locked
OWA still redirects to Exchange 2007 (legacy) after mailbox-move to Exchange 2013 RRS feed

  • Question

  • Hi,

    I am in the process of implementing Exchange 2013 in coex with 2007. I am testing now in a copy of the production environment and have installed the Exchange 2007 SP3 RU11 prior to installing Exchange 2013 using the SP1 media.

    We use a wildcard certificate and I prepared the Exchange 2007 internal/external URLs for OWA/OAB/etc to use the legacy.domain.com names and in Exchange 2013 I set them all to email.domain.com. Exchange 2013 has Outlook Anywhere configured.

    All tests like autodiscover (internally via SCP) run fine and for a new Exchange 2013 mailbox the Outlook and OWA functionality is as expected. A mailbox still on 2007 also connects fine via Outlook and while connecting to OWA (using the htps://email.domain.com/owa url) also redirects me to https://legacy.domain.com/owa just fine.

    HOWEVER: after a successfull mailbox-move from 2007 to 2013 my OWA logon-request STILL get's redirected to the 2007 legacy URL. When I then logon again on the 2007 OWA I get the message that I should connect to the 2013 URL and end-up in a loop.

    Anyone any tips where to search?

    Many thanks in advance.


    Best regards and many thanks in advance, Eric Vegter

    Thursday, April 24, 2014 12:04 PM

Answers

  • Hi,

    technically everything is working perfectly and yes, the e2007 servers are internally and externally available as legacy.domain.com and the e2013 servers as email.domain.com. All internal and external URLs are configured with proper authentication methods etc. 

    My issue was/is related to something in my (old) user-profile that only affected the way that Internet Explorer accesses the OWA service. It might have something to do with cookies or other cached info. I reset my IE and cleared all temp and cookie data which did not help so then I simply removed my profile and after that I had no issues anymore.

    Yesterday we built everything in the production environment and no issues at all using the identical setup, so my issue was just a single incident that unfortunately hit me while installing and testing in the test-environment.

    Thanks all for the contributions!


    Best regards and many thanks in advance, Eric Vegter


    Friday, May 2, 2014 9:11 AM

All replies

  • The only time I have seen that behavior is when a user gets migrated to 2013 and then back to 2007.  The mailbox lives in 2007 but has been upgraded to 2013 version.  If you log into the 2013 OWA and get redirected, does it finally get in where you can see mail?  Make sure the user mailbox is actually on a 2013 database.   I have also seen where it can take 10-15 minutes in some cases for the 2007 environment to figure out that the mailbox has moved and sort everything out accordingly.
    Thursday, April 24, 2014 12:23 PM
  • Hi, thanks for your quick reply.

    I actually just found the cause: the mailbox I moved had the "admincount=1" property set which causes the security enherritance on the object to be turned off. That seems to have affected the permissions for the Exchange 2013 system to update the correct properties somewhere deeper in the configuration. Looking at the properties in ADSIEDIT all looked good (no obvious references to legacy stuff for the account).

    So in my case it is now solved after clearing the admincount=1 property and checking the security inherritance checkbox.


    Best regards and many thanks in advance, Eric Vegter

    Thursday, April 24, 2014 12:37 PM
  • Hi,

    Glad that the issue has been resolved and thanks for your sharing.

    Additionally, the AdminCount value set to 1 indicates that this user is a protested account which is protected by AdminSDHolder. The user may be a member of Admin or protested group. With protected accounts and groups, the objects' permissions are set and enforced via an automatic process that ensures that the permissions on the objects remains consistent even if the objects are moved about the directory. For more information about protected account, please refer to:

    http://blogs.technet.com/b/lrobins/archive/2011/06/23/quot-admin-free-quot-active-directory-part-2-protected-accounts-and-groups-in-active-directory.aspx

    Regards,


    Winnie Liang
    TechNet Community Support

    Friday, April 25, 2014 7:03 AM
  • Hi Winnie,

    it actually seems to have nothing to do with the admincount but seems to be an issue with my IE session on the terminal server I work on. Running Chrome to connect to the same mailbox runs fine without getting that redirection and while connecting with IE from another server (the exchange servers) also works fine. Very odd.

    I reset the IE settings and so on without avail and logging on to another moved mailbox from the same IE in the same user-session also works so I'm a bit puzzled. It seems a single issue because another migrated/moved mailbox from a colleague has no issues at all. Very odd but hopefully the issue is limited to my own account. I'd sill like to get to the bottom of it because I think it might happen to others as we will migrate a few 1000 users. Will post back when I find anything.



    Best regards and many thanks in advance, Eric Vegter

    Friday, April 25, 2014 10:05 AM
  • Hi Eric,

    If you can access your mailbox in other users’ computer and the issue only happens in your computer with IE, please remove the cookies in Microsoft Internet Explorer, follow these steps to have a try:

    1. Go to Internet Explorer, open Internet Options.

    2. On General tab, click Delete.

    3. Select the Cookies and website data option, and then click Delete.

    Then restart your IE browser to check whether the issue persists.

    Regards,


    Winnie Liang
    TechNet Community Support

    Monday, April 28, 2014 1:15 AM
  • Hi Winnie, Thanks for your reply. I actually reset and cleaned up anything related to IE and still the same issue. I installed another browser to check and then it all worked fine. After some more digging in Temp and other profile related folders and registry I decided to rename my TS profile and login again with a clean profile. That did work fine so now I have to find out what in my old profile could cause it. I'll recheck the IE cookies you mention but I'm sure I deleted those already. Will post the result later.

    Best regards and many thanks in advance, Eric Vegter

    Monday, April 28, 2014 6:40 AM
  • Hi Eric,

    I just want to make sure if you have obtained the opportunity to test the solution. If anything is unclear with the previous information I've provided to you, please don't hesitate to let me know.

    Regards,


    Winnie Liang
    TechNet Community Support

    Friday, May 2, 2014 3:10 AM
  • ... I prepared the Exchange 2007 internal/external URLs for OWA/OAB/etc to use the legacy.domain.com names ...

    The Exchange 2007 Autodiscover Internal URI and Outlook Anywhere URL should be pointing to the Exchange 2013 server. I assume, you've configured them with the legacy name and that might be the real reason for your problem.

    Double check the Exchange 2007 URL, and make sure that you've configured the Web Services and UM (even if you are not using UM) URL as well.

                                                                      

    Step by Step Screencasts and Video Tutorials

    Friday, May 2, 2014 8:06 AM
  • Hi,

    technically everything is working perfectly and yes, the e2007 servers are internally and externally available as legacy.domain.com and the e2013 servers as email.domain.com. All internal and external URLs are configured with proper authentication methods etc. 

    My issue was/is related to something in my (old) user-profile that only affected the way that Internet Explorer accesses the OWA service. It might have something to do with cookies or other cached info. I reset my IE and cleared all temp and cookie data which did not help so then I simply removed my profile and after that I had no issues anymore.

    Yesterday we built everything in the production environment and no issues at all using the identical setup, so my issue was just a single incident that unfortunately hit me while installing and testing in the test-environment.

    Thanks all for the contributions!


    Best regards and many thanks in advance, Eric Vegter


    Friday, May 2, 2014 9:11 AM
  • Hi Eric,

    Glad to heard that the issue doesn’t occur in your IE anymore. And thanks for your sharing.

    Regards,


    Winnie Liang
    TechNet Community Support

    Monday, May 5, 2014 1:20 AM
  • Hi,

    Im might have this same problem. I have Exchange 2013 CU5 and Exchange 2007 SP3 environment. Before migration redirection works nice. User will get OWA 2013 login screen and after that it is redirected nicely to OWA 2007.

    But when I migrate this user to Exch 2013 he will get OWA 2013 login screen and after that he is redirected to Exch 2007 owa and it asks user to login Exch 2013 owa.

    If I check OWA Logs from Exchange log folders it says that Users' client Access server is legacy exchange server. And this happens still after 2 hours of migration.

    2014-06-03T06:03:46.735Z,338e5065-4012-4a4c-8d12-aed16243267d,15,0,913,7,,Owa,mail.newserver.com,/owa/auth.owa,,FBA,True,domain\user.testaaja3,,Sid~S-1-5-21-6776287-525760540-208020174-17147,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,10.3.37.168,EXCHSERVER,200,,,POST,,,,,WindowsIdentity,,,,175,,,,3,1,,0,,0,,0,0,,0,15.6243,0,,,,,,,,,0,1,0,,1,,4,4,,,BeginRequest=2014-06-03T06:03:46.719Z;CorrelationID=<empty>;ProxyState-Run=None;ClientAccessServer=legacy.intra.local;ResolveCasLatency=0;ProxyState-Complete=CalculateBackEnd;EndRequest=2014-06-03T06:03:46.735Z;,

    At some point (maybe after 4 to 5 hours) user is not redirected anymore and he can log in to OWA 2013. What can cause so long time that IIS (or OWA) realises that user has already been migrated?

    Regards,

    Vesa

    Tuesday, June 3, 2014 6:34 AM
  • I noticed that after recycling MSExchangeOWAAppPool user(s) was able to login to owa and get owa 2013 UI instead of redirection to OWA 2007 where was link to OWA 2013.

    So at least recycling OWA app pool is workaround but it would be nice to know why it takes so long without recycling :).

    -Vesa

    Tuesday, June 3, 2014 7:06 AM
  • Hi Vesa,

    another issue we have is that the EAS devices keep trying to connect to their old e2007 databaseguid. This also is related to client-side cookies and exchange service apppool caching, combined with the fact that we removed the old (empty) databases after all mailboxes were moved. Rather frustrating issue too.. Overall not all that happy with the move to e2013 yet ;)

    rgds

    Eric


    Best regards and many thanks in advance, Eric Vegter

    Tuesday, June 3, 2014 1:19 PM
  • This seems to be an outstanding issue.

    We just performed a fresh install of Exchange 2013 on a Windows Server 2012 R2 operating system. We're migrating from our existing Exchange 2007 server. At the moment we have everything properly setup in a co-existence state. All we lack is to complete the migration of our mailboxes from the 2007 DB to the 2013 DB.

    In performing the first mailbox move, to test the migration process and make certain mail flows as expected, we noticed this same problem. Before reading through this thread, I was able to assign Full Access to a delegate user and then perform the "Open Mailbox" feature from a 2013 user's account. This was successful in opening the mailbox within OWA 2013. However, I still could not access the account by simply logging into the Outlook Web App. It would login, then proxy back to OWA 2007 with the message, "Use the following link to open this mailbox with optimal performance: http://mail.domainname.com/"

    After reading about cycling the OWA app pool, I immediately tried it as a workaround and it worked. It is a little frustrating going about it in this way. Hoping to see more activity on this thread.

    -Lorne
    • Edited by lthomas27 Monday, August 25, 2014 6:46 AM name
    Monday, August 25, 2014 6:45 AM