the end users from entering an Exchange 2013 OWA address. As long as you have the URLs and authentication types set correctly, then Exchange will redirect them to the correct place.

ActiveSync is much easier as that can proxy across to 2007 - just remove the external URL configuration from the 2007 servers ActiveSync virtual directory.

Simon.
0
TerellionAuthor Commented:
Hi Simon,

I have configured all the Virtual Directory URL's for the 2013 CAS servers to be cas.domain.local and they all work fine? a DNS record called CAS exists which points to the NLB virtual address (think I may of explained CAS Array wrong, 3 CAS servers with 2 NIC's each, 1 for MAPI and 1 for NLB).

The Authentication types for the OWA and ECP directories are identical on both 2007 and 2013 environment so not sure why it isn't redirecting to the 2007 environment?
0
Will SzymkowskiSenior Solution ArchitectCommented:
When you install Exchange 2013 co-existence with 2007 or 2010, out of the box it should auto redirect without any issues. So something has been configured improperly for this to happen.

Based on what your current setup i see a few issues...
- 2013 CAS should not have a 2 NIC's one for MAPI and NLB ( you should only have 1 NIC on each server and have that IP assigned to the NLB, you are probably getting confused with a DAG setup where you have a MAPI and Replicaiton Networks)

- 2007 CAS servers should not have different Internal URL's if the CAS servers are in the same active directory site. These servers are now dependant on each other because they are not load balanced. If you lose one of your 2007 CAS servers AD will continue to send requests to the CAS server that is also offline.

Also as Simon stated you only need to configure Autodiscover URI using the same URL for both environments. You can test this using https://testconnectivity.microsoft.com/ or right click the Outlook icon in the system tray and then select "Test Email Auto Configuration"

Select the autodiscover test and see what your clients are pointing to for AutoDiscover.

Will.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

TerellionAuthor Commented:
Hi Will,

Thats really good to know, I read a couple of posts where it mentioned the CAS servers having 2 NIC's also thats all, but thats fine I can remove the other NIC's just leaving the NLB ones on there.

When I ran autodiscover test it says attempting URL https://mail-01.domain.local/autodiscover/autodiscover.xml found through SCP

Then it says Autodiscover URL redirection to https://cas.domain.local/autodiscover/autodiscover.xml

The 2 2007 servers have always had different internal URL's but still work fine, like I said with a 2007 mailbox I can do https://mail01/owa or https://mail02/owa and they both work.

Thanks
0
Simon Butler (Sembee)ConsultantCommented:
run

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

The result that comes back should be identical across all servers. If it is not, then set it identically.

Did you test things before implementing NLB? If not, then that was the first error. You should always test all Exchange functionality because NLB can cause a lot of problems. I will keep kicking Windows NLB because it is an awful tool to use, no place in a production Exchange environment.

Simon.
0
TerellionAuthor Commented:
Will this not cause issues for our 2007 clients though if I set them all to https://cas.domain.local as CAS is the DNS record for the 2013 NLB?

MAIL01 and MAIL02 are the 2007 servers

Identity                                                                             AutoDiscoverServiceInternalUri                                                      
--------                                                                             ------------------------------                                                      
MAIL01                                                                            https://mail01.domain.local/autodiscover/autodiscover.xml                          
MAIL02                                                                             https://mail02.domain.local/Autodiscover/Autodiscover.xml                         
CAS-01                                                                               https://cas.domain.local/Autodiscover/Autodiscover.xml                           
CAS-02                                                                               https://cas.domain.local/Autodiscover/Autodiscover.xml                           
CAS-03                                                                               https://cas.domain.local/Autodiscover/Autodiscover.xml
0
Will SzymkowskiSenior Solution ArchitectCommented:
You do not use different AudodiscoverURi's for Exchange in a co-existence. You need to have them both set to the same values.

Will.
0
TerellionAuthor Commented:
So the Exchange 2007 clients won't get any password prompts or anything if I change this?
0
Simon Butler (Sembee)ConsultantCommented:
By having different URLs set at present, the URL published to the domain keeps changing. Only one URL can be present per AD site at any one time. Therefore Exchange 2013 users could be sent to one of the Exchange 2007 servers for their information.

By changing the URL, all clients will access Exchange 2013 for Autodiscover - no prompts from any clients will be returned and it will work correctly.

Simon.
0
Will SzymkowskiSenior Solution ArchitectCommented:
You can have them either set to the same vaule or you can set the Exchange 2007 to $null and it will use Exchange 2013 Autodiscover to find and correct to the users mailbox.

Will.
0
TerellionAuthor Commented:
Thanks, 1 more question then... if I was to do a Connection Status on a mailbox that was on 2007 but the autodiscover was pointing to the 2013 environment would this still work?

Also we are using NTLM for 2013 but 2007 is set to Negotiate at present... we have XP machines also which I understand won't work with 2013 so will this make any difference?
0
Will SzymkowskiSenior Solution ArchitectCommented:
No this should not make a difference. Autodiscover is an availability service that points your clients to the correct server/s to access their mailbox. Thats what it is there for. You should not run into any issues using NTLM and Negotiate. Just make sure that your authentication on the Server side is also using NTLM and you will be fine.

Will.
0
TerellionAuthor Commented:
Negotiate is for the 2007 exchange environment and NTLM is on for the 2013 environment, so you think this should still be okay?
0
Will SzymkowskiSenior Solution ArchitectCommented:
When you are uisng Negotiate it will select between NTLM or Kerberos (whatever it is configured on the back end).

If the clients are configured with NTLM and you have a different authentication type this is where it fails.

Will.
0
TerellionAuthor Commented:
The clients are just configured using autodiscover so guessing thats where the Negotiate comes from, so this will still be fine then even though we have XP clients?
0
TerellionAuthor Commented:
I'm getting the following error when trying to access 2013 OWA from 2007.

Outlook Web Access is currently unavailable. If the problem continues, contact technical support for your organization and tell them the following: No Client Access servers of the appropriate version can be accessed from the Internet

Must be something else that isn't configured correctly for OWA to redirect to the correct server
0
Simon Butler (Sembee)ConsultantCommented:
For OWA, you need to ensure that the external URL is configured correctly. It needs to be unique to Exchange 2007. Test it from outside, you should be able to access the Exchange 2007 directly. if that doesn't work, then redirection will not work either.

Simon.
0
TerellionAuthor Commented:
We don't have anything set up for external as we don't allow anyone externally to access OWA, so it's just the redirect between 2007 and 2013 that I need to get my head round...
0
Simon Butler (Sembee)ConsultantCommented:
The same goes for internal.
The internal URL needs to be different, and resolve to the correct place.
You should be able to access both servers directly.

Simon.
0
Will SzymkowskiSenior Solution ArchitectCommented:
Redirection should happen automatically, there should be nothing to confiugre. What happens when someone with a mailbox on Exchange 2007 uses the OWA link for 2013? It should auto re-direct by design.

Have you power cycled the Exchange Servers? Or made sure that all of the services and App Pools are stated? Also checking the event viewer as well to see if there are any issues regarding redirection.

Will.
0
TerellionAuthor Commented:
If I sign into 2013 OWA with a 2007 mailbox it comes up with a blank page and the URL it goes to is:

https://cas.domain.local/owa/?bO=1

Had a look in event viewer and it comes up with:

[RpcHttp] Marking ClientAccess 2010 server MAIL01.domain.local (https://mail01.domain.local/rpc/rpcproxy.dll) as unhealthy due to exception: System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.Exchange.HttpProxy.ProtocolPingStrategyBase.Ping(Uri url)

Not sure why it says MAIL01 is a 2010 server when it is a 2007 server...
0
Simon Butler (Sembee)ConsultantCommented:
Those are two different things - completely unrelated.
RPC Proxy is Outlook Anywhere. You will need to enable that on your Exchange 2007 server if you are intending to proxy Outlook Anywhere traffic through the server.

You definitely have two different URLs - something different on Exchange 2007 and 2010?
The authentication is set the same (it should be FBA if you want it to be silent).

Simon.
0
TerellionAuthor Commented:
Hi Simon,

Thanks for all the replies by the way much appreciate it :)

I need to enable Outlook anywhere on 2007 even though this is for OWA?

Have 2 different URL's for OWA yep but thought it would of redirected, authentication is set as Windows and Basic to mirror what 2007 is currently set up as.

Hope this helps.
0
Simon Butler (Sembee)ConsultantCommented:
Outlook Anywhere has nothing to do with OWA.
If you are pointing Outlook Anywhere clients at Exchange 2013, when their mailbox is on Exchange 2007, then you have to enable Outlook Anywhere on Exchange 2007.

For OWA on its own, you shouldn't need to do anything else.

"authentication is set as Windows and Basic to mirror what 2007 is currently set up as."

That is your problem.
You need to use forms based authentication for it to work correctly.

Simon.
0
TerellionAuthor Commented:
Hi Simon, we need to enable FBA on both 2013 and 2007? So there is no way it can re-route from 2013 to 2007 using windows or basic authentication?
0
Simon Butler (Sembee)ConsultantCommented:
It should be able to redirect, but you will get double authentication prompts.

I will have to confess though, I have never implemented basic or Windows authentication for OWA with Exchange 2007 or higher. I don't recommend its use, as it has a number of security issues.

Silent is only possible with FBA.

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TerellionAuthor Commented:
Hi Simon,

I think I actually love you a little bit! HAHA FBA has done the trick!!!!!!!!! AMAZING! Thank you so much!!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.