locked
Exchange 2013 to 2016 migration OWA 404 error RRS feed

  • Question

  • Hi,

    I have one Exchange 2013 CU10 server and have deployed a single Exchange 2016 server. Exchange 2016 is configured and a valid SSL certificate is installed.

    Namespaces still resolve to Exchange 2013 and as I understand it unlike previous versions I do not need to change the namespaces at this stage if I don't want to and Exchange 2013 should be able to proxy requests to Exchange 2016 for mailboxes that I move.

    However, I get 404 page not found errors when accessing Exchange 2016 mailboxes via the 2013 CAS server. This also affects Outlook, Outlook won't connect to the mailbox (repeated password prompts). If I make hosts files entries to resolve namespaces to Exchange 2016 then I can open Outlook and OWA, I can also access 2013 mailboxes via the Exchange 2016 server. OA, EWS, OWA, ECP are configued the same across both servers i.e. same authentication methods.

    Thanks.



    Sunday, October 25, 2015 8:50 PM

Answers

  • OK so I managed to find some time to sit down and do some more troubleshooting on this.

    It was a pretty stupid problem. Exchange 2013 server was, for reasons I can only assume terrible, a member of Organization Management, which is a restricted group. Exchange 2016 would not permit the Exchange 2013 server access to the back-end (there has to be a dirty joke in there somewhere). 

    Up-version proxy works very nicely now that Exchange 2013 is no longer a member of Organization Management.

    • Marked as answer by RobPhillips84 Tuesday, October 27, 2015 10:25 PM
    Tuesday, October 27, 2015 10:24 PM

All replies

  • It seems that you have your answer.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    • Proposed as answer by Prem P Rana Tuesday, October 27, 2015 4:32 AM
    Sunday, October 25, 2015 9:58 PM
  • I guess. I was just under the impression this wasn't supposed to be the case with Exchange 2013/2016 co-existence.
    Sunday, October 25, 2015 10:01 PM
  • You're welcome to share the source of that impression.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, October 26, 2015 5:27 AM
  • Hi,

    In Exchange 2016, it will be possible for Exchange 2013 to "Up-Version proxy" to the next version. 
    Please run the below command to check your OWA and outlook anywhere settings in the coexistence environment:
    Get-OwaVirtualDirectory | FL Identity,name,*URL*,*auth*
    Get-OutlookAnywhere | fl Identity,*host*,*auth*
    Also make sure you have related DNS records for those URLs.

    Regards,

    David 



    • Edited by David Wang_ Monday, October 26, 2015 5:49 AM
    Monday, October 26, 2015 5:45 AM
  • Hi David thanks for confirming that. It has been quite widely advertised as a feature when upgrading to Exchange 2016 from 2013 but at the moment there is limited information on the specifics. Here's the info requested:

    Identity                      : server1\owa (Default Web Site)
    Name                          : owa (Default Web Site)
    Url                           : {}
    InternalSPMySiteHostURL       :
    ExternalSPMySiteHostURL       :
    SetPhotoURL                   :
    Exchange2003Url               :
    FailbackUrl                   :
    InternalUrl                   : https://outlook.domain.co.uk/owa
    ExternalUrl                   : https://outlook.domain.co.uk/owa
    ClientAuthCleanupLevel        : High
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}

    Identity                      : server2\owa (Default Web Site)
    Name                          : owa (Default Web Site)
    Url                           : {}
    InternalSPMySiteHostURL       :
    ExternalSPMySiteHostURL       :
    SetPhotoURL                   :
    Exchange2003Url               :
    FailbackUrl                   :
    InternalUrl                   : https://outlook.domain.co.uk/owa
    ExternalUrl                   : https://outlook.domain.co.uk/owa
    ClientAuthCleanupLevel        : High
    InternalAuthenticationMethods : {Basic, Fba}
    BasicAuthentication           : True
    WindowsAuthentication         : False
    DigestAuthentication          : False
    FormsAuthentication           : True
    LiveIdAuthentication          : False
    AdfsAuthentication            : False
    OAuthAuthentication           : False
    ExternalAuthenticationMethods : {Fba}

    Identity                           : server1\Rpc (Default Web Site)
    ExternalHostname                   : outlook.domain.co.uk
    InternalHostname                   : outlook.domain.co.uk
    ExternalClientAuthenticationMethod : Ntlm
    InternalClientAuthenticationMethod : Ntlm
    IISAuthenticationMethods           : {Ntlm}

    Identity                           : server2\Rpc (Default Web Site)
    ExternalHostname                   : outlook.domain.co.uk
    InternalHostname                   : outlook.domain.co.uk
    ExternalClientAuthenticationMethod : Ntlm
    InternalClientAuthenticationMethod : Ntlm
    IISAuthenticationMethods           : {Ntlm}

    Yes ther are DNS records and they resolve to the 2013 server at the moment.

    Monday, October 26, 2015 5:13 PM
  • Also, make sure Mapi/Http is disabled on Exchange 2016. In Exchange 2016, Mapi/Http is enabled by default.

    OM (MCITP) | Blog

    Monday, October 26, 2015 5:40 PM
  • I believe that is an organization level configuration so when deploying to an existing exchange org it will be whatever was already set. In my case it is disabled due to not being certain of Outlook patch levels in the environment.
    Monday, October 26, 2015 8:08 PM
  • That wouldn't have anything to do with OWA.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, October 26, 2015 10:52 PM
  • You are talking about outlook anywhere (MAPI) this will have zero impact on OWA

    ***Don't forget to mark helpful or answer***

    Tuesday, October 27, 2015 8:44 AM
  • A lot of people seem to be saying there is no "up-version proxy" if this is truly the case someone should tell the Exchange team!

    http://blogs.technet.com/b/exchange/archive/2015/05/05/exchange-server-2016-architecture.aspx 

    "Coexistence with Exchange Server 2013

    In Exchange Server 2013, the Client Access server role is simply an intelligent proxy that performs no processing/rendering of the content. That architectural tenet paid off in terms of forward coexistence. When you introduce Exchange Server 2016, you do not need to move the namespace. That’s right, the Exchange Server 2013 Client Access infrastructure can proxy the mailbox requests to the Exchange 2016 servers hosting the active database copy! For the first time ever, you get to decide when you move the namespace over to the new version. And not only that, you can even have load balancer pools contain a mix of Exchange Server 2013 and Exchange Server 2016. This means you can do a one-for-one swap in the load balancer pool – as you add Exchange 2016 servers, you can remove Exchange 2013 servers."

    If this information is outdated please can someone tell me where I can find the latest information on Exchange 2013/2016 co-existence. 


    I may well just move the namespaces as this seems to work but as I am not under any time pressure to complete this migration I would prefer to take the opportunity to figure out why the up-version proxy isn't working for any future migrations I may perform. 
    Tuesday, October 27, 2015 9:05 AM
  • OK so I managed to find some time to sit down and do some more troubleshooting on this.

    It was a pretty stupid problem. Exchange 2013 server was, for reasons I can only assume terrible, a member of Organization Management, which is a restricted group. Exchange 2016 would not permit the Exchange 2013 server access to the back-end (there has to be a dirty joke in there somewhere). 

    Up-version proxy works very nicely now that Exchange 2013 is no longer a member of Organization Management.

    • Marked as answer by RobPhillips84 Tuesday, October 27, 2015 10:25 PM
    Tuesday, October 27, 2015 10:24 PM
  • It's certainly weird that someone would put the computer account in that group.  Thanks for sharing the result.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, October 27, 2015 10:49 PM