Exchange 2010/2013 coexistence published in TMG 2010
Environment:
Two Windows 2008 R2, Exchange 2010 SP3 servers, currently holding all mailboxes
Two Windows 2012 R2, Exchange 2013 SP1 servers, setup in progress
Two Windows 2008 R2, TMG 2010, V7.0.9193.540 publishing both Exchange 2010 servers.
Scenario:
I need to continue having Exchange 2010 setup in TMG as is as the mailbox migration to 2013 will take weeks if not months and I have a project requirement to have Exchange Database Availability Group (DAG) functionality for all mailboxes throughout the project,
so 4 servers are an absolute must. So I need to add Exchange 2013 in TMG and not just replace the 2010 setup with the 2013 setup and I cannot run one 2010 and one 2013 server.
Questions:
1. I currently only have 2 public IP addresses available to SMTP, mapped to the external interfaces of TMG, to allow my environment to be able receive emails on 4 Exchange servers (two 2010 and two 2013) I need to have 4 public IP addresses, is that correct?
2. Does anyone have a good general guide/blog for doing this (setting up Exchange 2013 in TMG in a coexistance scenario)?
This is nice, but doesn't really approach it from a coexistance scenario:
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Thanks!
Hi Trana,
In TMG you can use single IP address to publish multiple Web address and below are the options which you can explore.
Hope your OWA ECP etc are Https
You need a SSL certificate which has all the URL SAN entry of both old and new Exchange server.
Create a listener and select the IP address (Say public IP address 195.219.x.x)
Link the SSL certificate
Public DNS entry
A record , Single IP
195.219.x.x
Point to
Owa1.exchange1.com - Old Server
195.219.x.x
Point to
ECP1.exchange1.com - Old Server
195.219.x.x
Point to
ECP2.exchange2.com - New Server
195.219.x.x
Point to
Owa2.exchange2.com - New Server
Create a Web publishing rule as below
Old server Exchange 1
Owa1.exchange1.com
ECP1.exchange1.com
One Web publishing Rule with all the URL added on it and link the Rule with the listener we created
Point the Web publishing to Exchange1.com server which is old
New server Exchange 2
Web publishing Rule with all the URL added on it and link the Rule with the listener we created
Point the Web publishing to Exchange2.com server which is New
ECP2.exchange2.com
Owa2.exchange2.com
Similar Messages
-
Lync Edge 2013 Service Publish With TMG 2010
Hello Experts,
I have a question for Lync edge and having issue in desktop sharing and program sharing with federated partners if logged in on internal as well as external (internet) network... setup is like below.
TMG with 3 leg architecture ; 1 internal IP, 1 DMZ IP and 4 public IP's (1 for sip access, 1 for web conf, 1 for av and last one for web services)
edge pool with 1 edge server having 2 NIC and 1 Intenal IP and 3 DMZ IP on second NIC ( GW for DMZ is IP of TMG DMZ NIC card)
No Firewall.
so if all NAT rules and firewall rules configured properly on TMG should have any issue for desktop sharing/program sharing with federated partners. However some partners are working fine? Is desktop sharing / program sharing go through edge always for federated
partners?
Any information would be very helpful.
Many Thanks,
AnkurHello Ankur,
Desktop Sharing use the AV link to work. I already had some issues with TMG, check this http://technet.microsoft.com/en-us/library/ee796231.aspx
After deployed ARR to lync , I don't have more problems. Try this.
“Vote As Helpful” and/or “Mark As Answered” - Thiago Mendes da Silva - MCSE Communication - ITIL v3 Foundation - http://www.ucsteps.com/ -
We configured our Exchange 2013 servers to use Office Web App for document previews on OWA. Everything works fine internally, and externally also when we access OWA directly. But when from an outside network we open a OWA session through TMG and try to preview
a document, we get the error "Sorry we cannot open this document, an error occured . . ."
Did anyone experience such an issue ?
Thanks,
AntonioHello,
Since directing accessing OWA from CAS is fine and the issue only occur when involving TMG, I think the issue is more related to TMG settings. Please find more efficient support
via our TMG forum:
http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads
Thanks,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
Hi,
Our Exchange 2013/2007 coexistence environment is set up and all is working apart from this:
Mailbox A has full permissions to Mailbox B. Mailbox A is migrated to Exchange 2013, but Mailbox B remains on Exchange 2007. If I login to Outlook Web App 2013 as Mailbox A and then "Open another mailbox..." and select Mailbox B, a new window opens
up saying "HTTP 500 Internal Server Error". The URL it is trying is :
https://webmail.ourdomain.com/owa/[email protected]/?offline=disabled
( I can open Mailbox A in Outlook 2010 and do "Open Other users's folder.." and Mailbox B opens up just fine. )
Our legacy CAS server's External and Internal URLs are set to :
https://legacy.ourdomain.com/owa
and the Exchange 2013 CAS server's External and Internal URLs are set to :
https://webmail.ourdomain.com/owa
We have FBA enabled on both the E2K7 and E2K13 OWA
In the IIS logs:
2015-03-02 16:36:50 <E2K13_IP> POST /owa/service.svc action=SubscribeToNotification&UA=0&ID=-25&AC=1&CorrelationID=c2899211-568d-4da4-a163-351a8621c9fd_142531419466924;&cafeReqId=7ffae082-a96f-42fd-85f8-bf23775ed5de; 443 ourdomain.com\MailboxA
<LoadBalancer_IP> Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0)
https://webmail.ourdomain.com/owa/#path=/mail 200 0 0 109
2015-03-02 16:36:50 <E2K13_IP> GET /owa/ offline=disabled&CorrelationID=<empty>;&cafeReqId=7c8e137f-cdb7-4449-9cb8-f36f94539244; 443 ourdomain.com\MailboxA <LoadBalancer_IP> Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0)
- 500 0 0 265
In the OWA HTTP Proxy logs:
2015-03-02T16:36:50.096Z,7c8e137f-cdb7-4449-9cb8-f36f94539244,15,0,913,7,,Owa,webmail.ourdomain.com,/owa/,,FBA,True,ourdomain.com\MailboxA,ourdomain.com,[email protected],Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2;
.NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),<LoadBalancer_IP>,<Exchange2013ServerName>,500,,ServerNotFound,GET,,,,,ExplicitLogon-SMTP-Header,,,,0,,,,40,9,,0,7;,7,,0,7,,0,46.8643,0,,,,,,,,,1,10,0,,10,,50,50,?offline=disabled,,BeginRequest=2015-03-02T16:36:50.049Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=beebf732-0f99-47a0-9f36-d266573f1510;RefreshingCacheEntry=CacheEntry(BackEndServer
<Exchange2007ServerName>.ourdomain.com~1912832083|ResourceForest |LastRefreshTime 2015-03-02T16:01:29.3265514Z|IsSourceCachedData False);ProxyState-Complete=CalculateBackEnd;EndRequest=2015-03-02T16:36:50.096Z;I32:ADS.C[<DC_Name>]=1;F:ADS.AL[<DC_Name>]=6.6401;I32:ATE.C[<DC_Name>.ourdomain.com]=1;F:ATE.AL[<DC_Name>.ourdomain.com]=0,HttpProxyException=Microsoft.Exchange.HttpProxy.HttpProxyException:
The server <Exchange2013ServerName>.ourdomain.com was not found in the topology. ---> Microsoft.Exchange.Data.Storage.ServerNotFoundException: The server <Exchange2013ServerName>.ourdomain.com was not found in the topology.
at Microsoft.Exchange.Data.Storage.ServiceTopology.GetSite(String serverFullyQualifiedDomainName) at Microsoft.Exchange.Data.ApplicationLogic.Cafe.HttpProxyBackEndHelper.GetServiceTopologyWithSites(String serverFqdn ServiceTopology
topology) at Microsoft.Exchange.Data.ApplicationLogic.Cafe.HttpProxyBackEndHelper.GetE12ExternalUrl[ServiceType](BackEndServer mailboxServer) at Microsoft.Exchange.HttpProxy.OwaProxyRequestHandler.GetE12TargetServer(BackEndServer
mailboxServer) at Microsoft.Exchange.HttpProxy.BEServerCookieProxyRequestHandler`1.GetDownLevelClientAccessServer(AnchorMailbox anchorMailbox BackEndServer mailboxServer) at Microsoft.Exchange.HttpProxy.LatencyTracker.GetLatency[T](Func`1
operationToTrack Int64& latency) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon) at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass3b.<OnCalculateTargetBackEndCompleted>b__3a()
--- End of inner exception stack trace ---;
Hoping that somebody can help ?
ThanksHi Ansev,
Thank you for your question.
By my testing, user who was migrated to Exchange 2013 cannot access mailbox on Exchange 2007 with 500 error, although user account have “Full Access Permission” to mailbox on Exchange 2007.
I suggest we migrate account which has “Full Access Permission” for other user to Exchange 2013.
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support -
Exchange Server 2013 CU3 OWA and TMG logoff process.
Hi folks,
I just wanted to quickly check if the intent behind Greg Taylor's deliberate choice of words in
this article are still current, or if we can expect to have a resolution in the SP1 timeframe?
Specifically, I'm referring to Greg's CU1 update early-ish in the article where he states:
"The release of Exchange 2013 RTM CU1 changed the way OWA logoff works, such that the TMG change recommended in this post no longer applies. At the current time there is no way to catch and force logoff at TMG when TMG is generating the form,
instead users should be educated to close their browser window (as the pop-up tells them when they click Sign Out from within OWA).".
Given the "current time" of his update was CU1, is there any update as to whether something more meaningful than the pop-up is going to be put in place? While it's more symbolic than anything else, it's off-putting to
the users to still see their e-mail panel after having chosen to "log off".
Cheers,
LainHi,
Thanks for your update.
Generally, the official clarification can be released after the SP update’s release. We can keep an eye on the Exchange Teamblog to see if there are any new updates for your question.
Regards,
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Simon Wu
TechNet Community Support -
ActiveSync 500 error and Exchange 2007/2013 coexistence
Hello,
We have Exchange 2007, and we've deployed Exchange 2013 and coexistence appears to be working. We have done a small pilot migration of 11 users, and I have 2 of those users that are not able to get iPhone/ActiveSync working. OWA and Outlook access
work without a problem. https://testconnectivity.microsoft.com/ is telling me "The test of the FolderSync command failed." and "Exchange
ActiveSync returned an HTTP 500 response (Internal Server Error)"
The error I'm receiving on the mailbox server event log is:
An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization.
URL=
--- Exception start ---
Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=LASTNAME\, FIRSTNAME.,OU=XXX,OU=People,DC=DOMAIN,DC=local.
Most articles I've found with this issue say to confirm that "Inherit parent permissions" is check on the AD object, but that is already checked?
The funny thing is that most of our pilot users don't have this issue. It is only for some of them.
Any help is appreciated.An update here, I was able to get the 2 pilot user's iPhone/ActiveSync access working by adding the following permissions by hand:
Add Exchange Servers, in Apply onto select
msExchActiveSyncDevices objects (note it's plural) and selecting
Full Control.
Once I did this, my problems went away.
So the big question is why aren't these permissions in place already? Isn't this something that the adprep/domain prep should have taken care of?
Thanks! -
TMG with 2010/2013 Coexistence gives dual prompts (TMG and OWA prompt)
2 X 2010 CAS', Load balanced pool
4X 2013 Mutilrole (will take the place of the 2010's in the load balanced pool)
Currently we use TMG to publish owa externally. From TMG, the traffic goes to a load balancer, and to the 2010 CAS's from there. TMG is doing pre authentication.
However, if I take the 2010 CAS' out of the load balanced pool and enable the 2013 in the load balanced pool, users start getting dual prompts - one at the TMG, and then the 2013 OWA login (no mailboxes on 2013 yet, so have only tested with mailbox still
on 2010).
I have been through both of the following articles - however, basic auth. is not an option on the exchange side, as then internal users get prompted for windows credentials. Has anyone in coexistence been able to get this working without basic auth
(currently use Basic, Windows Auth, and NTLM)?
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
http://www.isaserver.org/articles-tutorials/configuration-general/publishing-exchange-2013-outlook-web-app-forefront-threat-management-gateway-tmg-2010.html
TAGHi,
As document mentioned, Forefront TMG cannot perform authentication delegation therefore we need change FBA to basic authentication in Exchange 2013.
However if you don’t want use basic authentication, we can try to disable pre-authentication on the TMG server by new web listener and select the "Do not require SSL secured connections with clients.".
Also, I find an similar thread about your question. For your reference:
https://social.technet.microsoft.com/Forums/office/en-US/a4ef2a73-bfee-4fb2-b3c2-c166c11cada7/tmg-owa-double-login-prompts?forum=Forefrontedgegeneral
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Allen Wang
TechNet Community Support -
Hi,
I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
My setup is as follows:
outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
password is selected in the publishing rules.
Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
set in AD.
If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
and change my password using the correct URL. However if I point my browser at
http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
The only recent changes made are:
- Disabling SSL 3.0 and enabling TLS (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
- Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
If I try to use ldp.exe on the inner TMG, I get the error in the pic below
Thanks
IT Support/EverythingHi,
You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
TMG 2010 – FBA, troubleshooting the change password feature
http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
Best Regards,
Joyce -
Is it possible to Publish Exchange 2010 behind TMG in Test Lab
Hi
I have Three Server 1 Domain 2 Exchange 2010 and TMG 2010 installed. All of these server installed on the virtual machine.
This is a test Lab. I trying to Publish OWA behind the TMG Internally. Is it possible? if yes how ?
I installed 2 NIC on TMG.Yes.
See http://www.microsoft.com/en-us/download/details.aspx?id=8946 for instructions.
Hth, Anders Janson Enfo Zipper -
Exchange Server 2013 OAB Web Distribution Configuration in Exchange 2010 & 2013 Coexistence.
Hi,
We have OAB Issue for Exchange 2010 Users in our Organization.
We have Exchange 2010 and Exchange 2013 Coexistence.While Checking in Exchange Server 2010 Server OAB properties in Org Configuration--> Mailbox-->OAB Properties -->Distribution we are not seeing any CAS servers and Its Grayed Out.
Please let us know How to add Exchange 2010 CAS in Exchange 2013 Web distribution.They made alot changes with the OAB in Exchange 2013, and it doesn't really function in the same manner as it did in 2010. It might be best to take a look at the following blog posts from the Exchange Team, they should give you a better understanding
on how it works and how to manage it going forward.
http://blogs.technet.com/b/exchange/archive/2012/10/26/oab-in-exchange-server-2013.aspx
http://blogs.technet.com/b/exchange/archive/2013/01/14/managing-oab-in-exchange-server-2013.aspx
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread -
Exchange 2010 Migration to 2013 Coexistence url's
Hello,
What exactly is required for the virtual directory url setup for Exchange 2010 coexisting with Exchange 2013? I have been searching online a lot preparing for my Exchange 2013 deployment and can't see to find a clear answer. The information
I have come across from TechNet and other sources is all over the place with some stuff saying the external url needs to be empty while others say it should match Exchange 2013's setup. Others say the internal url should be empty while
only the external should be populated. And I have even seen others say nothing on Exchange 2010 has to be touched and that Exchange 2013 will figure proxying out on its own once I configure the new url's on it.
So what is supposed to be setup for the ExternalUrl and InternalURL to in Excahnge 2010 for coexistence with 2013? Currently my
existing Exchange 2010 is internet facing with the plan of moving that to Exchange 2013 once that goes in as per Microsoft directions on implementing coexistence.Read the article below from Ross Smith. There can't be better article than this:
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
If exchange 2010 and 2013 are on same site, then you need to:
1. Remove External URL from Exchange 2010 CAS servers, retain the Internal URL
2. Move the SSL certificates from Exchange 2010 to Exchange 2013
3. Point the external URL to Exchange 2013 instead of Exchange 2010
4. Of course, you would need to re-configure Autodiscover, Web Services URLs on Exchange 2013 CAS servers.
Once this is done, for any mailbox that is hosted on Exchange 2010, Exchange 2013 would proxy the connections and deliver the content.
- Sarvesh Goel - Enterprise Messaging Administrator -
Missed Call Notification in Exchange 2010/2013 coexistence mode
Dear all,
Context:
Lync 2013 Enterprise Voice, Exchange 2010 and Exchange 2013 in coexistence mode
Waiting complete migration, some users are always on exchange 2010
UM role is installed on both exchange server
The exchange servers UM are attached to only one UM Dial Plan
Scenario :
A call to a lync user. The caller hang-up before user announcement
Problem: Missed call notification doesn't work for user on Exchange 2010 (it's work fine for user on Exchange 2013)
Voice Messaging works fine
Troubleshooting / SIP Traces:
SIP Info is always send to Exchange 2013 even if user is on exchange 2010
SIP Info sent from Lync FE to Exchange 2013 UM :
TL_INFO(TF_PROTOCOL) [0]6330.3AE8::02/12/2015-12:25:23.575.015c018e (S4,SipMessage.DataLoggingHelper:sipmessage.cs(774))[1718622663]
>>>>>>>>>>>>Outgoing SipMessage c=[<SipTlsConnection_13ECA29>], 192.168.5.110:49786->192.168.5.203:5061
INFO sip:outlook.mydomain.com:5061;ms-fe=exchange2013-UM.mydomain.localdomain;transport=Tls SIP/2.0
FROM: <sip:A410AA79-D874-4e56-9B46-709BDD0EB850>;epid=8C75BE2D95;tag=35c2d8a65a
TO: <sip:exchange2013-UM.mydomain.localdomain;opaque=app:rtcevent;transport=tls>;epid=C4C2F4F6BA;tag=ac126413f
CSEQ: 43 INFO
CALL-ID: 535a07e2-8e82-4d13-8e03-bf43ad97602d
MAX-FORWARDS: 70
VIA: SIP/2.0/TLS 192.168.5.110:49786;branch=z9hG4bKd66442be
CONTACT: <sip:LyncFE-2013.mydomain.localdomain;transport=Tls>
CONTENT-LENGTH: 454
USER-AGENT: RTCC/5.0.0.0 Inbound Routing (Microsoft Lync Server 2013 5.0.8308.726)
CONTENT-TYPE: application/ms-rtc-usernotification+xml
- <UserNotification>
<User>sip:[email protected]</User>
<EumProxyAddress>EUM:[email protected];phone-context=UMDialPlan.mydomain.localdomain</EumProxyAddress>
<Time>2015-02-12 12:25:23Z</Time>
<Template>RtcDefault</Template>
+ <Event type="missed">
</UserNotification>
------------EndOfOutgoing SipMessage
Answer from Exchange 2013 UM
TL_INFO(TF_PROTOCOL) [1]6330.2DF4::02/12/2015-12:25:23.642.015c2481 (S4,SipMessage.DataLoggingHelper:sipmessage.cs(774))[1718622663]
<<<<<<<<<<<<Incoming SipMessage c=[<SipTlsConnection_13ECA29>], 192.168.5.110:49786<-192.168.5.203:5061
SIP/2.0 200 OK
FROM: <sip:A410AA79-D874-4e56-9B46-709BDD0EB850>;tag=35c2d8a65a;epid=8C75BE2D95
TO: <sip:exchange2013-UM.mydomain.localdomain;opaque=app:rtcevent;transport=tls>;tag=ac126413f;epid=C4C2F4F6BA
CSEQ: 43 INFO
CALL-ID: 535a07e2-8e82-4d13-8e03-bf43ad97602d
VIA: SIP/2.0/TLS 192.168.5.110:49786;branch=z9hG4bKd66442be
CONTENT-LENGTH: 0
SUPPORTED: ms-dialog-route-set-update
SERVER: RTCC/5.0.0.0 MSExchangeUM/15.00.0995.028
ms-diagnostics-public: 15642;reason="Lync SIP INFO notifications are not supported for legacy users. User: EUM:[email protected];phone-context=UMDialPlan.mydomain.localdomain"
------------EndOfIncoming SipMessage
Gerald CheminantHi,
This behavior is by design. Exchange 2010 server is not going to accept any SIP messages from Exchange 2013 server because it is not listed as UM IP Gateway. Therefore, even if Exchange 2013 redirected the SIP INFO packet to Exchange 2010, it will fail.
During migration\coexistance scenario, this feature (Missed call notifications from Lync server) will not work for legacy users whose mailbox is still in Exchange 2010.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
OWA problem Exchange 2013 coexistence with 2010
Hi all,
I am in the midst of a migration from a single Exchange 2010 server to a two-server Exchange 2013 environment (both servers are CAS and MBX with DAG). Everything seems to work fine. I can access OWA on 2013 for mailboxes already moved to 2013, I use ActiveSync
successfully but I cannot for the life of me figure out how to enable OWA 2010 proxying through 2013. I have checked many websites, forums etc. for it, I changed Authentication Methods back and forth and did everything I can think of but still... when trying
to access OWA with a mailbox that is still on 2010 it fails with the following error:
something went wrong
A problem occurred while you were trying to use your mailbox.
X-OWA-Error: Microsoft.Exchange.Data.Storage.NotSupportedWithServerVersionException
X-OWA-Version: 15.0.913.21
X-FEServer: <name of 2013 server>
X-BEServer: <name of 2013 server>
Maybe I should add that the new 2013 servers are installed in a completely different AD site which is connected through VPN to the 2010 site. In the new site I also have a loadbalancer in front of the 2013 servers.
Actually I am still not sure if I need a different address in Exchange 2013 for OA, OWA and so on then in Exchange 2010. If I understood correctly there is no need for a legacy namespace anymore so I used the same URL for OA, OWA ... in both environments.
This seems to be in conflict with the requirement that the OA URL in Exchange 2010 should point to the 2013 URL?!?
Any help is greatly appreciated!
Best regards
DanielHi,
How do you configure your Exchange virtual directories in Exchange 2010 and Exchange 2013? Please run the following command to provide detailed information about it:
Get-OwaVirtualDirectory | Select Identity,name,Internalurl,ExternalUrl,*auth*
According to your description, I noticed that it is set the same URL for OWA using. If the ExternalUrl
for OWA 2010 is configured in your coexistence environment, please remove it. Then when external Users access OWA 2010, they can use OWA 2013 URL and be automatically proxy to Exchange 2010 and access their mailboxes.
Regards,
Winnie Liang
TechNet Community Support -
Exchange 2013 Sp1 Coexistence with Exchange 2010 SP3 CU5 HTTP 500
I`m trying to make working OWA coexistence between Exchange 2013 SP1 and Exchange 2010 SP3 CU5.
When user login in to OWA where his mailbox is located on Exchange 2013 server it logon successful and owa opened. When i try to login to the same url with user whose mailbox is located on Exchange 2010 server i get Error http 50
The website cannot display the page : HTTP 500 »https://URLEXCHANGE2013/owa/auth.owa«
The same is, when i use https:// URLEXCHANGE2013/ecp?ExchClientVer=14
URL on Exchange 2013 are different as fro Exchange 2010.
I even tried to setup Internal URL for Exchange 2010 to bi set to »null ,Saem error
Exchange server 2013 Sp1 is installed on Windows server 2012 R2.Assumption is correct. I have even enable verbose logging, and i can see MSExchange Front End HTTP Proxy , that successfully connect to Exchange 2010 server.
But remember Exchange 2013 is fresh installation on Windows server 2012 R2.
IIS LOG
2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=391fd8b3-2b98-494a-8812-d38feda2e5a0&cafeReqId=391fd8b3-2b98-494a-8812-d38feda2e5a0;
443 companyNT\SM_9c071c4922fd420fb fe80::99d1:f542:a4d3:b469%12 MSRPC - 200 0 0 5484
2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=27cfafa2-8224-4563-918b-0b228c6ee8d4&cafeReqId=27cfafa2-8224-4563-918b-0b228c6ee8d4;
443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 0
2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_OUT_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=6d930bcd-7bbc-415a-a25a-8d6488e91401&cafeReqId=6d930bcd-7bbc-415a-a25a-8d6488e91401;
443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 15
2014-03-04 08:52:55 10.1.0.36 GET /owa/ &CorrelationID=<empty>;&cafeReqId=551cfdd9-18ac-42d8-aea3-cbb546c9d9fb; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/
302 0 0 9937
2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fOWA.company.com%2fowa%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c1b97df9-ec56-4906-b2f5-965551b720ae; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
https://OWA.company.com/ 200 0 0 1015
2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f&CorrelationID=<empty>;&cafeReqId=b92ca682-04f4-4d4f-931e-9a95680ab9ea; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
- 200 0 0 671
2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=093bd01a-de59-4519-80f6-067484122091; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c2f7565d-ee6a-48f8-8d86-16d5d3ca65c1; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=ba633030-2376-4bad-a32f-8f160bd87bd4; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=5e94172c-d97c-46a9-a602-6030d6f7da2c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 0
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fEXCH2013%2fecp%2f&CorrelationID=<empty>;&cafeReqId=9ba2caf3-2a03-44a2-8477-2724689e139c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 46
2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/15.0.847/scripts/premium/flogon.js &CorrelationID=<empty>;&cafeReqId=62bb4655-3bfa-4e07-aa62-27c93e7e8b4d; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 0
2014-03-04 08:52:59 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=9d52ec1a-2ee1-4954-85e6-89e7e5df407a; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 302 0 0 812
2014-03-04 08:52:59 ::1 GET /OWA/Calendar/[email protected]/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=4ea66475-9a47-41a4-81cb-6b569715d0d6; 443 - ::1 AMProbe/Local/ClientAccess - 200 0 0 8859
2014-03-04 08:53:01 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=b3db7480-2192-436c-b01d-29d0e528cfec; 443 UseronEX2010 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f
500 0 0 187
2014-03-04 08:53:04 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=2e2a655b-00b9-42ae-8789-1e452e6579c3; 443 [email protected] 127.0.0.1 AMProbe/Local/ClientAccess
- 200 0 0 8265
2014-03-04 08:53:14 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=8741886f-b9b1-46f9-8c15-baf35809a12c; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
- 200 0 0 15265
2014-03-04 08:53:14 127.0.0.1 GET /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=8ad938fb-f2c3-42bf-8718-da62b122422c; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 15
HTTPERR LOG :
2014-03-04 08:51:48 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:51:48 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:52:25 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2014-03-04 08:52:25 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2014-03-04 08:52:30 127.0.0.1 14122 127.0.0.1 443 HTTP/1.1 GET /RPC/[email protected] 404 - NotFound -
2014-03-04 08:52:30 ::1%0 14121 ::1%0 443 HTTP/1.1 GET /ecp/ReportingWebService/ 404 - NotFound -
2014-03-04 08:54:42 ::1%0 14117 ::1%0 444 - - - - - Timer_ConnectionIdle -
2014-03-04 08:54:48 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:54:48 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
2014-03-04 08:55:35 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
2014-03-04 08:55:35 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
Trace login, ok it is xml, so print is..
-Request Summary
Site
1
Process
8232
Failure Reason
STATUS_CODE
Trigger Status
500
Final Status
500
Time Taken
500 msec
Url
http://EXCH2013.companyNT.local:80/powershell?clientApplication=ActiveMonitor;PSVersion=4.0&sessionID=Version_15.0_(Build_846.0)=rJqNiZqNgZuQkpqT0pqH0ZuQkpqTkYvRk5CcnpOBzsbLzsbGyczJyIHPzNDPy9DNz87L38/Gxc/KxcrJ
App Pool
MSExchangePowerShellFrontEndAppPool
Authentication
Kerberos
User from token
companyNT\SM_9c071c4922fd420fb
Activity ID
{8000134C-0001-E300-B63F-84710C7967BB}
-Errors & Warnings
No.↓
Severity
Event
Module Name
157. view trace
Warning
-MODULE_SET_RESPONSE_ERROR_STATUS
ModuleName
ManagedPipelineHandler
Notification
EXECUTE_REQUEST_HANDLER
HttpStatus
500
HttpReason
Request Failed
HttpSubStatus
0
ErrorCode
The operation completed successfully.
(0x0)
ConfigExceptionInfo
ManagedPipelineHandler
See all events for the request -
Coexistence & Upgrade Exchange 2010 SP3 Unified Messaging to Exchange 2013 SP1 UM
Hello Experts,
We're doing Exchange 2010 SP3 to Exchange 2013 SP1 upgrade.
This upgrade also include Unified Messaging component which is currently working with Exchange 2010 SP3 and Lync 2013.
We have one dial plan and its SIP URI and Secured.
Looking for high level steps to plan coexistence and upgrade of Unified Messaging from Exchange 2010 SP3 to Exchange 2013 SP1 integrated with Lync 2013. I'll also appreciate tips on what kind of certificate and its Subject name(s).
Microsoft documentation is not very clear and I found it confusing for my scenario. Since I we don't want any downtime for UM users, looking for some help.
Thanks in advance for help.
-DKHello Hinte,
Thanks for the information. I have been to this article which explains fresh deployment but doesn't address coexistence and migration scenario.
I'm looking for high level steps only. Can anyone validate and suggest if I'm missing something!
1) Install new CAS+MBX Server
2) Move system mailbox as per MS documentation to Exchange 2013 MBX
3) On CAS+MBX Server Enabled internal CA trusted Cert for UM Services.Internal
CA certs contain only CAS+MBX server's FQDN only.UM services Startup Mode is set to "Dual".
4) Assigned existing SIP URI Based Exchange 2010 Dial plan to New Exchange 2013 Servers.
5) Run Exchucutil.ps1
in Exchange 2013 and OcsUMUtil in Lync 2013 (Again?)
Will this be enough or Do I need to create New Auto attendant or
Haunt Group etc?
Thanks for all the help!
Maybe you are looking for
-
How can i get FaceTime app? My iPhone 4 doesnt have it
How can i get FaceTime app? My iPhone 4 doesnt have it
-
Steps involved in Uninstalling SQL Server service packs
Hi, Came to know that we can uninstall sql server service packs from SQL 2008 SP1 onwards. Question is, for suppose i have installed SQL 2008 SP3 and found problem. Now I want to uninstall SP3, what are the steps involved to uninstall a service pack?
-
Send to Onenote 2013 not working!
I installed Office 2013 on my windows 8 64bit. Tried every possible way I've found to make Send to OneNote Printer work and insert a pdf to my OneNote. but no luck. When I print with Send to OneNote 2013 printer, nothing happens. no error, no dialog
-
Is there any way to set up an auto zoom. I have a flat panel set up to my Mac Mini. The only problem is that I cannot get around HDCP,;only by using 1080i. Well, that is great and all, but it makes everything small. I can't see anything...especially
-
Display portal role and content
We have portal support people that support many other users. To support these users with live problems, they need to be able to see the portal navigation and content that their supported users see. They don't need to actually run transactions, they j