Solved

Exchange 2007 Coexistence with Exchange 2013 OWA Issue

Posted on 2016-08-02
7
40 Views
Last Modified: 2016-09-21
I have setup the coexistence for Exchange 207 and Exchange 2013.   I am testing the coexistence.   Before changing the firewall settings in the Network Security Appliance, I tested logging into OWA using the namespace for Exchange 2013.

Exchange 2013: mail.mydomain.com & autodiscover.mydomain.com
Exchange 2007: remote.mydomain.com
TestAccount => Account setup with mailbox on Exchange 2013
OldAccount => Account setup with mailbox on Exchange 2007


Results of Internal OWA Tests
Login to Exchange 2013 OWA at https://mail.mydomain.com/owa
User TestAccount => opens Exchange 2013 OWA.  Works fine.
User OldAccount => opens Exchange 2007 OWA.  Proxy/Redirection works!  Works Fine.

Login to Exchange 2007 OWA at https://remote.mydomain.com/owa
User OldAccount => opens Exchange 2007 OWA.  Works fine..

Ok, so I am happy that I can login to either a 2013 Mailbox or a 2007 Mailbox using the 2013 OWA.   Redirections works as it should.  Email sending and receiving works.  

So now I switched the firewall rules to point to Exchange 2013 so I can test the external use of OWA.
Login to Exchange 2013 OWA at https://mail.mydomain.com/owa
User TestAccount => opens Exchange 2013 OWA.  Works fine.
User OldAccount => appears to redirect to 2007 OWA, but just spins and spins and then says website cannot be found.

Login to Exchange 2007 OWA at https://remote.mydomain.com/owa
Just spins and spins and then says website cannot be found.

I concluded that since it works on the inside and not the outside it could be a firewall setting or some kind of DNS issue.

I setup a rule to allow anything through the firewall.   Same results.

Any ideas?

I almost wish the internal redirection did not work also.  At least then, I could easily conclude that some virtual directory was not working right.
0
Comment
Question by:Stephen Hopkins
  • 5
  • 2
7 Comments
 
LVL 42

Accepted Solution

by:
kevinhsieh earned 500 total points
ID: 41740912
You will need firewall rules to allow access to BOTH OWA servers. They need separate public IPs,  and both need to be in public DNS.
0
 
LVL 2

Author Comment

by:Stephen Hopkins
ID: 41740936
I understand your comment with the exception of MX records.  

I can configure a second public IP.
I can configure the Exchange 2013 to the second public IP.
I can update the public DNS to reflect the changes:
   Current IP: remote.mydomain.com
   Second IP: mail.mydomain.com; autodiscover.mydomain.com

Now I am looking at the MX records....
I am not sure how you split MX records between two different email servers.  I am thinking that the MX records would be pointed to the Exchange 2013 second IP.  But if that were the case and all email goes to the second IP, then I am not sure how mail get to the first IP.  I would assume that the Exchange 2013 would redirect, but that is what is not working already.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 41741062
Your question didn't mention anything about MX records.

I would leave the MX record on the existing 2007 server.

Test mail delivery between the two systems. I do much of my testing (and alerting) via a command line tool called blat. You can get it at blat.net. Internally, make sure that you can send email via both Exchange servers, and that the mail gets delivered to mailboxes on both servers when sending through either server. There are four possible combinations. If they all work, then mail routing between the two is working. I assume you have only 1 email domain.

Once SMTP mail is routing properly such that either server can receive for any mailbox, you can add a second MX record for mydomain.com.

Your DNS will look something like this (completely from memory, there could be syntax errors)

mx mydomain.com. 5 remote.mydomain.com.
mx mydomain.com. 10 mail.mydomain.com.
a remote.mydomain.com. 4.1.1.3
a mail.mydomain.com. 4.1.1.4

Email will get preferentially delivered to remote.mydomain.com because it has the higher preference number.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 2

Author Comment

by:Stephen Hopkins
ID: 41749416
I have an order in for a second IP from our ISP.   Once received, I will setup the second IP and DNS.  Will post an update.
0
 
LVL 2

Author Comment

by:Stephen Hopkins
ID: 41754470
The ISP fouled up the installation of a second IP.  We are on hold for a reschedule by the ISP.   Apparently, the node we are on is full and they have to install/reconfigure to get another node in our area.
0
 
LVL 2

Author Comment

by:Stephen Hopkins
ID: 41767753
The ISP has installed a 2nd IP.  I rewired the network to handle the 2nd IP with the Network Security Appliance.   The next step will be to update the NSA IP2 to send email data to the new mail server.   Then, testing.   I will follow that with a external DNS update.
0
 
LVL 2

Author Comment

by:Stephen Hopkins
ID: 41809241
I finally received a new IP, updated the NSA and it works!   Bottom line, most of the tutorials on coexistence do not stress that you will need a 2nd IP with the correct port mapping in the Network Security Appliance.  As far as the MX records, I have not figured out how to get the spam server to work with the coexistence.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now