Exchange 2010/2013 coexistence published in TMG 2010

Similar Messages

• Lync Edge 2013 Service Publish With TMG 2010

  Hello Experts,
  I have a question for Lync edge and having issue in desktop sharing and program sharing with federated partners if logged in on internal as well as external (internet) network... setup is like below.
  TMG with 3 leg architecture ; 1 internal IP, 1 DMZ IP and 4 public IP's (1 for sip access, 1 for web conf, 1 for av and last one for web services)
  edge pool with 1 edge server having 2 NIC and 1 Intenal IP and 3 DMZ IP on second NIC ( GW for DMZ  is IP of TMG DMZ NIC card)
  No Firewall.
  so if all NAT rules and firewall rules configured properly on TMG should have any issue for desktop sharing/program sharing with federated partners. However some partners are working fine? Is desktop sharing / program sharing go through edge always for federated
  partners?
  Any information would be very helpful.
  Many Thanks,
  Ankur

  Hello Ankur,
  Desktop Sharing use the AV link to work. I already had some issues with TMG, check this http://technet.microsoft.com/en-us/library/ee796231.aspx
  After deployed ARR to lync , I don't have more problems. Try this.
  “Vote As Helpful” and/or “Mark As Answered” - Thiago Mendes da Silva - MCSE Communication - ITIL v3 Foundation - http://www.ucsteps.com/

• Exchange 2013 OWA published through TMG: Unable to preview documents with Office Web App server

  We configured our Exchange 2013 servers to use Office Web App for document previews on OWA. Everything works fine internally, and externally also when we access OWA directly. But when from an outside network we open a OWA session through TMG and try to preview
  a document, we get the error "Sorry we cannot open this document, an error occured . . ."
  Did anyone experience such an issue ?
  Thanks,
  Antonio

  Hello,
  Since directing accessing OWA from CAS is fine and the issue only occur when involving TMG, I think the issue is more related to TMG settings. Please find more efficient support
  via our TMG forum:
  http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• HTTP 500 error when opening a legacy shared mailbox in OWA 2013 (Exchange 2007/2013 coexistence environment)

  Hi,
  Our Exchange 2013/2007 coexistence environment is set up and all is working apart from this:
  Mailbox A has full permissions to Mailbox B. Mailbox A is migrated to Exchange 2013, but Mailbox B remains on Exchange 2007. If I login to Outlook Web App 2013 as Mailbox A and then "Open another mailbox..." and select Mailbox B, a new window opens
  up saying "HTTP 500 Internal Server Error". The URL it is trying is :
  https://webmail.ourdomain.com/owa/[email protected]/?offline=disabled
  ( I can open Mailbox A in Outlook 2010 and do "Open Other users's folder.." and Mailbox B opens up just fine. )
  Our legacy CAS server's External and Internal URLs are set to :
  https://legacy.ourdomain.com/owa
  and the Exchange 2013 CAS server's External and Internal URLs are set to :
  https://webmail.ourdomain.com/owa
  We have FBA enabled on both the E2K7 and E2K13 OWA
  In the IIS logs:
  2015-03-02 16:36:50 <E2K13_IP> POST /owa/service.svc action=SubscribeToNotification&UA=0&ID=-25&AC=1&CorrelationID=c2899211-568d-4da4-a163-351a8621c9fd_142531419466924;&cafeReqId=7ffae082-a96f-42fd-85f8-bf23775ed5de; 443 ourdomain.com\MailboxA
  <LoadBalancer_IP> Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0)
  https://webmail.ourdomain.com/owa/#path=/mail 200 0 0 109
  2015-03-02 16:36:50 <E2K13_IP> GET /owa/ offline=disabled&CorrelationID=<empty>;&cafeReqId=7c8e137f-cdb7-4449-9cb8-f36f94539244; 443 ourdomain.com\MailboxA <LoadBalancer_IP> Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+6.1;+WOW64;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0)
  - 500 0 0 265
  In the OWA HTTP Proxy logs:
  2015-03-02T16:36:50.096Z,7c8e137f-cdb7-4449-9cb8-f36f94539244,15,0,913,7,,Owa,webmail.ourdomain.com,/owa/,,FBA,True,ourdomain.com\MailboxA,ourdomain.com,[email protected],Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2;
  .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),<LoadBalancer_IP>,<Exchange2013ServerName>,500,,ServerNotFound,GET,,,,,ExplicitLogon-SMTP-Header,,,,0,,,,40,9,,0,7;,7,,0,7,,0,46.8643,0,,,,,,,,,1,10,0,,10,,50,50,?offline=disabled,,BeginRequest=2015-03-02T16:36:50.049Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorRefresh=beebf732-0f99-47a0-9f36-d266573f1510;RefreshingCacheEntry=CacheEntry(BackEndServer
  <Exchange2007ServerName>.ourdomain.com~1912832083|ResourceForest |LastRefreshTime 2015-03-02T16:01:29.3265514Z|IsSourceCachedData False);ProxyState-Complete=CalculateBackEnd;EndRequest=2015-03-02T16:36:50.096Z;I32:ADS.C[<DC_Name>]=1;F:ADS.AL[<DC_Name>]=6.6401;I32:ATE.C[<DC_Name>.ourdomain.com]=1;F:ATE.AL[<DC_Name>.ourdomain.com]=0,HttpProxyException=Microsoft.Exchange.HttpProxy.HttpProxyException:
  The server <Exchange2013ServerName>.ourdomain.com was not found in the topology. ---> Microsoft.Exchange.Data.Storage.ServerNotFoundException: The server <Exchange2013ServerName>.ourdomain.com was not found in the topology.   
  at Microsoft.Exchange.Data.Storage.ServiceTopology.GetSite(String serverFullyQualifiedDomainName)    at Microsoft.Exchange.Data.ApplicationLogic.Cafe.HttpProxyBackEndHelper.GetServiceTopologyWithSites(String serverFqdn  ServiceTopology
  topology)    at Microsoft.Exchange.Data.ApplicationLogic.Cafe.HttpProxyBackEndHelper.GetE12ExternalUrl[ServiceType](BackEndServer mailboxServer)    at Microsoft.Exchange.HttpProxy.OwaProxyRequestHandler.GetE12TargetServer(BackEndServer
  mailboxServer)    at Microsoft.Exchange.HttpProxy.BEServerCookieProxyRequestHandler`1.GetDownLevelClientAccessServer(AnchorMailbox anchorMailbox  BackEndServer mailboxServer)    at Microsoft.Exchange.HttpProxy.LatencyTracker.GetLatency[T](Func`1
  operationToTrack  Int64& latency)    at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.InternalOnCalculateTargetBackEndCompleted(TargetCalculationCallbackBeacon beacon)    at Microsoft.Exchange.HttpProxy.ProxyRequestHandler.<>c__DisplayClass3b.<OnCalculateTargetBackEndCompleted>b__3a()   
  --- End of inner exception stack trace ---;
  Hoping that somebody can help ?
  Thanks

  Hi Ansev,
  Thank you for your question.
  By my testing, user who was migrated to Exchange 2013 cannot access mailbox on Exchange 2007 with 500 error, although user account have “Full Access Permission” to mailbox on Exchange 2007.
  I suggest we migrate account which has “Full Access Permission” for other user  to Exchange 2013.
  If there are any questions regarding this issue, please be free to let me know. 
  Best Regard,
  Jim
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Jim Xu
  TechNet Community Support

• Exchange Server 2013 CU3 OWA and TMG logoff process.

  Hi folks,
  I just wanted to quickly check if the intent behind Greg Taylor's deliberate choice of words in
  this article are still current, or if we can expect to have a resolution in the SP1 timeframe?
  Specifically, I'm referring to Greg's CU1 update early-ish in the article where he states:
  "The release of Exchange 2013 RTM CU1 changed the way OWA logoff works, such that the TMG change recommended in this post no longer applies. At the current time there is no way to catch and force logoff at TMG when TMG is generating the form,
  instead users should be educated to close their browser window (as the pop-up tells them when they click Sign Out from within OWA).".
  Given the "current time" of his update was CU1, is there any update as to whether something more meaningful than the pop-up is going to be put in place? While it's more symbolic than anything else, it's off-putting to
  the users to still see their e-mail panel after having chosen to "log off".
  Cheers,
  Lain

  Hi,
  Thanks for your update.
  Generally, the official clarification can be released after the SP update’s release. We can keep an eye on the Exchange Teamblog to see if there are any new updates for your question.
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Simon Wu
  TechNet Community Support

• ActiveSync 500 error and Exchange 2007/2013 coexistence

  Hello,
  We have Exchange 2007, and we've deployed Exchange 2013 and coexistence appears to be working.  We have done a small pilot migration of 11 users, and I have 2 of those users that are not able to get iPhone/ActiveSync working.  OWA and Outlook access
  work without a problem.  https://testconnectivity.microsoft.com/ is telling me "The test of the FolderSync command failed." and "Exchange
  ActiveSync returned an HTTP 500 response (Internal Server Error)"
  The error I'm receiving on the mailbox server event log is:
  An exception occurred and was handled by Exchange ActiveSync. This may have been caused by an outdated or corrupted Exchange ActiveSync device partnership. This can occur if a user tries to modify the same item from multiple computers. If this is the case,
  Exchange ActiveSync will re-create the partnership with the device. Items will be updated at the next synchronization. 
  URL=
  --- Exception start ---
  Exception type: Microsoft.Exchange.AirSync.AirSyncPermanentException
  Exception message: A null value was received for the NTSD security descriptor of container CN=ExchangeActiveSyncDevices,CN=LASTNAME\, FIRSTNAME.,OU=XXX,OU=People,DC=DOMAIN,DC=local. 
  Most articles I've found with this issue say to confirm that "Inherit parent permissions" is check on the AD object, but that is already checked?
  The funny thing is that most of our pilot users don't have this issue.  It is only for some of them.
  Any help is appreciated.

  An update here, I was able to get the 2 pilot user's iPhone/ActiveSync access working by adding the following permissions by hand:
  Add Exchange Servers, in Apply onto select
  msExchActiveSyncDevices objects (note it's plural) and selecting
  Full Control.  
  Once I did this, my problems went away.
  So the big question is why aren't these permissions in place already?  Isn't this something that the adprep/domain prep should have taken care of?
  Thanks!

• TMG with 2010/2013 Coexistence gives dual prompts (TMG and OWA prompt)

  2 X 2010 CAS', Load balanced pool
  4X 2013 Mutilrole (will take the place of the 2010's in the load balanced pool)
  Currently we use TMG to publish owa externally.  From TMG, the traffic goes to a load balancer, and to the 2010 CAS's from there.  TMG is doing pre authentication.
  However, if I take the 2010 CAS' out of the load balanced pool and enable the 2013 in the load balanced pool, users start getting dual prompts - one at the TMG, and then the 2013 OWA login (no mailboxes on 2013 yet, so have only tested with mailbox still
  on 2010).
  I have been through both of the following articles - however, basic auth. is not an option on the exchange side, as then internal users get prompted for windows credentials.  Has anyone in coexistence been able to get this working without basic auth
  (currently use Basic, Windows Auth, and NTLM)?
  http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
  http://www.isaserver.org/articles-tutorials/configuration-general/publishing-exchange-2013-outlook-web-app-forefront-threat-management-gateway-tmg-2010.html
  TAG

  Hi,
  As document mentioned, Forefront TMG cannot perform authentication delegation therefore we need change FBA to basic authentication in Exchange 2013.
  However if you don’t want use basic authentication, we can try to disable pre-authentication on the TMG server by new web listener and select the "Do not require SSL secured connections with clients.".
  Also, I find an similar thread about your question. For your reference:
  https://social.technet.microsoft.com/Forums/office/en-US/a4ef2a73-bfee-4fb2-b3c2-c166c11cada7/tmg-owa-double-login-prompts?forum=Forefrontedgegeneral
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

  Hi,
   I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
  My setup is as follows:
  outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
  inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
  password is selected in the publishing rules.
  Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
  I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
  set in AD.
  If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
  and change my password using the correct URL. However if I point my browser at
  http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
  The only recent changes made are:
  - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
  - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
  Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
  I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
  http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
  If I try to use ldp.exe on the inner TMG, I get the error in the pic below
  Thanks
  IT Support/Everything

  Hi,
  You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
  TMG 2010 – FBA, troubleshooting the change password feature 
  http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
  Best Regards,
  Joyce

• Is it possible to Publish Exchange 2010 behind TMG in Test Lab

  Hi
  I have Three Server 1 Domain 2 Exchange 2010 and TMG 2010 installed. All of these server installed on the virtual machine.
  This is a test Lab. I trying to Publish OWA behind the TMG Internally. Is it possible? if yes how ?
  I installed 2 NIC on TMG.

  Yes.
  See http://www.microsoft.com/en-us/download/details.aspx?id=8946 for instructions.
  Hth, Anders Janson Enfo Zipper

• Exchange Server 2013 OAB Web Distribution Configuration in Exchange 2010 & 2013 Coexistence.

  Hi,
  We have OAB Issue for Exchange 2010 Users in our Organization.
  We have Exchange 2010 and Exchange 2013 Coexistence.While Checking in Exchange Server 2010 Server OAB properties in Org Configuration--> Mailbox-->OAB Properties -->Distribution we are not seeing any CAS servers and Its Grayed Out.
  Please let us know How to add Exchange 2010 CAS in Exchange 2013 Web distribution.

  They made alot changes with the OAB in Exchange 2013, and it doesn't really function in the same manner as it did in 2010.  It might be best to take a look at the following blog posts from the Exchange Team, they should give you a better understanding
  on how it works and how to manage it going forward.
  http://blogs.technet.com/b/exchange/archive/2012/10/26/oab-in-exchange-server-2013.aspx
  http://blogs.technet.com/b/exchange/archive/2013/01/14/managing-oab-in-exchange-server-2013.aspx
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

• Exchange 2010 Migration to 2013 Coexistence url's

  Hello,
  What exactly is required for the virtual directory url setup for Exchange 2010 coexisting with Exchange 2013? I have been searching online a lot preparing for my Exchange 2013 deployment and can't see to find a clear answer. The information
  I have come across from TechNet and other sources is all over the place with some stuff saying the external url needs to be empty while others say it should match Exchange 2013's setup. Others say the internal url should be empty while
  only the external should be populated. And I have even seen others say nothing on Exchange 2010 has to be touched and that Exchange 2013 will figure proxying out on its own once I configure the new url's on it.
  So what is supposed to be setup for the ExternalUrl and InternalURL to in Excahnge 2010 for coexistence with 2013? Currently my
  existing Exchange 2010 is internet facing with the plan of moving that to Exchange 2013 once that goes in as per Microsoft directions on implementing coexistence.

  Read the article below from Ross Smith. There can't be better article than this:
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  If exchange 2010 and 2013 are on same site, then you need to:
  1. Remove External URL from Exchange 2010 CAS servers, retain the Internal URL
  2. Move the SSL certificates from Exchange 2010 to Exchange 2013
  3. Point the external URL to Exchange 2013 instead of Exchange 2010
  4. Of course, you would need to re-configure Autodiscover, Web Services URLs on Exchange 2013 CAS servers.
  Once this is done, for any mailbox that is hosted on Exchange 2010, Exchange 2013 would proxy the connections and deliver the content.
  - Sarvesh Goel - Enterprise Messaging Administrator

• Missed Call Notification in Exchange 2010/2013 coexistence mode

  Dear all,
  Context:
  Lync 2013 Enterprise Voice, Exchange 2010 and Exchange 2013 in coexistence mode
  Waiting complete migration, some users are always on exchange 2010
  UM role is installed on both exchange server
  The exchange servers UM are attached to only one UM Dial Plan
  Scenario :
  A call to a lync user. The caller hang-up before user announcement
  Problem: Missed call notification doesn't work for user on Exchange 2010 (it's work fine for user on Exchange 2013)
  Voice Messaging works fine
  Troubleshooting / SIP Traces:
  SIP Info is always send to Exchange 2013 even if user is on exchange 2010
  SIP Info sent from Lync FE to Exchange 2013 UM :
  TL_INFO(TF_PROTOCOL) [0]6330.3AE8::02/12/2015-12:25:23.575.015c018e (S4,SipMessage.DataLoggingHelper:sipmessage.cs(774))[1718622663]
  >>>>>>>>>>>>Outgoing SipMessage c=[<SipTlsConnection_13ECA29>], 192.168.5.110:49786->192.168.5.203:5061
  INFO sip:outlook.mydomain.com:5061;ms-fe=exchange2013-UM.mydomain.localdomain;transport=Tls SIP/2.0
  FROM: <sip:A410AA79-D874-4e56-9B46-709BDD0EB850>;epid=8C75BE2D95;tag=35c2d8a65a
  TO: <sip:exchange2013-UM.mydomain.localdomain;opaque=app:rtcevent;transport=tls>;epid=C4C2F4F6BA;tag=ac126413f
  CSEQ: 43 INFO
  CALL-ID: 535a07e2-8e82-4d13-8e03-bf43ad97602d
  MAX-FORWARDS: 70
  VIA: SIP/2.0/TLS 192.168.5.110:49786;branch=z9hG4bKd66442be
  CONTACT: <sip:LyncFE-2013.mydomain.localdomain;transport=Tls>
  CONTENT-LENGTH: 454
  USER-AGENT: RTCC/5.0.0.0 Inbound Routing (Microsoft Lync Server 2013 5.0.8308.726)
  CONTENT-TYPE: application/ms-rtc-usernotification+xml
  - <UserNotification>
         <User>sip:[email protected]</User>
         <EumProxyAddress>EUM:[email protected];phone-context=UMDialPlan.mydomain.localdomain</EumProxyAddress>
         <Time>2015-02-12 12:25:23Z</Time>
         <Template>RtcDefault</Template>
      +  <Event  type="missed">
   </UserNotification>
  ------------EndOfOutgoing SipMessage
  Answer from Exchange 2013 UM
  TL_INFO(TF_PROTOCOL) [1]6330.2DF4::02/12/2015-12:25:23.642.015c2481 (S4,SipMessage.DataLoggingHelper:sipmessage.cs(774))[1718622663]
  <<<<<<<<<<<<Incoming SipMessage c=[<SipTlsConnection_13ECA29>], 192.168.5.110:49786<-192.168.5.203:5061
  SIP/2.0 200 OK
  FROM: <sip:A410AA79-D874-4e56-9B46-709BDD0EB850>;tag=35c2d8a65a;epid=8C75BE2D95
  TO: <sip:exchange2013-UM.mydomain.localdomain;opaque=app:rtcevent;transport=tls>;tag=ac126413f;epid=C4C2F4F6BA
  CSEQ: 43 INFO
  CALL-ID: 535a07e2-8e82-4d13-8e03-bf43ad97602d
  VIA: SIP/2.0/TLS 192.168.5.110:49786;branch=z9hG4bKd66442be
  CONTENT-LENGTH: 0
  SUPPORTED: ms-dialog-route-set-update
  SERVER: RTCC/5.0.0.0 MSExchangeUM/15.00.0995.028
  ms-diagnostics-public: 15642;reason="Lync SIP INFO notifications are not supported for legacy users. User: EUM:[email protected];phone-context=UMDialPlan.mydomain.localdomain"
  ------------EndOfIncoming SipMessage
  Gerald Cheminant

  Hi,
  This behavior is by design. Exchange 2010 server is not going to accept any SIP messages from Exchange 2013 server because it is not listed as UM IP Gateway. Therefore, even if Exchange 2013 redirected the SIP INFO packet to Exchange 2010, it will fail.
  During migration\coexistance scenario, this feature (Missed call notifications from Lync server) will not work for legacy users whose mailbox is still in Exchange 2010.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• OWA problem Exchange 2013 coexistence with 2010

  Hi all,
  I am in the midst of a migration from a single Exchange 2010 server to a two-server Exchange 2013 environment (both servers are CAS and MBX with DAG). Everything seems to work fine. I can access OWA on 2013 for mailboxes already moved to 2013, I use ActiveSync
  successfully but I cannot for the life of me figure out how to enable OWA 2010 proxying through 2013. I have checked many websites, forums etc. for it, I changed Authentication Methods back and forth and did everything I can think of but still... when trying
  to access OWA with a mailbox that is still on 2010 it fails with the following error:
  something went wrong
  A problem occurred while you were trying to use your mailbox.
  X-OWA-Error: Microsoft.Exchange.Data.Storage.NotSupportedWithServerVersionException
  X-OWA-Version: 15.0.913.21
  X-FEServer: <name of 2013 server>
  X-BEServer: <name of 2013 server>
  Maybe I should add that the new 2013 servers are installed in a completely different AD site which is connected through VPN to the 2010 site. In the new site I also have a loadbalancer in front of the 2013 servers.
  Actually I am still not sure if I need a different address in Exchange 2013 for OA, OWA and so on then in Exchange 2010. If I understood correctly there is no need for a legacy namespace anymore so I used the same URL for OA, OWA ... in both environments.
  This seems to be in conflict with the requirement that the OA URL in Exchange 2010 should point to the 2013 URL?!?
  Any help is greatly appreciated!
  Best regards
  Daniel

  Hi,
  How do you configure your Exchange virtual directories in Exchange 2010 and Exchange 2013? Please run the following command to provide detailed information about it:
  Get-OwaVirtualDirectory | Select Identity,name,Internalurl,ExternalUrl,*auth*
  According to your description, I noticed that it is set the same URL for OWA using. If the ExternalUrl
   for OWA 2010 is configured in your coexistence environment, please remove it. Then when external Users access OWA 2010, they can use OWA 2013 URL and be automatically proxy to Exchange 2010 and access their mailboxes.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 Sp1 Coexistence with Exchange 2010 SP3 CU5 HTTP 500

  I`m trying to make working OWA coexistence between Exchange 2013 SP1 and Exchange 2010 SP3 CU5.
  When user login in to OWA where his mailbox is located  on Exchange 2013 server it logon successful and owa opened. When i try to login to the same url with user whose mailbox is located on Exchange 2010 server  i get Error http 50
  The website cannot display the page :   HTTP 500   »https://URLEXCHANGE2013/owa/auth.owa«
  The same is, when i use https:// URLEXCHANGE2013/ecp?ExchClientVer=14
  URL on Exchange 2013 are different  as fro Exchange 2010.
  I even tried to setup Internal URL for Exchange 2010 to bi set to »null ,Saem error
  Exchange server 2013 Sp1 is installed on Windows server 2012 R2.

  Assumption  is correct. I have even  enable verbose logging, and i can see MSExchange Front End HTTP Proxy , that successfully connect to Exchange 2010 server.
  But remember Exchange 2013 is fresh installation on  Windows server 2012 R2.
  IIS LOG
  2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=391fd8b3-2b98-494a-8812-d38feda2e5a0&cafeReqId=391fd8b3-2b98-494a-8812-d38feda2e5a0;
  443 companyNT\SM_9c071c4922fd420fb fe80::99d1:f542:a4d3:b469%12 MSRPC - 200 0 0 5484
  2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_IN_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=27cfafa2-8224-4563-918b-0b228c6ee8d4&cafeReqId=27cfafa2-8224-4563-918b-0b228c6ee8d4;
  443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 0
  2014-03-04 08:52:53 fe80::99d1:f542:a4d3:b469%12 RPC_OUT_DATA /rpc/rpcproxy.dll [email protected]:6001&CorrelationID=<empty>;&RequestId=6d930bcd-7bbc-415a-a25a-8d6488e91401&cafeReqId=6d930bcd-7bbc-415a-a25a-8d6488e91401;
  443 - fe80::99d1:f542:a4d3:b469%12 MSRPC - 401 1 2148074254 15
  2014-03-04 08:52:55 10.1.0.36 GET /owa/ &CorrelationID=<empty>;&cafeReqId=551cfdd9-18ac-42d8-aea3-cbb546c9d9fb; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/
  302 0 0 9937
  2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fOWA.company.com%2fowa%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c1b97df9-ec56-4906-b2f5-965551b720ae; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
  https://OWA.company.com/ 200 0 0 1015
  2014-03-04 08:52:56 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f&CorrelationID=<empty>;&cafeReqId=b92ca682-04f4-4d4f-931e-9a95680ab9ea; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C)
  - 200 0 0 671
  2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=093bd01a-de59-4519-80f6-067484122091; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=c2f7565d-ee6a-48f8-8d86-16d5d3ca65c1; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=ba633030-2376-4bad-a32f-8f160bd87bd4; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING) - 302 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx url=https%3a%2f%2fEXCH2013%2fecp%2f&reason=0&CorrelationID=<empty>;&cafeReqId=5e94172c-d97c-46a9-a602-6030d6f7da2c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 0
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/logon.aspx replaceCurrent=1&url=https%3a%2f%2fEXCH2013%2fecp%2f&CorrelationID=<empty>;&cafeReqId=9ba2caf3-2a03-44a2-8477-2724689e139c; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 46
  2014-03-04 08:52:58 10.1.0.36 GET /owa/auth/15.0.847/scripts/premium/flogon.js &CorrelationID=<empty>;&cafeReqId=62bb4655-3bfa-4e07-aa62-27c93e7e8b4d; 443 - 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 0
  2014-03-04 08:52:59 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=9d52ec1a-2ee1-4954-85e6-89e7e5df407a; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 302 0 0 812
  2014-03-04 08:52:59 ::1 GET /OWA/Calendar/[email protected]/calendar/calendar.html &CorrelationID=<empty>;&cafeReqId=4ea66475-9a47-41a4-81cb-6b569715d0d6; 443 - ::1 AMProbe/Local/ClientAccess - 200 0 0 8859
  2014-03-04 08:53:01 10.1.0.36 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=b3db7480-2192-436c-b01d-29d0e528cfec; 443 UseronEX2010 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.3;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C) https://OWA.company.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fOWA.company.com%2fowa%2f
  500 0 0 187
  2014-03-04 08:53:04 127.0.0.1 GET /Microsoft-Server-ActiveSync/default.eas &CorrelationID=<empty>;&cafeReqId=2e2a655b-00b9-42ae-8789-1e452e6579c3; 443 [email protected] 127.0.0.1 AMProbe/Local/ClientAccess
  - 200 0 0 8265
  2014-03-04 08:53:14 10.1.0.36 GET /ecp/ &CorrelationID=<empty>;&cafeReqId=8741886f-b9b1-46f9-8c15-baf35809a12c; 443 [email protected] 10.1.0.36 Mozilla/4.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING)
  - 200 0 0 15265
  2014-03-04 08:53:14 127.0.0.1 GET /OWA/auth.owa &CorrelationID=<empty>;&cafeReqId=8ad938fb-f2c3-42bf-8718-da62b122422c; 443 - 127.0.0.1 AMProbe/Local/ClientAccess - 302 0 0 15
  HTTPERR  LOG :
  2014-03-04 08:51:48 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:51:48 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:52:25 10.1.0.36 13937 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  2014-03-04 08:52:25 fe80::99d1:f542:a4d3:b469%12 13872 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  2014-03-04 08:52:30 127.0.0.1 14122 127.0.0.1 443 HTTP/1.1 GET /RPC/[email protected] 404 - NotFound -
  2014-03-04 08:52:30 ::1%0 14121 ::1%0 443 HTTP/1.1 GET /ecp/ReportingWebService/ 404 - NotFound -
  2014-03-04 08:54:42 ::1%0 14117 ::1%0 444 - - - - - Timer_ConnectionIdle -
  2014-03-04 08:54:48 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:54:48 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 BadRequest MSExchangeRpcProxyAppPool
  2014-03-04 08:55:35 10.1.0.36 14211 10.1.0.36 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  2014-03-04 08:55:35 fe80::99d1:f542:a4d3:b469%12 14285 fe80::99d1:f542:a4d3:b469%12 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?EXCH2013.companyNT.local:6001 400 2 Connection_Dropped MSExchangeRpcProxyAppPool
  Trace login, ok it is xml,  so print is..
  -Request Summary  
  Site
  1 
  Process
  8232 
  Failure Reason
  STATUS_CODE 
  Trigger Status
  500 
  Final Status
  500 
  Time Taken
  500 msec 
  Url
  http://EXCH2013.companyNT.local:80/powershell?clientApplication=ActiveMonitor;PSVersion=4.0&sessionID=Version_15.0_(Build_846.0)=rJqNiZqNgZuQkpqT0pqH0ZuQkpqTkYvRk5CcnpOBzsbLzsbGyczJyIHPzNDPy9DNz87L38/Gxc/KxcrJ 
  App Pool
  MSExchangePowerShellFrontEndAppPool 
  Authentication
  Kerberos 
  User from token
  companyNT\SM_9c071c4922fd420fb 
  Activity ID
  {8000134C-0001-E300-B63F-84710C7967BB} 
  -Errors & Warnings  
  No.↓ 
  Severity  
  Event  
  Module Name  
  157. view trace 
  Warning 
  -MODULE_SET_RESPONSE_ERROR_STATUS 
  ModuleName
  ManagedPipelineHandler 
  Notification
  EXECUTE_REQUEST_HANDLER 
  HttpStatus
  500 
  HttpReason
  Request Failed 
  HttpSubStatus
  0 
  ErrorCode
  The operation completed successfully.
   (0x0) 
  ConfigExceptionInfo
   ManagedPipelineHandler 
   See all events for the request 

• Coexistence & Upgrade Exchange 2010 SP3 Unified Messaging to Exchange 2013 SP1 UM

  Hello Experts,
  We're doing Exchange 2010 SP3 to Exchange 2013 SP1 upgrade.
  This upgrade also include Unified Messaging component which is currently working with Exchange 2010 SP3 and Lync 2013.
  We have one dial plan and its SIP URI and Secured.
  Looking for high level steps to plan coexistence and upgrade of Unified Messaging  from Exchange 2010 SP3 to Exchange 2013 SP1 integrated with Lync 2013. I'll also appreciate tips on what kind of certificate and its Subject name(s).
  Microsoft documentation is not very clear and I found it confusing for my scenario. Since I we don't want any downtime for UM users, looking for some help.
  Thanks in advance for help.
  -DK

  Hello Hinte,
  Thanks for the information. I have been to this article which explains fresh deployment but doesn't address coexistence and migration scenario.
  I'm looking for high level steps only. Can anyone validate and suggest if I'm missing something!
  1) Install new CAS+MBX Server
  2) Move system mailbox as per MS documentation to Exchange 2013 MBX
  3) On CAS+MBX Server Enabled internal CA trusted Cert for UM Services.Internal
  CA certs contain only CAS+MBX server's FQDN only.UM services Startup Mode is set to "Dual".
  4) Assigned existing SIP URI Based Exchange 2010 Dial plan to New Exchange 2013 Servers. 
  5) Run Exchucutil.ps1
  in Exchange 2013 and OcsUMUtil in Lync 2013 (Again?)
  Will this be enough or Do I need to create New Auto attendant or
  Haunt Group etc?
  Thanks for all the help!