locked
/exchange does not redirect to /owa after login for Exchange 2007 RRS feed

  • Question

  • When a user goes to https://mycompany.com/exhcange and enters the logon credentials the system does not automatically redirect them to the /owa page when the account is a Exchange 2007 mailbox.  If the user has a exchange 2003 mailbox it works just fine, logs them in and brings up the owa 2003 web page.  If the user has a 2007 mailbox the login page just keeps saying that the username or password is incorrect.  If the user goes to https://mycompany.com/owa and logs in with the exchange 2007 mailbox it works just fine.

    Here is the configuration

    1 Exchange 2003 mailbox server (backend)
    2 Exchange 2007 CAS Servers (no mailbox role)
    2 Exchange 2007 Mailbox Servers.

    Clients go to the CAS servers for the OWA logon page.  We never had a Exchange 2003 Frontend server.

    Can someone please help me to figure out what is going wrong.  I will need to migrate about 1000 users and the majority of them do use OWA so having the redirection working correctly is a must.

    Thanks

    Monday, October 6, 2008 8:46 PM

All replies

  • Clarify: requests to /exchange on the CAS can’t be redirected to /owa for those who have mailbox on exchange 2007 mailbox server

    Normally if you access <https://CAS/Exchange> you should be redirected to /OWA if the user is located on an Exchange 2007 mailbox server. Authentication credentials transparently passed through

    Check info:

    1.       The issue happens on both internal and external?

    2.       Have both of the CAS and MBX been upgraded to same SP version and Rollup?

    3.       After 2007 users access CAS/exchange, does the URL switches to CAS/owa?

    4.       Check the configuration on CAS

    /owa: Basic authentication|SSL + 128|Ignore client certificates

    /public: Ditto

    /exchange: Ditto

    /exchweb: Ditto

    Troubleshooting:

    1.       Check SSL on /exchange of MBX, uncheck it if has been checked and try to reproduce issue

    2.       Try to recreate related virtual directory

    a.       Launch EMS on the CAS server

    b.      Remove-OwaVirtualDirectory “exchange (default web site)”

    c.       Remove-OwaVirtualDirectory “public (default web site)”

    d.      Remove- OwaVirtualDirectory “exchweb (default web site)”

    e.      Remove-OwaVirtualDirectory "owa (default web site)"

    f.        New-OwaVirtualDirectory "exchange" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Mailboxes -WebSiteName "Default Web Site"

    g.       New-OwaVirtualDirectory "public" -OwaVersion Exchange2003or2000 -VirtualDirectoryType PublicFolders -WebSiteName "Default Web Site"

    h.      New- OwaVirtualDirectory “exchweb” -OwaVersion Exchange2003or2000 -VirtualDirectoryType Exchweb -WebSiteName "Default Web Site"

    i.         New-OwaVirtualDirectory -name "owa" -OwaVersion Exchange2007 -WebSiteName"Default Web Site"

    j.        Restart the IIS service and WWW Publishing service on the server

    k.       Check the issue

    Collect log&err:

    3.       Increase diagnostic level for OWA both in CAS and MBX

    EMS->Set-EventLogLevel -Identity "xxx\xx" -Level High

    ·         MSExchange OWA\Core

    ·         MSExchange OWA\Proxy

    ·         MSExchange OWA\ADNotifications

    4.       Reproduce issue

    5.       Check application log on both servers for related error info

    6.       Check the httperr  log for related error

    C:\WINDOWS\system32\LogFiles\HTTPERR

    You can send to log files to here: Microsoft Services File Transfer Website Password: zP@kpjIc7cd

    Resources:

    Outlook Web Access and Exchange 2007, 2003 and 2000 coexistence

     

    Tuesday, October 7, 2008 9:53 AM
  • Thank You for the reply.  I will work on all of the recommendations and items that you suggested today.

    In regards to you question for clarity:
    "Clarify: requests to /exchange on the CAS can’t be redirected to /owa for those who have mailbox on exchange 2007 mailbox server"

    That is correct.

    I will post the results of troubleshooting hopefully later today.

    Tuesday, October 7, 2008 1:48 PM
  •  OK

    Wednesday, October 8, 2008 1:05 AM
  •  

    You are correct in the /exchange logon does not get redirected to /owa

     

    Check Info

    1.  Yes it happens on both internal and external

     

    2.  These are fresh intstalls as of last week.  All four servers are the same for updates and sp's.

     

    3.  No, it does not switch to /owa, it stays on the /exchange logon screen. I have noticed in the security logs I will get a wrong user name or password error event which is what it says on the logon screen, but if I logon from /owa page I do not get the error event and it logs me in.

     

    4.  Checked the configs on the CAS and they are set as you show they should be.

     

    Troubleshooting

     

    1.  Checked and correct

     

    2.  Recreated all virtual directories.

     

    Collect log & err

     

    1.  I am not getting anything in the event logs or the error log file except for the one security error for incorrect username or password.

     

    Wednesday, October 8, 2008 8:51 PM
  • Still waiting for a reply from you and hoping you will be able to help.

    Thanks

    Tuesday, October 14, 2008 2:15 PM
  • Hi,

    We've been experiencing the same issue, but for only a single user- all other users can use the /exchange URL and can login and get redirected to /owa (provided their mailbox is one our 2007 server).  One user gets "Access Denied" after 3 attempts on the /exchange URL, but has no problems logging in and using /owa.  Everyone else (exchange 2003 or 2007 mailboxes) can use either URL with no issues.

    Has anyone found a remedy?  We're running Update Rollup 5 on Exchange 2007 SP1, CAS is 64-bit, Mailbox server is sadly 32-bit.

    Thanks for any thoughts,
    Ben
    Wednesday, December 3, 2008 9:40 AM
  • Hi Roy,

    This is how an ideal request would be

    Client --Http->Exchange (CAS)--Http-> Exchange (Mailbox server)--Http->Owa (CAS)--Rpc->Mailbox.

    So,

    If you go step by step, you'd know where it breaks.

    1) Is internal owa url defined correctly?

    2) Are you getting 302 redirects in IIS logs of Mailbox server?

    cutting short, will post later

    • Proposed as answer by Satish.N Friday, August 7, 2009 1:39 AM
    Thursday, December 4, 2008 1:53 AM
  • Hi,

    I am also facing a similar problem.

    The error I am getting is “The user name or password that you entered is not valid. Try entering it again.”

     

    It’s a fresh Install of Exchange 2007 SP1 with 2 CAS severs and mailboxes on CCR cluster, OS is Windows 2008.


    I have tried deleting and recreating OWA virtual directories on both CAS and MB. URL in address bar does not change, when I enter user name and password of Exchange 2007 user, it remains at

     

    https://CASServer.domain/exchweb/bin/auth/owalogon.asp?url=https://CASServer.domain/exchange&reason=2&replaceCurrent=1


     

    Increased the diagnostic logging for OWA, Checked in ISS logs, there is no such error, and warning. Also, checked the authentication settings of virtual directories, its at default. Internal URL in OWA virtual directory is FQDN of CAS server and I am accessing OWA from internal network.

     

    Any Suggestions?

     

    Thanks!

    Wednesday, February 11, 2009 10:22 PM
  • Hi,

    Has this issue been resolved? I was wondering (maybe I missed it) are the users connecting to owa external or internally? If they connect externally then this document may provide a solution (it did for me): http://technet.microsoft.com/en-us/library/bb885041.aspx

    In the deploment scenarios part, scenario 4 applied to my situation.

    Regards,
    Erik
    Friday, February 27, 2009 11:26 PM
  • Hi,

    For me, it resolved after installing Basic and Windows authentication on mailbox server and changing the dircetory security settings of Exchange virtual directory (logon format same as CAS server) on mailbox server.

    Thanks,
    Saturday, February 28, 2009 1:30 AM
  • Hi,

    I tried to execute the cmdlet new-owavirtualdirectory in a mailbox to recreate the /exchange virtual diretory.
    My Mailbox is working in a cluster, 2 nodes (passive, active) with their respective names and the mailbox use the virtual name of the cluster (the name of the instance).

    The cmdlet new-owavirtualdirectory just takes the hostname of the server in which is running but i need it takes the virtual name of the cluster because  if not, it can not find the exchange server.

    anybody know how to pass the server (or instance) to the cmdlet new-owavirtualdirectory??


    Thanks
    Tuesday, September 15, 2009 11:41 AM
  • I was having the exact same issue as you, v-beta and I installed basic and windows authentication on the mailbox server.  However, now I am getting a "500 - Internal server error.   There is a problem with the resource you are looking for and it cannot be displayed" when attempting to go to https://<cas>/exchange and logging into an account with a mailbox on our Exchange 2007 mailbox server. When I go to https://<cas>/exchange and logon to a mailbox that resides on our 2003 BE server it works fine, and doing https://<cas>/owa to logon to a mailbox that resides on 2007.
    Wednesday, October 21, 2009 8:04 PM
  • Found my answer:
    You get this 500 - Internal Server error while you access Outlook Web Access from https://CASServer.domainname.com/exchange while https://CASServer.domainname.com/owa works fine.
    This happens when you have seperate Exchange 2007 Mailbox and CAS servers. Ideally the request should be redirecetd to /owa but you get 500 - Internal Server Error right after typing in your credentials in the forms login page.

    This happens due to the fact that redirection is not working because ISAPI Extensions are not installed on the Mailbox Server. ISAPI extensions handle specific incoming requests to the IIS server. Extensions are loaded when they are first needed and kept in memory until the host process shuts down.

    To fix this issue, please install the ISAPI Extensions on the mailbox server.

    Here is the command that you have to run from the EMS to install them:

    ServerManagerCmd -i Web-ISAPI-Ext

    Make sure to do an IISRESET after this.


    (from http://smarthost.blogspot.com/2008/07/500-internal-server-error-when-using.html)
    Wednesday, October 21, 2009 8:08 PM
  • Did anyone managed to get any further with this? I'm experiencing the same problems, and have been through several rebuilds, forum guides, MS KB Articles etc, but to no avail.

    Our Setup is..

    1 EX2003 BE Server
    1 EX2007 Mailbox Server in CCR Configuration (Windows 2008 SP2 & Exchage 2007 SP1 Roll Up9)
    1 EX2007 CAS Server (Windows 2008 SP2 & Exchage 2007 SP1 Roll Up9)

    if i goto https://excas01/exchange and login with a 2003 mailbox, success
    if i goto https://excas01/exchange and login with a 2007 mailbox, failure
    if i goto https://excas01/owa and login with a 2007 mailbox, success.

    It's apparent that the /exchange url isn't being passed back as /owa for 2007 mailbox users.

    If i obtain the URL it generates when accessing the CAS Server
    https://excas01/exchweb/bin/auth/owalogon.asp?url=https://excas01/exchange&reason=0&replaceCurrent=1
    and modify it to
    https://excas01/exchweb/bin/auth/owalogon.asp?url=https://excas01/owa&reason=0&replaceCurrent=1
    It works, but not for 2003 users. (probably not much help).

    The EX2007 CCR Nodes and CAS Server have all the pre-reqs on them, including the ISAPI component mentioned above and the correct Authentication requirements for IIS

    I've rebuilt the Virtual Directories several times on the CA Server (completely rebuilt the server after setup.com/mode:uninstall).

    Some forums have suggested that the Mailbox Server should have IIS enabled, which it does, but it does not have any of the Exchange/owa/exchweb Virtual Folderslisted in IIS. The WebDAV Tab in EMC on the Mailbox Server shows nothing (not sure if it should?).

    Running Get-OwaVirtualDirectory results in..
    owa (Default Web Site)     EXCAS01                    Exchange2007
    Exchange (Default Web S... EXCAS01                    Exchange2003or2000
    Public (Default Web Site)  EXCAS01                    Exchange2003or2000
    Exchweb (Default Web Site) EXCAS01                    Exchange2003or2000

    Running New-OwaVirtualDirectory -OwaVersion "Exchange2007" -Name "owa (Default eb Site)" on the mailbox role server results in..
    [PS] C:\Windows\System32>New-OwaVirtualDirectory -OwaVersion "Exchange2007" -Name "owa (Default Web Site)"
    New-OwaVirtualDirectory : 'EXBE2' does not have the right Exchange Server version or role required to support this operation.
    At line:1 char:24+ New-OwaVirtualDirectory  <<<< -OwaVersion "Exchange2007" -Name "owa (Default Web Site)"

    Trying to Add the CAS Role to the CCR Mailbox Server is a big fail, doesnt like other roles installed when it's in CCR Mode, results in..
    "On a machine running Microsoft Clustering Services, only the Management Tools,Passive Clustered Mailbox Role, or Active Clustered Mailbox Role can be installed."

    On the CA Server, if i open IIS and try to navigate to the Exchange/OWA/ExchWeb Virtual Directories, i get a "Network PAth was not found"/"Could not find a part of the path '\\.\BackOfficeStorage\domainname\MBX'" not sure if that's normal (other forum posts seem to suggest so)..

    Have been working on this for a few dys now, and have rebuilt the servers a few times, so i'm rapidly running out of things to try..

    Any other suggestions or help would be very much appreciated.

    Look forward to hearing from anyone.

    Adrian Sahota
    Lead IT Systems Engineer
    Thursday, February 25, 2010 2:21 PM
  • I had this exact issue.  Based on the recommendations of others in this thread I was able to get it working correctly.  Here is what I did.

    1.  On the Mailbox server added the role services 'Basic Authentication' and 'Windows Authentication' to the 'Web Server (IIS)' role in 2008 Server Manager.

    2.  Reset IIS by running 'iisreset' from an command prompt with Administrator rights.

    3.  Opened IIS Manager and enabled 'Basic Authentication' for the 'Exadmin', 'Exchange', and 'Public' virtual directories on the Mailbox server. 

    *** NOTE:  I also configured the 'Default domain' under basic authentication to include my Active Directory domain name.  We have this configured on the CAS server so users can login with just <username> instead of <domain>\<username> to OWA.  If this setting does not match on the CAS and Mailbox servers you will continue to get HTTP 401 errors in the HTTP logs on the mailbox server.

    4.  I could now login via /exchange, however I received the '500 - Internal Server' errors.  At this point I followed lichen86's instructions and added the role service 'ISAPI Extensions' to the 'Web Server (IIS)' role in 2008 Server Manager on the Mailbox server.  I did this through Server Manager, but the same task can be accomplished through the command line by running 'ServerManagerCmd -i Web-ISAPI-Ext' as lichen86 posted.

    5.  Finally I reset IIS again by running 'iisreset' from an command prompt with Administrator rights.

    At this point I could successfully login to OWA with backend 2003 or 2007 mailboxes using the /exchange virtual directory.

    Not sure what caused my problem.  I'm running cleanly build 2007 SP2 w/ Update Roll Up 2 CAS and Mailbox servers.  However, I did install the Mailbox role before the CAS.  Don't know if the order matters or not.

    Thanks to everyone for posting their experiences in this thread.  It really helped to get me working.

    Jason

    Saturday, March 20, 2010 6:56 PM
  • I had the same issue.

    Site 1 - 1 EX2007 Internet facing CAS Server (Windows 2008 SP2 & Exchage 2007 SP1 Roll Up9)
    Site 1 - 1 EX2007 Mailbox Server (Windows 2008 SP2 & Exchage 2007 SP1 Roll Up9)
    Site 1 - 1 EX2003 BE Server

    Site 2 - 1 EX2007 CAS/HT/MBX (Windows 2008 SP2 & Exchage 2007 SP1 Roll Up9)
    Site 2 - 1 EX2003 BE Server

    https://excas01/exchange and login with a site 1 2003 mailbox , success
    https://excas01/exchange and login with a site 1 2007 mailbox, success
    https://excas01/owa and login with a site 1 2007 mailbox, success.

    https://excas01/exchange and login with a site 2 2003 mailbox , success
    https://excas01/exchange and login with a site 2 2007 mailbox, failure
    https://excas01/owa and login with a site 2 2007 mailbox, success

    All the recommendations in this thread didn't solve my problem.

    After the following change ist worked:
    On the Site 2 - EX2007 CAS/HT/MBX Server I deactivated the "Require SSL" setting on the /Exchange virtual directory

    Regards
    Pano


    Monday, April 19, 2010 2:05 PM
  • Similar issue, I was unable to recreate OWA virtual directory after removing using the following commands:

    Remove-OwaVirtualDirectory “exchange (default web site)”

    Remove-OwaVirtualDirectory “public (default web site)”

    Remove- OwaVirtualDirectory “exchweb (default web site)”

    Remove-OwaVirtualDirectory "owa (default web site)"

    New-OwaVirtualDirectory "exchange" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Mailboxes -WebSiteName "Default Web Site"

    New-OwaVirtualDirectory "public" -OwaVersion Exchange2003or2000 -VirtualDirectoryType PublicFolders -WebSiteName "Default Web Site"

    New- OwaVirtualDirectory “exchweb” -OwaVersion Exchange2003or2000 -VirtualDirectoryType Exchweb WebSiteName "Default Web Site"

    New-OwaVirtualDirectory -name "owa" -OwaVersion Exchange2007 -WebSiteName"Default Web Site"  

    Final command above failed; unable to recreate OWA virtual directory

    I believe IIS still had traces of the original OWA virtual directory in the Metabase; to get things clean again I completed the following commands:

    Un-install Exchange CA role

    Un-install IIS

    Re-install IIS

    Re-install Exchange CA role

     

     

    Tuesday, August 10, 2010 10:22 AM
  • This worked for me go into iis and check off anonymous and intergrated authentication restart iis
    • Proposed as answer by sflynner26 Monday, August 27, 2012 4:35 PM
    Monday, August 27, 2012 4:35 PM