locked
OWA 2013 SSO - OWA Version RRS feed

  • Question

  • Hello,

    I'm trying to SingleSignOn to OWA 2013 using NetScaler AAA. Everything seems to be working fine, however I get the 2010 version of OWA. If I connect to the exchange server directly I get the 2013 version.

    From what I can tell, this happens because I get the light version of owa, right?

    I have read many articles that state that I have to specify a combination of the variables "flags" and "trusted".

    Although I tried "flags=0&trusted=0" and "flags=4&trusted=4" I haven't got it to work.

    One last thing, when I check the version of the OWA using ECP and Powershell I get that it is 2010.

    This is a clean installation of Exchange 2013 on a brand new domain with just one server. The version of the server is 15 build 516.32 and it's running on Windows Server 2012 R2.

    Thanks in advance,

    Chris

    Friday, March 27, 2015 9:02 PM

Answers

  • Hi,

    According to your description, I understand that the version of OWA is 2010 after deploy Single Sign-On by NetScaler AAA, however the version of Exchange is 2013.
    If I misunderstand your concern, please do not hesitate to let me know.

    Do you have install Exchange server within a coexistence environment? Details about Client Connectivity in an Exchange 2013 Coexistence Environment, for your reference:
    http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx

    If not, what the function of Single Sign-on? Is it used for supporting single sign on between Outlook Web App and Exchange Control Panel?
    You can enable forms-based authentication both in Outlook Web App and Exchange Control Panel virtual directories to achieve this goal.

    Please try to run below command or Register to double check the version of Exchange:
    Get-ExchangeServer | Format-List

    Thanks


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Monday, March 30, 2015 6:12 AM
  • Hello,

    Upgrading to SP1 seems to have fixed the problem.

    I'll do some more testing before updating to CU8 and then some more.

    Thanks,

    Chris

    Thursday, April 2, 2015 3:44 PM

All replies

  • Hi,

    According to your description, I understand that the version of OWA is 2010 after deploy Single Sign-On by NetScaler AAA, however the version of Exchange is 2013.
    If I misunderstand your concern, please do not hesitate to let me know.

    Do you have install Exchange server within a coexistence environment? Details about Client Connectivity in an Exchange 2013 Coexistence Environment, for your reference:
    http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx

    If not, what the function of Single Sign-on? Is it used for supporting single sign on between Outlook Web App and Exchange Control Panel?
    You can enable forms-based authentication both in Outlook Web App and Exchange Control Panel virtual directories to achieve this goal.

    Please try to run below command or Register to double check the version of Exchange:
    Get-ExchangeServer | Format-List

    Thanks


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Monday, March 30, 2015 6:12 AM
  • Hello Allen,

    Yes, that is correct. I should clarify though that I get the 2010 version when I'm connecting using SSO. If I open OWA on the server directly I get the 2013 version.

    No, this is a brand new environment in my lab built from scratch on Windows 2012 R2 and I have only one Exchange 2013 server that is the first exchange server installed. I have already enabled Forms Based Authentication on both virtual directories.

    I want to use SSO because I want the authentication done on the NetScaler using the existing authentication policies (MFA, and policies based on Client IPs and AD group membership).

    Get-ExchangeServer | fl

    ExchangeVersion: 0.1 (8.0.535.0)
    AdminDisplayVersion: Version 15.0 (Build 516.32)

    Get-OWAVirtualDirectory | fl

    OWAVersion: Exchange2010
    ExchangeVersion: 0.10 (14.0.100.0)

    As you can see I haven't applied any CU updates to the server. This is on purpose because I want to test with this version first and then with the latest. Since I can't get it to work I think I'll create a checkpoint 

    Monday, March 30, 2015 4:14 PM
  • Hello Allen,

    Yes, that is correct. I should clarify though that I get the 2010 version when I'm connecting using SSO. If I open OWA on the server directly I get the 2013 version.

    No, this is a brand new environment in my lab built from scratch on Windows 2012 R2 and I have only one Exchange 2013 server that is the first exchange server installed. I have already enabled Forms Based Authentication on both virtual directories.

    I want to use SSO because I want the authentication done on the NetScaler using the existing authentication policies (MFA, and policies based on Client IPs and AD group membership).

    Get-ExchangeServer | fl

    ExchangeVersion: 0.1 (8.0.535.0)
    AdminDisplayVersion: Version 15.0 (Build 516.32)

    Get-OWAVirtualDirectory | fl

    OWAVersion: Exchange2010
    ExchangeVersion: 0.10 (14.0.100.0)

    As you can see I haven't applied any CU updates to the server. This is on purpose because I want to test with this version first and then with the latest. Since I can't get it to work I think I'll create a checkpoint 

    I would suggest not doing any testing RTM.  Especially since they are 8 CU's into the product and anything older than 2 CUs technically isn't even supported.  Also, you mentioned that you installed Exchange on a Windows Server 2012 R2 box and support for that wasn't introduced until SP1.

    That being said, I think you have to be atleast on CU2 for this to have a chance of working the way you want it to.

    http://blogs.technet.com/b/rmilne/archive/2013/07/09/exchange-2013-rtm-cu2-released.aspx

    I would recommend doing your testing with a higher CU supported CU. 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    • Proposed as answer by Hinte Thursday, April 2, 2015 4:29 PM
    Monday, March 30, 2015 4:44 PM
  • Hello,

    Upgrading to SP1 seems to have fixed the problem.

    I'll do some more testing before updating to CU8 and then some more.

    Thanks,

    Chris

    Thursday, April 2, 2015 3:44 PM