none
exchange 2010 CAS redirect to Exchange 2003 OWA error

    Question

  • Exchange 2010 CAS and Exchange 2003 OWA server are co-existing. I've already specified the exchange2003URL parameter for the redirection in the exchange command shell. For exchange 2003 mailbox users, I can successfully login directly https://ex2k3server.domain.com/exchange.
    But If I login via https://ex2010.domain.com/exchange, I get redirected (exchange 2003 login prompt) then
    when I enter the username\pwd, I get  500 Internal error at https://ex2k3server.domain.com/exchweb/bin/auth/owaauth.dll.

    If I enable Forms based auth on the exchange 2003 server, login works fine. I do not want to enable forms based auth because although this may
    work fine internally, my owa machine is published on ISA 2006 for remote users and per Microsoft, " When ISA Server is being used to publish Exchange Web client access, forms-based authentication should only be configured on the ISA Server computer"

    Another thing, why do I always need to enter the domain name \ username prefix when logging in to exchange 2101 OWA ?
    In OWA 2003 I can simply enter the username and password, without the domain\ prefix.
    Wednesday, December 23, 2009 12:57 PM

Answers

All replies

  • Have you change the default OWA url in you exchange 2010 to https://ex2010.domain.com/exchange?
    If you go to OWA (in Server Configuration --> Client Access), you can see the default website.

    Regarding your second question, go to Server Configuration --> Client Access. Click on OWA properties and go to Authentication tab. Select "Username only" and choose the domain users need to log on.


    Elie B. MCITP: EMEA|EA|SA Blog: http://blog.elieb.info
    Wednesday, December 23, 2009 1:47 PM
  • change the default OWA url in exchange 2010 to https://ex2010.domain.com/exchange?
    When i go to OWA in Server Configuration --> Client Access, I see under the general settings tab
    the internal URL set to https://ex2010.domain.com/owa
    should I change this to https://ex2010.domain.com/exchange ?

    Wednesday, December 23, 2009 2:12 PM
  • I'm a bit confused, why would you need to do that? 
    You can customize the URL by just changing the internal/external URL and you should "iisreset" after that

    Elie B. MCITP: EMEA|EA|SA Blog: http://blog.elieb.info
    Wednesday, December 23, 2009 2:47 PM
  • I thought you were asking me to do that in your first post.
    I haven't changed the internal URL. I don't think I need to.
    There is not enough information online or in books on getting exchange 2010 CAS to redirect to OWA 2003.
    All that is said is to configure the exchange2003url parameter in http://technet.microsoft.com/en-us/library/ee332348.aspx
    and that's what I did. The redirection works, but only if Forms based auth is set on exchange 2003 OWA.
    Wednesday, December 23, 2009 3:16 PM
  • The MS Exchange team has a great article about the coexistance with 2003 and 2010.

    You can read more about it here:

    Upgrading Outlook Web App to Exchange 2010
    http://msexchangeteam.com/archive/2009/12/02/453367.aspx

    I should also point out that your 2010 URL should be https://ex2010.domain.com/owa not /exchange.  When a user goes to log in 2010 will do a look up on AD and discover the users mailbox on 2003 and redirect them to the 2003 legacy url.


    SF - MCITP:EMA, MCTS: Exchange 2010, Exchange 2007, MOSS 2007, OCS 2007 -- http://www.scottfeltmann.com
    Wednesday, December 23, 2009 3:27 PM
  • Yes that's one of the few articles on this topic but it provides more scenarios than actual configuration and how-to.
    I'm going to attempt reinstalling the  exchange 2003 front-end.
    I've tried both ex2010.domain.com/owa and ex2010.domain.com/exchange, and keep getting 500 Internal error.
    Wednesday, December 23, 2009 4:46 PM
  • What is Authentication set for on the 2003 FE?

    If you're using ISA you may be having login certificate issues as well.

    So users will hit the ISA 2006 server for login on forms based auth right? 

    Then they will log in and hit the 2010 server.  The 2010 server will see the user is on 03 and redirect them to 2003 using the url you specified.  Is that listener configured on ISA 2006 with that legacy url with the proper cert?

    Have you seen this article?

    ISA 2006 SP1 Configuration with Exchange 2010
    http://msexchangeteam.com/archive/2009/12/17/453625.aspx
    SF - MCITP:EMA, MCTS: Exchange 2010, Exchange 2007, MOSS 2007, OCS 2007 -- http://www.scottfeltmann.com
    Wednesday, December 23, 2009 5:04 PM
  • ISA 2006 does not come into the picture yet, since I am testing internally at this point. If that works fine, then I will test remote owa clients.
    I need to first get rid of this http 500 internal error
    Wednesday, December 23, 2009 8:06 PM
  • Ok so I've installed a new OWA front end server, re-installed certificate authority and IIS, entered the redirect exchange2003url on the exchange 2010 cas to point to the owa front end server, and after all that I still get the same 500 internal error.
    https://owa2003.domain/exchange works fine
    https://ex2010.domain.com/exchange works fine but if I login with exchange 2003 user, I get automatically redirected to the owa2003 prompt(redirect url that I set) where I login again, and then the 500 internal error shows up at https://owa2003.domain.com/exchweb/bin/auth/owaauth.dll. If, at that point, I clear the url in the address bar and just enter https://owa2003.domain.com/exchange I get the users inbox.
    Thursday, December 24, 2009 4:53 PM
  • Hi,

     

    I am able to reproduce your issue on my lab. Currently, I do not find much information/reason regarding why the issue occurs.

     

    Nevertheless, based on my test, if you set the legacyredirecttype to manual, the issue can be solved. However, the Exchange 2003 user is required to click the LegacyURL.

     

    For your reference regarding the command:

     

    Set-OwaVirtualDirectory

    http://technet.microsoft.com/en-us/library/bb123515.aspx

     

    Mike Shen

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  

    • Marked as answer by Anand_N Tuesday, December 29, 2009 1:17 AM
    Friday, December 25, 2009 8:12 AM
  • Setting the legacyredirecttype to manual presented the user with a link to https://owa2003.domain.com/exchange. While this is a workaround, if
    a remote internet user with an exchange 2003 mailbox logs in to https://ex2010.domain.com/owa they will be presented with the link to
    https://owa2003.domain.com/exchange. But how should I configure my external dns so that the user's computer will know where owa2003.domain.com is ? Should dns query for owa.2003.domain.com resolve to the same public ip of ex2010.domain.com ? This may cause a loop ?
    Friday, December 25, 2009 12:56 PM
  • I'm running into the exact same scenario.  I didn't want to resource to using the legacyredirecttype option.  Hopefully there will be a fix sometime soon?
    Wednesday, February 10, 2010 6:55 PM
  • Hi Mike,

     

    It has been 8 months since you posted the workaround above.  Have you got any update on if that known issue has been fixed?  My Exchange 2010 RTM still gives me the exact same error.

     

    Regards!

    Johnmen

    Tuesday, August 10, 2010 12:17 AM
  • I have the same issue, I have isa2004 so forms off same 500 error when redirected, works fine going straight to legacy url anyone solve this?
    Wednesday, August 18, 2010 4:43 AM
  • Any update on this issue ???

     

    When setting redirecttype to manual all works fine except the additional link and login.

    When setting to auto i get redirected but no successfull login (http error 500).

     

     

    Friday, November 12, 2010 8:01 PM
  • Is there any update. I'm having the exact same issue and would like to have the redirect be "invisible" so users can continue to use their activesync and various devices without the need to change url's and servernames
    Brandon Vignando
    Wednesday, February 23, 2011 11:48 PM
  • Brandon,  It is probably an authentication issue between 2010 and 2003. 

    Take a look at these two articles:

    Upgrading Outlook Web App to Exchange 2010
    http://msexchangeteam.com/archive/2009/12/02/453367.aspx

    and

    Upgrading Exchange ActiveSync to Exchange 2010
    http://msexchangeteam.com/archive/2009/12/08/453472.aspx

    Keep in mind that your backend server should be using FBA.  the 2010 CAS will pass the credentials into the 2003 FE. 


    SF - MCITP:EMA 2007 and 2010, MCTS: Exchange 2010, Exchange 2007, MOSS 2007, OCS 2007 -- http://www.scottfeltmann.com
    Thursday, February 24, 2011 2:53 PM