Citrix Cloud Portal and Exchange server 2013 CU8 OWA
Hi All.
We have a hosted exchange 2010 solution with and we are in the process of upgrading to 2013. We have cloned and created a live LAB environment to test the deployment and this is where we are now...
We have the following:
2 x AD controllers. 1x 2008 and 1x 2012
1x exch2010 server with Citrix provisioning installed (MBX & CAS roles)
1x exch2010 mailbox server
2x Exch2013 CAS servers
2x Exch2013 MBX server
1x SQL
1x Web
1xProvisioning (Citrix Server)
We made sure that everything works before installing 2013 into the environment so i can confirm that the 2010 provisioning worked perfectly before installing the Exchange 2013 into the environment.
I then started with preparing the domain, schema and domain controllers and then continued to install the first exchange2013 server.
After going through some errors, and working through some documented KB articles, the exchange server are all successfully installed.
I then created a new user called hexadmin. I can log in to OWA and ECP on 2013 successfully and i can log into administrator on 2010 successfully using the OWA redirect from 2013>2010.
Mail flow also works between two accounts.
We then introduced exchange 2013 to our Citrix panel by updating the panel to the latest version, added the servers to the panel, added the services to the servers and also installed the Citrix software needed on one of the CAS servers.
The Panel is happy with everything and we are able to successfully provision a new Customer, new Exchange service and also new user mailboxes.
I checked for the following:
- the new client is listed under AD
- the new user is listed under the correct OU and the structure is the same as a working user
- the Exchange 2013 ECP panel detects the users and confirms that the user has a mailbox.
- the mailbox is located on one of the Exchange 2013 Mailbox servers.
So, everything looks good so far... but when I try to log into OWA on EXCH2013 i get the following message:
"The user name or password you entered isn't correct. Try entering it again."
I can confirm that I have double checked and triple checked the username and password. I have done multiple resets on the account using the Citrix Panel with which provisions successfully.
I have tried with multiple customers and multiple users with in these customers.
When I look in Event viewer I can see the attempted login with error:
Audit Failure:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: HEX2013-EXCAS09$
Account Domain: Domain
Logon ID: 0x3E7
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: peter@Domain.local
Account Domain: HEX2013-EXCAS09
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0xb58
Caller Process Name: C:\Windows\System32\inetsr
Network Information:
Workstation Name: HEX2013-EXCAS09
Source Network Address: 192.168.200.37
Source Port: 20765
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
If i give the mailbox Full permissions to the HEXADMIN, then I am able to open the mailbox, but no matter what i try, I can't log onto any mailbox when provisioned with Citrix.
I am hoping that someone has gone through this already can maybe assist with this?
I have scoured the citrix forum with nothing coming back with any decent info.
Please let me know if you want to know anything else.
We have a hosted exchange 2010 solution with and we are in the process of upgrading to 2013. We have cloned and created a live LAB environment to test the deployment and this is where we are now...
We have the following:
2 x AD controllers. 1x 2008 and 1x 2012
1x exch2010 server with Citrix provisioning installed (MBX & CAS roles)
1x exch2010 mailbox server
2x Exch2013 CAS servers
2x Exch2013 MBX server
1x SQL
1x Web
1xProvisioning (Citrix Server)
We made sure that everything works before installing 2013 into the environment so i can confirm that the 2010 provisioning worked perfectly before installing the Exchange 2013 into the environment.
I then started with preparing the domain, schema and domain controllers and then continued to install the first exchange2013 server.
After going through some errors, and working through some documented KB articles, the exchange server are all successfully installed.
I then created a new user called hexadmin. I can log in to OWA and ECP on 2013 successfully and i can log into administrator on 2010 successfully using the OWA redirect from 2013>2010.
Mail flow also works between two accounts.
We then introduced exchange 2013 to our Citrix panel by updating the panel to the latest version, added the servers to the panel, added the services to the servers and also installed the Citrix software needed on one of the CAS servers.
The Panel is happy with everything and we are able to successfully provision a new Customer, new Exchange service and also new user mailboxes.
I checked for the following:
- the new client is listed under AD
- the new user is listed under the correct OU and the structure is the same as a working user
- the Exchange 2013 ECP panel detects the users and confirms that the user has a mailbox.
- the mailbox is located on one of the Exchange 2013 Mailbox servers.
So, everything looks good so far... but when I try to log into OWA on EXCH2013 i get the following message:
"The user name or password you entered isn't correct. Try entering it again."
I can confirm that I have double checked and triple checked the username and password. I have done multiple resets on the account using the Citrix Panel with which provisions successfully.
I have tried with multiple customers and multiple users with in these customers.
When I look in Event viewer I can see the attempted login with error:
Audit Failure:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: HEX2013-EXCAS09$
Account Domain: Domain
Logon ID: 0x3E7
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: peter@Domain.local
Account Domain: HEX2013-EXCAS09
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0xb58
Caller Process Name: C:\Windows\System32\inetsr
Network Information:
Workstation Name: HEX2013-EXCAS09
Source Network Address: 192.168.200.37
Source Port: 20765
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
If i give the mailbox Full permissions to the HEXADMIN, then I am able to open the mailbox, but no matter what i try, I can't log onto any mailbox when provisioned with Citrix.
I am hoping that someone has gone through this already can maybe assist with this?
I have scoured the citrix forum with nothing coming back with any decent info.
Please let me know if you want to know anything else.
ASKER
Thanks Radhakrishnan
I will go through the IIS config and double check. but with the citrix config working on ex2010, what would be different for 2013 and what should I look out for?
I will go through the IIS config and double check. but with the citrix config working on ex2010, what would be different for 2013 and what should I look out for?
Hi,
Did you used any Package Migration Wizard after moving the mailbox to the new exchange? This is found under Configuration \ Provisioning & Debug Tools \ Package Migration Wizard.
During this wizard there will be an option in the portal, click on Services, expand Hosted Exchange and select the new Exchange version from the radio button options.
Did you used any Package Migration Wizard after moving the mailbox to the new exchange? This is found under Configuration \ Provisioning & Debug Tools \ Package Migration Wizard.
During this wizard there will be an option in the portal, click on Services, expand Hosted Exchange and select the new Exchange version from the radio button options.
ASKER
No, we are currently testing with a newly provisioned customer so no upgrade package used at all.
That is why it is so weird. I have replicated the OWA and ECP virtual directory authentication settings but still no luck.
That is why it is so weird. I have replicated the OWA and ECP virtual directory authentication settings but still no luck.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Nice to see such detailed questions!.
While looking at the log you posted, it looks like IIS issue. May be authentication. Actually w3wp.exe belongs to a IIS worker process which needs proper authentication.
I would suggest to check the Citrix website in IIS and make sure the authentication set properly?
Thanks