DAG Kerberos Authentication Issue Exchange 2010 on 2008R2 Servers

Similar Messages

• Exchange 2013 EAC will not run with Exchange 2010 CAS\HT servers shut down.

  Hi Folks,
  A little background - We have just migrated all our user mailboxes and public folders to Office 365 using a hybrid configuration. Now that the migration is essentially finished, I'd like to decommission our on-prem Exchange infrastructure and remove the
  hybrid config. We are using dirsync with password sync to replicate our AD to the cloud.
  I've read that even if you remove your hybrid configuration, it's a good idea to keep one on-prem Exchange server around so you can edit Exchange attribs (such as email addresses) in a supported manner, rather than using ASDI edit, etc.
  To this end, I installed a single Exchange 2013 CA\MBX server. After installation, the EAC worked fine, and I was able to view our on-prem users, groups, etc. Last week, I shut down our two Exchange 2010 CAS\HT servers as a test to see if anything broke
  prior to decommissioning them (these were the hybrid servers as well). After doing so, the Exchange 2013 EAC no longer works for some reason, and behaves in a very bizarre fashion. About once every 20 times or so, it will actually start and run. The other
  times, it just has you enter your creds, then generates an HTTP 500 internal server error after entering them. It seems to make no difference if you attempt to access it by the fqdn, hostname, or localhost right on the box itself. Same behavior on Chrome or
  IE.
  Today as a test, I started up one of the 2010 CAS servers and lo and behold, the 2013 EAC ran without difficulty again. Any idea why this might be so? Thanks for any help,
  Ian

  Hi,
  From your description, I recommend you use the following URL to check if you can access EAC. I see it works for several people about this issue.
  https://<Exchange 2013 CAS FQDN>/ecp?ExchClientVer=15
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Outlook 2011 for Mac not authenticating with Exchange 2010

  Hi,
  We have an issue with our Mac Clients authenticating with our Exchange Server. We have Exchange 2010 Version 14.03.0174.001. 
  Outlook is saying the credentials are incorrect for the user when we know they work fine in OWA and in Outlook 2010.
  It seems this is since we re-keyed are SSL certificate. I have changed the EWS directory to Basic Authentication and also re-created the EWS directory. I have also re-ran all the SBS Wizards.
  Is there anything else we can do to get this sorted?
  Thanks 

  Hi Robert,
  I found a KB for your reference:
  Sending email error "Authentication failed. Error 17897" in Outlook 2011 for Mac
  http://support.microsoft.com/kb/2492901
  If it not matches to yours, please paste the details without sensitive information.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Active Sync Issue - Exchange 2010

  Hey,
  Alright I have had some issues with some iPhones connecting to our Exchange 2010 server.  When i run the Testconnectivity test, I receive a timeout error on the last step:  
  Attempting the FolderSync command on the Exchange ActiveSync session. 
    The test of the FolderSync command failed. 
   Additional Details 
  Exception details:
  Message: The operation has timed out
  Type: System.Net.WebException
  Stack trace:
   at System.Net.HttpWebRequest.GetResponse()
   at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()
  Elapsed Time: 100439 ms.  
  When I run the Test from Powershell I receive the following message:
  [System.Net.WebException]: The underlying connection was closed:  Could not establish trust relationship for the SSL/TLS secure channel. Inner error [System.Security.authentication.AuthenticationException]: The remote certificate is invalid according
  to the validation procedure.
  I have already taken a number of steps including removing all of the Exchange Certificates that are not current.  I have also reassigned them to the correct services.  I have recreated the Active Sync Virtual Directory.  Among other things.
  I can't seem to find anything that points me to the correct direction so if anyone has any ideas on what I can look at, it would be appreciated. 
  At this point, I can't create the Exchange account on any new Active Sync clients (I have tested from an iPhone and Android phone) however a few people who had the account already setup get random e-mail messages that come through.
       

  I turns out the issue was Trend. I uninstalled this software and everything started working correctly.

• Kerberos Authentication Issues. 

  Our set up is as follows. In Directory Access we have our own clients set to receive their LDAP information via DHCP from our Mac OSX server and when in our office - or indeed, at a location that does not have a Mac OS X server - Kerberos Authentication to our server works just fine.
  However, when out of the office and in a location that also has a Mac OSX Server providing it's LDAP information via DHCP, naturally, we pickup that location's Kerberos Realm and this prevents us from making a connection to our Office VPN server which is running on our Mac OSX Server. To work successfully, it requires Kerberos Authentication but when prompted to enter our Kerberos password, the dialogue box appears with the local site's Kerberos Realm and even if I type in our office's Realm, it still will not work. How can we avoid this situation, other than turning off Kerberos Authentication completely. 
  The krux of the matter is that when off-site, my computer seems to pick up the Kerberos Realm of the system I'm in and completely forgets my own realm, thus not allowing me to authenticate until I return to my own office. I don't seem to be able to manually override it either.
  Is there something I am missing here?

  afaict what you're expierencing is default behaviour. Kerberos on a client machine gets autoconfigured by means of reading the KerberosClient record in the LDAP database in use. This happens dynamically so having LDAP server coming from dhcp configures kerberos as laid out in that LDAP server KerberosClient record.
  See man kerberosautoconfig which is the tool actually run to achieve this.
  HTH
  -Ralph

• Upgrading from Exchange 2003 Bridgehead servers to Exchange 2010 Transport Hub servers for routing SMTP only

  Our company moved from on-premises Exchange 2003 to Office365 and only have 4 Exchange 2003 servers on-prem that we use for Routing email from application servers to Office365. We need to migrate these servers to Exchange 2010 then to Exchange 2013 and
  only route email only. Is it possible to upgrade to Exchange 2010 by installing the transport Hub & Mailbox server options only? Our OAB and EWS services come from the CAS servers located on Office365 so we should not need a CAS server to set up Transport
  rules or route mail would we? Any assistance with this would be greatly appreciated! - Thanks, DWB
  Dave

  Since it is not internet facing we will not have to worry about configuring an Internet Domain Name when installing the first server, correct? in my planning I was going to
  install the Exchange 2010 CAS/Mailbox/Transport Hub roles on one server, then upgrade it to Exchange 2013. Once this is completed I'll then install the 2 mailbox role servers in one Datacenter, and 3 more in our DRP DC. If something happens to the
  primary Datacenter I would want it to fail over to the other site. For this I would have to install another CAS/mailbox server in the secondary DC. Would this plan sound about right? Since we moved to Office365 in 2010 I have not had a chance to deal with
  actual servers except for the Exchange 2003 servers we still have on-premises. Each of these are located in 4 Regional offices along with single Windows 2008 R2 servers using only the IIS SMTP service for routing mail from on-prem application servers
  and print/scanners which email back to the users. The plan is to move to a routing system which will provide both MTA and redundancy if one has an issue.
  Dave

• Decommissioning Exchange 2010 Public Folder servers

  I have 4 Exchange 2010 SP3 RU6 Public Folder servers. I need to get rid of 2 of them so I can re-use the hardware. The 2 I need to get rid of are replication partners (one replicates to the other) and only have about 5GB of PF data. I want to move the data
  to the other 2 Public Folder servers (they are replication partners with each other). Those 2 servers have about 200GB of PF data. Do I just run .\MoveAllReplicas.ps1 -Server OldServer -NewServer NewServer on 1 server since it has the same data as the other
  one? I am just trying to figure out how to get the data from the 2 "old" PF servers (it is the same data since 1 replicates to the other) to the 2 newer ones which are the main PF servers (again, one replicates to the other). Also, this command won't
  erase what is already on the newer servers, right? I assume it will just add to the existing.
  Jason
  HDL

  Hi,
  You need to replicate public folder firstly, after you make sure the public folder replication is completed, you can use the .\MoveAllReplicas.ps1 to move all replicas to the server that you want to keep.
  Replicating public folders won't remove the existing public folders.
  You will have to run  .\MoveAllReplicas.ps1 -Server OldServer -NewServer NewServer command on both server, this command actually remove the public folder replicas on the old Exchange server. If you don't remove public folders replicas on the old
  server, you won't remove pulic folder database successfully.
  Best regards,
  Belinda Ma
  TechNet Community Support

• HT Rules Priority Issue exchange 2010 sp3

  I have got 12 HT rules and ALL are all the same …
  Email comes in for [email protected] redirects to
  [email protected] , Email comes in for
  [email protected] redirects to [email protected] and so on
   .  Seems intermittently working. 
  I understand the priority is kicking in here.  I move around the rules and they work …and one starts working other fails etc.
  Any thoights????
  thnx

  Hi,
  As Will Martin clarified, it is recommended to set the forwarding email address directly to redirect these users' emails. You can use the following cmdlet to do it:
  Set-Mailbox -Identity "xxx" -DeliverToMailboxAndForward $true -ForwardingSMTPAddress "[email protected]"
  For your reference:
  https://technet.microsoft.com/en-us/library/dd351134%28v=exchg.141%29.aspx?f=255&MSPPError=-2147217396
  Hope this can be helpful to you.
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Amy Wang
  TechNet Community Support

• Exchange 2010 MP - CAS servers not beeing discovered

  Hi!
  I have 2 CAS-servers that are not beeing discovered. Trigger on Demand discovery against  these servers fails. Is there a way I can manually force these servers to this role?
  Best regards
  Rune Haugen

  Hi,
  Have you checked the option "Allow this agent to act as a proxy and discover managed objects on other computers" for all your Exchange servers? 
  Please also try to flush health service state and caches for the CAS servers.
  More details about flush health service state and caches, please refer to the link below:
  http://technet.microsoft.com/en-us/library/hh212884.aspx
  Regards
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Exchange 2013 co-existence with Exchange 2010 proxying issue.

  Hello,  
  I am testing Exchange 2010 and Exchange 2013 co-existence in my test lab at the moment, with
  a view to migrating our production environment to 2013 later in the year.  
  The lab is setup, and the problem I'm having is that internal Outlook clients cannot open
  their respective mailboxes once the 2013 CAS server is introduced into the mix.  
   The
  setup is listed below:  
  EXCHANGE 2010 Servers  
  TESTLABEXCH01 - CAS,HT,MBX - Exchange 2010 SP3  
  TESTLABEXCH02 - CAS,HT,MBX - Exchange 2010 SP3  
  Both servers are part of a CAS Array - casarray01.testlab.local  
  Both servers are part of a DAG - DAG01.testlab.local  
  RpcClientAccessServer on all 2010 databases set to casarray01.testlab.local  
  The A record for casarray01.testlab.local points to the IP of the VIP of a load balancer.  
  The loadbalancer serves
  the following ports: 25,80,443,143,993,110,995,135,60200,60201  
  OutlookAnywhere is enabled on both servers:  
  ClientAuthenticationMethod : Ntlm  
  IISAuthenticationMethods   : {Basic, Ntlm}  
  Internal and external mail flow works without issue before the 2013 server is introduced. 
  Internal and external client access works without issue before the 2013 server is introduced. 
  Part Two to follow.....
  Matt

  EXCHANGE 2013 Servers :
  TESTLABEXCH03 - CAS,MBX - Exchange 2013 SP1  
  OutlookAnywhere is enabled on the server:  
  ClientAuthenticationMethod : Ntlm  
  IISAuthenticationMethods   : {Basic, Ntlm}  
  RpcClientAccessServer on all 2013 databases set to casarray01.testlab.local
  (This an inherited setting I assume from the pre-existing 2010 organization)  
  Split DNS is in place and all internal/external URL's point to either:  
  autidiscover.external.com  
  mail.external.com  
  The A record for the mail.external.com points to the IP of the load balancer VIP  
  The CNAME record for autodiscover.external.com points to mail.external.com  
  When the TESTLABEXCH03 is added to the load balancer config,
  and given highest priority this is when the Outlook clients stop working.  
  Any existing profiles in Outlook 2010/Outlook 2013 can no be opened as there is a persistent
  credentials prompt.  
  Upon trying to create a new profile, the process errors when reaching the "Log onto server"
  stage and again prompts for credentials.  
  Running the test-outlookconnectivity cmdlet from
  either of the 2010 servers produces the following results.  
  [PS] C:\Windows\system32>Test-OutlookConnectivity -Protocol:http  
  ClientAccessServer   ServiceEndpoint                         
  Scenario                            Result  Latency  
  TESTLABEXCH02  autodiscover.external.com    Autodiscover:
  Web service request.  Success  343.20  
  TESTLABEXCH02  casarray01.testlab.local       RpcProxy::VerifyRpcProxy.  
  Success    0.00  
  TESTLABEXCH02  casarray01.testlab.local         RFRI::GetReferral.                 
  Failure   -1.00  
  TESTLABEXCH02  casarray01.testlab.local        NSPI::GetProfileDetails.           
  Failure   -1.00  
  TESTLABEXCH02  casarray01.testlab.local        
  Mailbox::Connect.                   Failure   -1.00 
  TESTLABEXCH02  casarray01.testlab.local        
  Mailbox::Logon.                     Skipped   -1.00  
  If remove the 2013 CAS server from the loadbalancer config and
  all connections go directly to the 2010 servers again, all of the above tests pass and Outlook connectivity is also restored.  
  IIS has been reset on all 3 servers incidentally, following any changes made whilst troubleshooting. 
  I'm struggling to see what I'm missing here, if anyone can assist in troubleshooting this
  matter further, or point out any errors in my setup it would be greatly appreciated.  
  Regards  
  Matt 
  Matt

• Relay issue from Unix across Exchange 2003 OWA server in Exchange 2010 environment

  Hi,
  I'm trying to resolve an issue.  We have one Exchange 2003 server left in our environment. The rest is now Exchange 2010.  We are working to decommission this server. Monitoring the SMTP logs, I am working with the various groups to get the traffic
  off this server and onto the Exchange 2010 environment.
  The issue we are finding is with a work flow. This Java app for eBis sends email to users. This is done correctly through Exchange 2010 and gets delivered from our HUB/CAS servers to the target user mailbox. This email has several links the user must click
  for approving or rejecting requests. Upon clicking Approve, a new email window opens (we use Outlook 2010).  The TO address is in the format of [email protected]  Upon clicking Send, our Exchange 2010 HUB/CAS servers accept the
  email, because one of our send connectors has, as address space, *.domain.corp.  However, the email address being used it not an alias on any Exchange 2010 mailbox, so it appears Exchange 2010 is sending this email on to the Exchange 2003 server, which
  also is an SMTP server.  I *think* this server is looking at the address after @ to determine where to send it (ebisserver.domain.corp, which is valid in our DNS), and sends it on to that server, where the java "listener" program intercepts
  the mail, processes it and then saves it to a file somewhere.
  We are at a loss as to how to get Exchange 2010 to do this instead of Exchange 2003... once this traffic is eliminted from Exchange 2003, I can proceed with decommission of this server.  Any help troubleshooting this issue is appreciated.

  The only reason the Exchange 2010 server would route outbound mail through an Exchange 2003 server is that you have an SMTP Connector defined on the Exchange 2003 server that has a more specific domain than you have on the Exchange 2010 server.  You
  should be able to see all your Send Connectors (an SMTP Connector on Exchange 2003 looks like a Send Connector in Exchange 2010) by running Get-SendConnector.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Exchange 2010 - 2013 Coexistence Issues

  I am migrating from Exchange 2010 to Exchange 2013, the Exchange 2013 is built in a different Geo-location site with its dedicated domain controllers in the new site. I have confirmed the mail flow between Exchange 2010 and 2013 mailboxes. I am able to discover
  Exchange 2010 servers from 2013 environment via Get-ExchangeServer shell command. However, I am not to discover Exchange 2013 servers from 2010 environment. 
  I need to configure Outlook Anywhere and Service Connection Point (Autodiscover) on Exchange 2010 to accept connections from Exchange 2013 servers. 
  Any suggestions would be much appreciated, thanks!

  Hi ,
  Please have a look in to the below mentioned blog after reading that blog i came to know few things .
  I am not sure ,i thought exchange 2013 servers will not be displayed in exchange 2010 management shell.
  Better and advisable method is to configure your exchange 2010 and 2013 servers via EAC or Shell in exchange 2013.
  http://exchangeserverpro.com/exchange-server-2010-2013-migration-managing-co-existence-environment/
  Taken from the above blog :
  You can’t use the Exchange 2010 EMC to manage Exchange 2013 objects and servers. While customers upgrade to Exchange 2013, we encourage them to use the EAC to:
  Manage Exchange 2013 mailboxes, servers, and corresponding services.
  View and update Exchange 2010 mailboxes and properties.
  View and update Exchange 2007 mailboxes and properties.
  We encourage customers to use Exchange 2010 EMC to create Exchange 2010 mailboxes.
  We encourage customers to use Exchange 2007 EMC to create Exchange 2007 mailboxes.
  Customers can continue to perform management tasks using the Exchange Management Shell and script tasks.
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Silly Doubt in Exchange 2010 - Datacenter SwitchOver

  Hi Team
  i have a very silly doubt in my exchnage 2010 environment with two sites
   two mailbox servers (Site A )  and another two mailbox servers in site B  .All the four mailbox servers is same DAG 
  site A mailbox database copies are available in site B and Vice Versa.
  in site A , if two mailbox servers is down / not reachable, automatically the database are moved from site A to Site B and mounted over there. and normal mailflow is happening with interruption of few sec / minutes
  then why we need Datacenter SwitchOver  and what is is purpose of doing Datacenter SwitchOver and Datacenter SwitchBack, as the mailflow is functioning without any issue
  it may be silly , but i would like to be very clear from  top of my head
  thanks team

  Hi Li, 
  Correct , that is not a problem for me now. The problem is below as mentioned 
  i just started the datacenter switch over  from one site to another site and unfortunately i have been halted in the initial stage itself in my test environment
  Site: Main-Office
  One Domain Controller: Indlabbitesdc01.labbites.co.in  - Hosting
  DNS Services
  One Hub Server: Indlbht01.labbites.co.in  - Witness Server 
  2 CAS server (CAS ARRAY) - casarray1.labbites.co.in and casarray2.labbites.co.in
  Casarray IP: 172.29.137.50
  2 Mailbox Servers – Indlbmb01.labbites.co.in and indlbmb02.labbites.co.in
  Dag Name: DAG1
  DAG IP: 172.29.137.140
  Site: GUINDY-OFFICE
          - No WIteness server in this SIte
  One Additional Controller: Labdeldc01.labbites.con.in
  One HUB and CAS Server: indlbguex01.labbites.co.in
  2 Mailbox servers – indlbgumbx01.labbites.co.in and indlbmb03.labbites.co.in
  Both mailbox servers are members in DAG1
  As per Plan , DAC is enabled in DAG1 
  Next step i shutdown all the servers Site:
  Main-Office and trying to open the powershell from one of the mailbox from Site: GUINDY-OFFICE  for issuing the command Run the Stop-DatabaseAvailabilityGroup cmdlet in the shell  and i got
  the below error
           VERBOSE:
  Connecting to indlbgumbx01.labbites.co.in
  [indlbgumbx01.labbites.co.in]
  Connecting to remote server failed with the following error message : WinRM cannot proces
  s
  the request. The following error occured while using Kerberos authentication: There are currently no logon servers available to service the logon request.
   Possible causes are:
    -The user name or
  password specified are invalid.
    -Kerberos is used
  when no authentication method and no user name are specified.
    -Kerberos accepts
  domain user names, but not local user names.
    -The Service Principal
  Name (SPN) for the remote computer name and port does not exist.
    -The client and
  remote computers are in different domains and there is no trust between the two domains.
   After checking for
  the above issues, try the following:
    -Check the Event
  Viewer for events related to authentication.
    -Change the authentication
  method; add the destination computer to the WinRM TrustedHosts configuration setting or us
  e HTTPS transport.
   Note that computers
  in the TrustedHosts list might not be authenticated.
     -For more
  information about WinRM configuration, run the following command: winrm help config. For more information,
   see the about_Remote_Troubleshooting
  Help topic.
      + CategoryInfo
           : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
     eption
      + FullyQualifiedErrorId
  : PSSessionOpenFailed
  Exception calling "GetComputerDomain"
  with "0" argument(s): "The local computer is not joined to a domain or the domain
   cannot be contacted."
  At C:\Program Files\Microsoft\Exchange
  Server\V14\bin\ConnectFunctions.ps1:204 char:70
  +     [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain
  <<<< ().Forest.Name
      + CategoryInfo
           : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId
  : DotNetMethodException
  Exception calling "GetComputerSite"
  with "0" argument(s): "The specified domain either does not exist or could not be c
  ontacted.
  At C:\Program Files\Microsoft\Exchange
  Server\V14\bin\ConnectFunctions.ps1:164 char:92
  +     $localSite=[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite
  <<<< ()
      + CategoryInfo
           : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId
  : DotNetMethodException
  Exception calling "FindAll"
  with "0" argument(s): "Unknown error (0x80005000)"
  At C:\Program Files\Microsoft\Exchange
  Server\V14\bin\ConnectFunctions.ps1:253 char:17
  +     $search.FindAll
  <<<< ()
      + CategoryInfo
           : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId
  : DotNetMethodException
  You cannot call a method
  on a null-valued expression.
  At C:\Program Files\Microsoft\Exchange
  Server\V14\bin\ConnectFunctions.ps1:146 char:33
  +      
            $siteName = $siteDN.ToString <<<< ().SubString(3).Split(",")[0]
      + CategoryInfo
           : InvalidOperation: (ToString:String) [], RuntimeException
      + FullyQualifiedErrorId
  : InvokeMethodOnNull
  WARNING:
  No Exchange servers are available in the Active Directory site . Connecting to an Exchange server in another
  Active Directory site.
  Failed to connect to an
  Exchange server in the current site.
  Enter
  the server FQDN where you want to connect.: lbdeldc01.labbites.co.in
  VERBOSE: Connecting to
  lbdeldc01.labbites.co.in
  [lbdeldc01.labbites.co.in]
  Connecting to remote server failed with the following error message : WinRM cannot process t
  he request. The following
  error occured while using Kerberos authentication: There are currently no logon servers avail
  able to service the logon
  request.
   Possible causes are:
    -The user name or
  password specified are invalid.
    -Kerberos is used
  when no authentication method and no user name are specified.
    -Kerberos accepts
  domain user names, but not local user names.
    -The Service Principal
  Name (SPN) for the remote computer name and port does not exist.
    -The client and
  remote computers are in different domains and there is no trust between the two domains.
   After checking for
  the above issues, try the following:
    -Check the Event
  Viewer for events related to authentication.
    -Change the authentication
  method; add the destination computer to the WinRM TrustedHosts configuration setting or us
  e HTTPS transport.
   Note that computers
  in the TrustedHosts list might not be authenticated.
     -For more
  information about WinRM configuration, run the following command: winrm help config. For more information,
   see the about_Remote_Troubleshooting
  Help topic.
      + CategoryInfo
           : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [], PSRemotingTransportExc
     eption
      + FullyQualifiedErrorId
  : PSSessionOpenFailed
  [PS] C:\Windows\system32>

• OWA Exchange 2010 and 2013 Co-Existance

  Hi All
  I have 2 new Exchange 2013 Multi role servers in a test environment. I have setup the namespace's in the following way
  Communcal OWA URL - exchange.domain.co.uk/owa
  Server 2013 Boxes
  OWA URL Internal and External - owa.domain.co.uk/owa
  Server 2010 Boxes
  OWA Internal - legacy.domain.co.uk
  OWA External - legacy.domain.co.uk
  Authentication on Exchange 2010 boxes is set to basic, form based.
  Authentication on Exchange 2013 boxes is set to basic and form based.
  When users hit are exchange.domain.co.uk/owa it is sent to 2013 servers. This we then want to process all requests and proxy connections to 2010. Accessing a 2013 mailbox is fine, however 2010 users just get the message, opening mailbox, it then sticks on
  Still Working on it for indefinite and never progress'.
  Have tried removing the External URL from 2010 as I have seen suggested elsewhere but this makes no difference.
  ECP address' match what OWA are and certificates include all 3 namespaces.
  Many THanks in advance for any assistance
  Jason

  Hi All
  I have 2 new Exchange 2013 Multi role servers in a test environment. I have setup the namespace's in the following way
  Communcal OWA URL - exchange.domain.co.uk/owa
  Server 2013 Boxes
  OWA URL Internal and External - owa.domain.co.uk/owa
  Server 2010 Boxes
  OWA Internal - legacy.domain.co.uk
  OWA External - legacy.domain.co.uk
  Authentication on Exchange 2010 boxes is set to basic, form based.
  Authentication on Exchange 2013 boxes is set to basic and form based.
  When users hit are exchange.domain.co.uk/owa it is sent to 2013 servers. This we then want to process all requests and proxy connections to 2010. Accessing a 2013 mailbox is fine, however 2010 users just get the message, opening mailbox, it then sticks on Still
  Working on it for indefinite and never progress'.
  Have tried removing the External URL from 2010 as I have seen suggested elsewhere but this makes no difference.
  ECP address' match what OWA are and certificates include all 3 namespaces.
  Many THanks in advance for any assistance
  Jason

• Microsoft Exchange 2010 and Outlook 2013

  My colleagues computer suddenly crashed yesterday and it wouldn't restart without a system restore.
  Now when we try to open up Outlook it says that you must connect to Microsoft Exchange at least once before you can usse your Outlook Data file (.ost)
  Also The PC has lost the trust relationship on the domain
  We have exchange 2010 and the servers OS is Microsoft Windows Small Business Server 2011 and the Client PC is running off of Windows 8.
  Can you please help me resolve this issue?
  kind regards
  Steve Bradshaw
  [email protected]

  It might be possible that the MAPI key (which enables Outlook to synchronize with Exchange) has been deleted due to the System crash. So, in order to establish the connection, you need to Reconnect the OST file to the original MAPI profile and then reconnect
  then MAPI profile to Exchange Server. 
  If the above method fails to resolve the issue, then the best option for you would be to take the help of any professional OST to PST Conversion Software, which will help you to Extract data from your OST file and convert it to PST file which you can import
  back to your Outlook to establish the connection with Exchange Server again.
  You can check this
  presentation for more info.