Exchange 2010/2013/Online hybrid - Virtual Directory URLs

Hi,

I hope someone can help. There is a lot of background to this problem but I'll try to keep it as succinct as I can. In short, I need some help with correctly configuring the Virtual Directory URLs for our hybrid setup. The problem was first noticed because Exchange 2013 users cannot see the calendars of Exchange 2010 users. I know this could be for a number of reasons but the first thing I want to do is make sure the Virtual Directory URLs are correct. Some I know need fixing (like the 2010 ActiveSync URLs) but can anyone clarify on the rest? Should EVERYTHING be pointing to 2013? For reference, our public and internal DNS records for Autodiscover.domain.com point to the 2013 CAS servers. Pasted below are our current URLs. If anyone can help with what else needs correcting here, that would be great.

Server	Virtual Directory	Current Internal Url	Current External URL
2010 CAS 1	ActiveSync	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/Microsoft-Server-ActiveSync
2010 CAS 2	ActiveSync	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/Microsoft-Server-ActiveSync
2013 CAS 1	ActiveSync	https://email.domain.com/Microsoft-Server-ActiveSync	https://email.domain.com/Microsoft-Server-ActiveSync
2013 CAS 2	ActiveSync	https://email.domain.com/microsoft-server-activesync	https://email.domain.com/Microsoft-Server-ActiveSync
2010 DR CAS	ActiveSync	https://drwebmail.domain.com/Microsoft-Server-ActiveSync	https://drwebmail.domain.com/Microsoft-Server-ActiveSync
2013 DR CAS	ActiveSync	https://dremail.domain.com/Microsoft-Server-Activesync	https://dremail.domain.com/Microsoft-Server-Activesync
			
2010 CAS 1	ECP	https://webmail.domain.com/ecp	https://webmail.domain.com/ecp
2010 CAS 2	ECP	https://webmail.domain.com/ecp	https://webmail.domain.com/ecp
2013 CAS 1	ECP	https://email.domain.com/ecp	https://email.domain.com/ecp
2013 CAS 2	ECP	https://email.domain.com/ecp	https://email.domain.com/ecp
2010 DR CAS	ECP	https://drwebmail.domain.com/ecp	https://drwebmail.domain.com/ecp
2013 DR CAS	ECP	https://email.domain.com/ecp	https://email.domain.com/ecp
			
2010 CAS 1	EWS	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/ews/exchange.asmx
2010 CAS 2	EWS	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/ews/exchange.asmx
2013 CAS 1	EWS	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/ews/exchange.asmx
2013 CAS 2	EWS	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/ews/exchange.asmx
2010 DR CAS	EWS	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/ews/exchange.asmx
2013 DR CAS	EWS	https://email.domain.com/ews/exchange.asmx	https://email.domain.com/ews/exchange.asmx
			
2013 CAS 1	MAPI	https://2013cas1.domain.com/mapi	NULL
2013 CAS 2	MAPI	https://2013cas2.domain.com/mapi	NULL
2013 DR CAS	MAPI	https://2013drcas.domain.com/mapi	NULL
			
2010 CAS 1	OAB	http://webmail.domain.com/OAB	http://webmail.domain.com/OAB
2010 CAS 2	OAB	http://webmail.domain.com/OAB	http://webmail.domain.com/OAB
2013 CAS 1	OAB	https://email.domain.com/oab	https://email.domain.com/oab
2013 CAS 2	OAB	https://email.domain.com/oab	https://email.domain.com/OAB
2010 DR CAS	OAB	http://webmail.domain.com/OAB	http://webmail.domain.com/OAB
2013 DR CAS	OAB	https://dremail.domain.com/oab	https://dremail.domain.com/oab
			
2010 CAS 1	OWA	https://webmail.domain.com/owa	https://webmail.domain.com/owa
2010 CAS 2	OWA	https://webmail.domain.com/owa	https://webmail.domain.com/owa
2013 CAS 1	OWA	https://email.domain.com/owa	https://email.domain.com/owa
2013 CAS 2	OWA	https://email.domain.com/owa	https://email.domain.com/owa
2010 DR CAS	OWA	https://drwebmail.domain.com/owa	https://drwebmail.domain.com/owa
2013 DR CAS	OWA	NULL	NULL

Open in new window

AlAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AlAuthor Commented:
Thanks Miguel, that powerpoint is pretty useful. Just for clarity, there were a couple of errors in my original post and something I missed out; the problem we're experiencing is that Exchange 2013 users cannot see the calendars of Exchange Online users, not Exchange 2010 users.

Also, webmail.domain.com points to the 2010 CAS servers and email.domain.com points to the 2013 CAS servers. So if I send all URLs to email.domain.com, I have the correct setup? Autodiscover does resolve to the internal IP of the 2013 CAS machine internally and the public IP of the 2013 CAS machines externally.

Thanks for your help.
Miguel Angel Perez MuñozCommented:
Thanks Miguel, that powerpoint is pretty useful. Just for clarity, there were a couple of errors in my original post and something I missed out; the problem we're experiencing is that Exchange 2013 users cannot see the calendars of Exchange Online users, not Exchange 2010 users.

How to do to get calendar? did you do a federation? must be done from Exchange 2013

Also, webmail.domain.com points to the 2010 CAS servers and email.domain.com points to the 2013 CAS servers. So if I send all URLs to email.domain.com, I have the correct setup? Autodiscover does resolve to the internal IP of the 2013 CAS machine internally and the public IP of the 2013 CAS machines externally.

You must to use ECP or cmdlet to configure correct external hostname. You can only have one autodiscover host, that must be Exchange 2013 host.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

AlAuthor Commented:
Hi Miguel,

I think the free/busy thing may be a different issue. Federation is setup but If I run Get-FederationInformation -domainname <Office 365 Domain> on an Exchange 2010 server I get the repsonse:

RunspaceId            : xxxxxxxxxxxxx
TargetApplicationUri  : outlook.com
DomainNames           : {domain.onmicrosoft.com, domain.mail.onmicrosoft.com}
TargetAutodiscoverEpr : https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc/WSSecurity
TokenIssuerUris       : {urn:federation:MicrosoftOnline}
IsValid               : True

Open in new window


However, if I run that command on a 2013 server I get:

Federation information could not be received from the external organization.
    + CategoryInfo          : NotSpecified: (:) [Get-FederationInformation], GetFederationInformationFailedException
    + FullyQualifiedErrorId : [Server=MBXSERVER,RequestId=xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx,TimeStamp=26/08/2015
   07:15:37] [FailureCategory=Cmdlet-GetFederationInformationFailedException] D11619D6,Microsoft.Exchange.Management.
  SystemConfigurationTasks.GetFederationInformation
    + PSComputerName        : casserver.domain.com

Open in new window


Autodiscover is only pointing to 2013 though we use DNS round-robin so have 2 public A records for autodiscover, one pointing to each 2013 CAS server and 2 internal A records pointing to each of the CAS servers.

So, if you have any ideas on the above get-federationinformation error or any suggestions about the configuration of AutoDiscover, that would be great. But my main question is around whether or not every URL should point to 2013 and whether I can expect any issues if I do that.

Have you seen that get-federationinformation error before?

Thanks again.
Miguel Angel Perez MuñozCommented:
From what server did you done federation?

But my main question is around whether or not every URL should point to 2013 and whether I can expect any issues if I do that.

Yes, some users maybe can not access from CAS, missing calendars/shared mailboxes...
AlAuthor Commented:
From what server did you done federation?

It was actually done before I began working here. Is there any way to check? Could that error be caused by a firewall rule? That's what I'm thinking as I also cannot connecto PS Online via the 2013 servers. Could anything else cause the problem?

Yes, some users maybe can not access from CAS, missing calendars/shared mailboxes...

Are you saying this might happen if I point all the URLs to 2013?

Thanks.
Miguel Angel Perez MuñozCommented:
Autodiscover gives:
- Availability information
- Out of office information.
- OAB information
- UM information
- Configuration for MAPi clients.

I think using Exchange 2010 instead of Exchange 2013 causes some of this not work.
I suggest you re-do federation using Exchange 2013 but first repair PS problems before do it.

Last suggestion about calendar, maybe it is a problem permission. Exchange 2010 and Exchange 2013 are on same AD domain and must to know one about other: https://support.microsoft.com/en-us/kb/2834139

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlAuthor Commented:
Thanks for your help. I'll try this during our scheduled downtime and report back if there are any issues.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.