Exchange 2010 OWA usage in Exchange 2013

Similar Messages

• Exchange 2010 OWA : TMG Error 12302 The server denied the specified Uniform Resource Locator (URL).

  Hello All,
  We are using TMG2010 (SP2, rollup4) for publishing Exchange 2010 OWA sites. The issue is that after every 10-24 hrs , the TMG server stops logging in OWA sites and start giving below error. Then we have to restart the server one two times or the problem
  solves by itself.
  I have also install a new server and it is also giving same behavior.  On TMG server the exchange edge server and Forefront Protection for exchange is also installed.
  Please help to solve this issue.
  Denied Connection
  -TMG05 5/21/2014 11:44:39 PM
  Log type:
  Web Proxy (Reverse)
  Status: 12302 The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.
  Rule:
  PRC-OWA
  Source:
  119.157.175.238:56971
  Destination:
  111.68.105.121:443
  Request:
  GET http://mail.parc.gov.pk/owa
  Filter information:
  Req ID: 0e947d98; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=public, user activity=yes
  Protocol:
  https
  User:
  anonymous
  Additional information
  Client agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
  Object source: (No source information is available.)
  Cache info: 0x0
  Processing time: 125 MIME type:

  Hi,
  A similar thread:
  http://social.technet.microsoft.com/Forums/forefront/en-US/e8fdc1bd-f023-4804-ad02-67899d8c7347/the-server-denied-the-specified-uniform-resource-locator-errors12302-ashttp-error-code-of-500?forum=Forefrontedgegeneral
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Exchange 2010 OWA login page customization does not work

  Where can I post a question regarding Exchange 2010 OWA login page customization? The customization worked before running updates, now all users navigating to the OWA page see the default configuration.

  Hello,
  You should ask in the
  Exchange Previous Versions - Administration, Monitoring, and Performance forum.
  Karl
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
  My Blog: Unlock PowerShell
  My Book: Windows PowerShell 2.0 Bible
  My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

• Exchange 2010 OWA [Change Number of items to display per page]

  Hi Sir,
  I have some problem and question ?
  I has migrate from exchange 2007 to exchange 2010.
  Exchange 2010 OWA cannot Change Number of items to display per page
  Exchange 2007 can change number of items to display per page
  Exchange 2010 OWA cannot Change Number of items to display per page
  You can help me to solved problem and customization?
  Thank you.
  Boongerd

  Hi,
  This feature has been moved in Exchange 2010 OWA. However this feature is available in OWA light version. Here are steps to change the settings in OWA light version.
  Log in to OWA, click the Use the light version of Outlook Web App
  check box on the login page.
  Select Options in the upper right hand corner of the screen.
  Select Messaging from the left navigation panel.
  In the section for "Message Options", change the "Number of items to display per page", select the desired number of messages.
  Exchange 2010: OWA versus OWA light.
  http://blogs.technet.com/b/ilvancri/archive/2010/04/07/exchange-2010-owa-versus-owa-light.aspx
  New Features in Exchange 2010 OWA.
  http://technet.microsoft.com/en-us/library/aa998629(v=exchg.141).aspx
  Best Regards.

• Use Exchange 2010 OWA Login Page with Exchange 2013

  We are planning on upgrading our exchange server from 2010 to 2013. We want to keep 2010 OWA login page with this upgrade. Partly due to educating users to new OWA interface and no plan to upgrade to office 2013 anytime soon.
  Questions:
  1. Do you or do you not recommend?
  2. Is it possible?
  3. How to keep 2010 OWA login page during and after migration to 2013 (instructions)?
  Thank you!

  Hi, EthenLEC
  I agree with Andy David.
  For additional information, we can change OWA 2013 back to OWA 2010 interface to use light version by the following steps.
  Log in to OWA 2013.
  Once logged in, click on the settings gear in the upper right corner, choose
  Display Settings.
  From the Display settings menu, choose Outlook Web App version, then check the box to use the light version.
  Sign out of OWA and sign back in. Now it has the OWA 2013 light version.
  Best Regards.

• Lync 2013\Exchange 2010 OWA Integration Problem

  Hi there,
  I've got a vexing issue that I haven't had much luck in researching.  I am running Lync 2013 on Server 2008 R2 and Exchange 2010 SP3 on Server 2008 R2.  I followed Jeff Schertz's instructions (http://blog.schertz.name/2010/11/lync-and-exchange-im-integration/)
  and Lync\OWA integration is working--sort of.
  We currently have a central pool (we'll call it lyncpool.contoso.com) and three pools housed on SBAs-- lyncsba-loc1, lyncsba-loc2,lyncsba-loc3.  Users in our main location are housed on the central pool, whereas users in our remote locations are housed
  on their respective SBA.
  Following the instructions, I pointed my OWA virtual directories at lyncpool.contoso.com, and everything seemed fine at first. I could see presence in OWA, initiate an instant message...the works.  However, when I asked a user homed on one of the SBAs,
  he said that he could only see presence for other users in his pool\location. Everyone else had a white "unknown" presence chiclet. To verify, I temporarily moved my lync account to that branch pool, and sure enough--I saw the same thing.  As
  a troubleshooting measure, I re-ran the OWA configuration portion and instead of using the central pool as the instantmessagingserver value, I pointed it directly at that branch pool.  At that point, he and I, being homed in that branch pool, could see
  presence for EVERYONE.  Problem solved, right?  Well, no...because now, the central pool users could only see presence for other central pool users, and the other branches could still only see presence for their poolmates.
  I've run Wireshark, CLS logging, you name it--I haven't seen anything fishy, and I'm starting to wonder if this perhaps a bug or an unsupported use-case(I hope not, since Microsoft otherwise endorses such a configuration).  I've been beating my head
  against this wall for almost two weeks with no change...someone, help! :)

  This is the only thing that seems of interest in the CLS Log:
  TL_WARN(TF_DIAG) [lyncpool01\VGTLYNCFE-01]1B70.4184::06/17/2014-20:47:03.028.00001F75 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(805)) 
  [1781536493] $$begin_record
  Severity: warning
  Text: Cannot process Route headers from a non-trusted source, or with first Route field in the set not matching the connection on which the request arrived
  Result-Code: 0xc3e93c5e SIPPROXY_E_ROUTING
  SIP-Start-Line: SUBSCRIBE sip:LyncPool01.xxx.net:5061;transport=tls;ms-fe=VGTLYNCFE-01.xxx.net SIP/2.0
  SIP-Call-ID: 45c62e9edaee4252908914b37ca5ef23
  SIP-CSeq: 1895 SUBSCRIBE
  Source: mail.xxx.net:47892
  $$end_record
  The "source" here is our OWA server.  I have issued a certificate from our local CA(the same one that issued the Lync certs), making sure the CN of the certificate matches the OWA url.  Any ideas?

• Internal outlook client connectivity in exchange 2010 when coexist with exchange 2013

  Hi all ,
  on my side i would like to clarify few queries.
  Say for instance i am coexisting exchange 2010 with exchange 2013 .Unfortunately if all of my exchange 2013 servers goes down .
  Q1 .On that time will the internal outlook users having their mailboxes on exchange 2010 can be able to connect mailboxes without any issues ? In case if they face any issues what kind of issues will they be? Because why i am asking is we should have pointed
  the autodiscover service to exchange 2013 during coexistence.
  When an user closes and reopens the outlook after whole exchange 2013 environment failure ,outlook will first query the autodiscover service for the profile changes to get it updated on users outlook profile.In such case autodiscover service will not be
  reachable and i wanted to know will that affects the internal client connectivity for outlook users having their mailboxes on exchange 2010.
  Q2. Apart from outlook internal users connectivity ,what kind of exchange services(i.e owa,active sync,pop,external OA and imap) will get affected when whole exchange 2013 environment goes down during coexistence ?
  I have read the below mentioned statement on this awesome blog but still i wanted to clarify with you all on my scenario.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx<o:p></o:p>
  Internal Outlook Connectivity
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2010, they will still connect to the Exchange 2010 RPC Client Access array endpoint.
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2007, they will still connect directly to the Exchange 2007 Mailbox server instance hosting the mailbox.
  Please share me your suggestions and that would help me a lot .
  Regards
  S.Nithyanandham

  Hi Winnie Liang ,
  Thanks a lot for your reply.
  Scenario  1 : for internal outlook connectivity 
  We have below settings for exchange 2010 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2010 cas serves
  We are going to have below settings for exchange 2013 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2013 cas serves
  During coexistence mail.domain.com will be pointed to exchange 2013 cas servers . I mean to say if we try to resolve the mail.domain.com it will get resolved in to the exchange 2013 cas servers.
  So on such case if anything happened wrong to the new environment or else if entire environment goes down .Do we face any issues while outlook users connect to existing mailboxes in exchange 2010 ?
  Because why i am asking is ,on the below mentioned article i have read all the autodiscover request will go via exchange 2013 cas servers during coexistence.That means all the existing mailboxes in exchange 2010 will also have to query exchange 2013 cas
  servers for autodiscover request.During the whole exchange 2013 environemnt failure whenever the user tries to close and open outlook .Outlook will first queries the autodiscover service for any changes happened on that particular mailbox and it will try to
  get it updated on user profile.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  Would it be possible to make the exchange 2010 mailbox users to query only the scp points which belongs to the exchange 2010 cas servers for autodiscover request ?
  Scenario 2: For exchange services
  mail.domain.com - will be the namespace for all the exchange 2010 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  mail.domain.com - will be the namespace for all the exchange 2013 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  What about the above services will it get affected during whole exchange 2013 environment failure ?
  Note : We are not facing this issue , i hope everything goes well in my environment while doing coexistence i am just asking this question on my own interest?
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Exchange 2010 CAS proxy to Exchange 2013 CAS: Use the following link to open this mailbox with the best performance:

  Hello,
  I've installed Exchange 2013 into Exchange 2010 infrastructure
  [ single Exchange 2010 server; single AD site; AD = 2003 ],
  and moved one mailbox [ Test user ] to Exchange 2013.
  When I login internally through 2013 OWA to access mailboxes on 2010, then proxy works fine.
  When I login internally through 2010 OWA to access mailboxes on 2013, then a message appears:
      Use the following link to open this mailbox with the best performance: with link to 2013 OWA...
  What is wrong ?
  I've checked and changed settings by:
  Get-OwaVirtualDirectory, Set-OwaVirtualDirectory
  [PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex10\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
  Server                        : EX10
  Name                          : owa (Default Web Site)
  ClientAuthCleanupLevel        : High
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : True
  DigestAuthentication          : False
  FormsAuthentication           : True
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  RedirectToOptimalOWAServer    : True
  LegacyRedirectType            : Silent
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://ex10.contoso.com/owa
  ExternalUrl                   : https://ex10.contoso.com/owa
  [PS] C:\work>Get-OwaVirtualDirectory -Identity 'ex13\owa (Default Web Site)' | fl server,name, *auth*,*redir*,*url*
  Server                        : EX13
  Name                          : owa (Default Web Site)
  ClientAuthCleanupLevel        : High
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : True
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  RedirectToOptimalOWAServer    : True
  LegacyRedirectType            : Silent
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://ex13.contoso.com/owa
  ExternalUrl                   :
  best regards Janusz Such

  Hi Janusz Such,
  Based on my knowledge, CAS proxy can only from later version to previous version.
  Some like CAS2013 to CAS2010/2007, CAS2013 to CAS2013. 
  Thanks
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Mavis Huang
  TechNet Community Support

• Securing publishing exchange 2010 OWA and ActiveSync with WAP 2012

  Hello,
  my client have the following environment:
  Exchange 2010 sp3
  AD 2003
  we want to secure activesync and owa by using reverse proxy. TMG/UAG life ends 2015, then we study WAP 2012 and ADFS 3.0. the difficulties is there is not enough experience feedback, specially for this environnement.
  Is there any incompatibility ?
  do you know good articles and blogs which address this issue ?
  Thanks in advance

  Are any other options available since posting in June 2014?  Specifically for securing ActiveSync connections from smartphones on the Internet.  We are running Exchange 2010 in AD 2008  
  TMG has already transitioned from mainstream to extended support.  Not only is there less support now, to my understanding there is still a licensing cost for this product.  Paying for a product at EOL seems inadvisable.
  Web Access Protocol (WAP) looked like the right choice, but to secure communications from domain users on unknown devices over the Internet requires Exchange 2013 which is "claims aware".  Exchange 2010 is not and what we are left with is
  configuring WAP in pass-thru mode, allowing unauthenticated Internet traffic into our internal network where the Exchange CAS server is. 
  Is there any Microsoft solution to authenticate the user before allowing the user's device to connect to our CAS server on our internal network.

• Exchange 2010 CAS array with Exchange 2013 Mailbox Servers

  Here is our current scenario,
  Exchange 2007
  2 - Hub Transport Servers
  2 - CAS servers (cluster NLB)
  2 - Mailbox servers (clustered)
  Exchange 2010
  2 - Huib Transport Servers
  3 - CAS servers (array NLB)
  2 - Mailbox servers (1 DAG)
  We have not migrated any users to the Exchange 2010 environment yet. We're thinking that at this point we would rather go from 2007 to 2013. Does the 2013 mailbox server work with a 2010 CAS array?

  Hi,
  As far as I know, CAS array doesn' t exist in Exchange 2013. And OWA and other requests can be proxyed and redirected from Exchange 2013 to Exchange 2010.
  For more information, you can refer to the following article:
  http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• Migrating an Exchange 2010 Generated OAB to Exchange 2013

  Hello,
  I'm trying to find some information on how to migrate the offline address book from Exchange 201o to Exchange 2013, but I'm having a lot of trouble finding anything at all that is of any use, so I was hoping the experts here might be able to offer some advice.
  I have an environment where all mailboxes are on Exchange 2010. Recently I introduced Exchange 2013 into the environment, so we have a co-existence situation. At the moment we run a multi-tenant system that has over 1600 OABs, all assigned to various customers
  using Address Book Policies. Soon, I will be starting to migrate mailboxes to 2013, so I was looking at what closing down activity is necessary to remove 2010, with one of the tasks being the transferral of the OAB. I understand the arbitration mailbox bit
  and how it works on 2013, equally I understand the 2010 bit and how that works, but it's the transition from using a 2010 OAB to using a 2013 OAB that I don't understand. From what I've read to date it seems like the only option might be to totally recreate
  the OABs in 2013. Surely this can't be the only way, can it? This is going to be a mammoth task for me if that's the case. Can I therefore just ask whether anyone knows anything about this in something other than a basic almost default environment where everyone
  only uses a single OAB and its an easy task?
  I have seen another post here in the forums about this:
  http://social.technet.microsoft.com/Forums/en-US/121f282c-1ff4-401d-9257-5dfbf17d4a5c/going-from-exchange-2010-to-exchange-2013-what-about-my-2010-oab?forum=exchangesvrgeneral
  I didn't fully understand the answer though. In the article above it states:
  "NO you don't have to move, all OAB's have already been created and stored in your OABGEN mailbox and are safe there Updating 12 times a day. The way OABs are stored has changed and its even better. all OABs have gone into <Default Offline
  Address Book 2013>."
  But that still doesn't detract from the fact that whether there's any kind of sync going on or not, I still have 1600+ OABs generated by a 2010 server, and either I can't uninstall the last 2010 server because of that, or I delete the OAB, in which case
  I lose the OAB anyway. Or is the articles trying to state that I don't need multiple OABs because it's all in the default, and that even if I use multiple ABPs then each one should use the default OAB? That doesn't sound right.
  I have tested doing it the manual way in a lab (by that I mean creating a new OAB in 2013, then replacing a test user's OAB in the ABP assigned to them). That seems to work, but I don't want to have to do it that way for everyone if I can avoid it.
  Any help would be much appreciated on this. 

  Ok, so I think I've got an answer to my own question here. Based on my own testing to find out how easy it would be to have to do a delete/recreate of the OABs in 2013 (given that I have over 1600 ABPs and corresponding OABs in a multi-tenant environment),
  I've got this:
  Identify ABPs and which 2010 OABs they use using Get-AddressBookPolicy
  Identify which address lists the 2010 OABs use using Get-OfflineAddressBook
  Create new OABs (maybe same name but putting '2013' on the end or something)
  Switch the OAB defined in the ABP using Set-AddressBookPolicy with the -OfflineAddressBook parameter
  Have I got that right? So actually, not too hard really (if I'm right of course), because I don't have to build any new GALs or ALs based on specific extensionAttribute values, because it's not necessary.

• TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

  Hi,
   I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
  My setup is as follows:
  outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
  inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
  password is selected in the publishing rules.
  Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
  I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
  set in AD.
  If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
  and change my password using the correct URL. However if I point my browser at
  http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
  The only recent changes made are:
  - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
  - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
  Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
  I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
  http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
  If I try to use ldp.exe on the inner TMG, I get the error in the pic below
  Thanks
  IT Support/Everything

  Hi,
  You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
  TMG 2010 – FBA, troubleshooting the change password feature 
  http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
  Best Regards,
  Joyce

• Exchange 2010 Mailbox Users Cannot Access 2013 Shared Mailboxes

  Hi Guys & Girls,
  I've a painful issue with my environment which is made up of 1 x 2010 CAS server with 1x 2010 Mailbox server and 1x 2013 CAS server with 1 x 2013 mailbox server.
  The users who've yet to be migrated to 2013 and are still on the 2010 server are unable to open shared mailboxes which have already been migrated to 2013.
  When trying to access shared mailboxes on the 2013 servers they received the following error:
  The configuration of OutlookAnywhere on my two CAS servers is as follows:
  RunspaceId : aed28f13-cdd2-4dcf-a0a8-96b8e2518171
  ServerName : THCAS1
  SSLOffloading : True
  ExternalHostname : mail.resourcegroup.co.uk
  InternalHostname : mail.resourcegroup.co.uk
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods : {Ntlm}
  XropUrl :
  ExternalClientsRequireSsl : True
  InternalClientsRequireSsl : False
  MetabasePath : IIS://THCAS1.ResourceGroup.co.uk/W3SVC/1/ROOT/Rpc
  Path : C:\Windows\System32\RpcProxy
  ExtendedProtectionTokenChecking : None
  ExtendedProtectionFlags : {}
  ExtendedProtectionSPNList : {}
  AdminDisplayVersion : Version 14.3 (Build 123.4)
  Server : THCAS1
  AdminDisplayName :
  ExchangeVersion : 0.10 (14.0.100.0)
  Name : Rpc (Default Web Site)
  DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=THCAS1,CN=Servers,CN=Exchange
  Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
  Groups,CN=ResourceGroup,CN=Microsoft
  Exchange,CN=Services,CN=Configuration,DC=ResourceGroup,DC=co,DC=uk
  Identity : THCAS1\Rpc (Default Web Site)
  Guid : 71f76f2a-4ee1-4a9a-b2da-06d79e975403
  ObjectCategory : ResourceGroup.co.uk/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged : 26/11/2013 16:23:13
  WhenCreated : 25/11/2013 16:33:45
  WhenChangedUTC : 26/11/2013 16:23:13
  WhenCreatedUTC : 25/11/2013 16:33:45
  OrganizationId :
  OriginatingServer : thdc1.ResourceGroup.co.uk
  IsValid : True
  ObjectState : Changed
  RunspaceId : aed28f13-cdd2-4dcf-a0a8-96b8e2518171
  ServerName : THCAS2
  SSLOffloading : True
  ExternalHostname : thcas2.resourcegroup.co.uk
  InternalHostname : thcas2.resourcegroup.co.uk
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods : {Basic, Ntlm, Negotiate}
  XropUrl :
  ExternalClientsRequireSsl : True
  InternalClientsRequireSsl : False
  MetabasePath : IIS://THCAS2.ResourceGroup.co.uk/W3SVC/1/ROOT/Rpc
  Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
  ExtendedProtectionTokenChecking : None
  ExtendedProtectionFlags : {}
  ExtendedProtectionSPNList : {}
  AdminDisplayVersion : Version 15.0 (Build 712.24)
  Server : THCAS2
  AdminDisplayName :
  ExchangeVersion : 0.20 (15.0.0.0)
  Name : Rpc (Default Web Site)
  DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=THCAS2,CN=Servers,CN=Exchange
  Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
  Groups,CN=ResourceGroup,CN=Microsoft
  Exchange,CN=Services,CN=Configuration,DC=ResourceGroup,DC=co,DC=uk
  Identity : THCAS2\Rpc (Default Web Site)
  Guid : 39c5133f-14cb-4d44-ae9c-69f7fb0fc432
  ObjectCategory : ResourceGroup.co.uk/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged : 26/11/2013 16:23:05
  WhenCreated : 26/11/2013 12:49:17
  WhenChangedUTC : 26/11/2013 16:23:05
  WhenCreatedUTC : 26/11/2013 12:49:17
  OrganizationId :
  OriginatingServer : thdc1.ResourceGroup.co.uk
  IsValid : True
  ObjectState : Changed
  If anyone could offer any help it'd be much appreciated, it's going to take several days to migrate my remaining 2010 users to 2013 which is causing a lot of use complaints.

  Hi Seb,
  Try the following please.
  1- Remove the existing assigned mailbox permission from the mailbox.
  2- Assign the permission (Add-MailboxPermission) with -AutoMapping value set to $false.
  3- Launch Outlook. Then add the mailbox manually as an additional mailbox from the Account Settings. (Access to the mailbox by only following this step would also work but your user's then will have the same mailbox displayed twice hence
  step 1 & 2)
  ecsword

• Exchange 2010: OWA Options menu

  Hi all,
  I am having a problem with OWA on a customer's Exchange 2010 server.  With any account, including the Administrator account, when you click on "Options" after logging in, you get:
  "Sorry Access denied
  You don't have permission to open this page.  If you're a new user or were recently assigned credentials, please wait 15 minutes and try again.  If the problem persists, contact your administrator."
  Screen shot of this here:
  http://i51.tinypic.com/v6mc1c.jpg
  URL points to this folder:
  /ecp/?rfr=owa
  I'm thinking this has something to do with IIS.  Can someone point me in the right direction?
  Thanks in advance :) .

  Hi,
  Please try to check the RoleAssignmentPolicy attribute for the users and see if the “Default Role Assignment Policy” is assigned to the users by
  running the following command:
  Get-Mailbox “user” | Select-Object RoleAssignmentPolicy
  If no, please run the below mentioned commang to assign the default role assignment policy:
  Get-Mailbox “user”| Set-Mailbox –RoleAssignmentPolicy “Default Role Assignment Policy”
  Hope it helps.
  Best regards,
  Serena
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Thanks for this solution. I had the same problem!

• Exchange 2010 OWA access on internal LAN login form not working as expected

  hi
  We have exchange 2010 sp3 installed and working. we have two sites
  Site a
  1 x CAS
  2 X MBX
  Site b
  1 x cas
  2x mbx
  site A is the primary site we currently publish owa our through our TMG server located in the DMZ this is working as expected and carries out the forms authentication. our internal domain is company.local but our external domain is company.com
  we have created split DNS so that we could use a wildcard cert and to deal with CA new rules. All URL's in Exchange are configured to use the external reference of company.com/
  on the IIS server we have a redirection on the root of the site to redirect the requests through to OWA folder and we have basic Authentication enabled. on the OWA folder we have basic and windows authentication.
  The problem we have is that when users try to access OWA internally we get username and password box appears once you login with this it then takes you through to the the normal login screen and you have tyo login again I'm thinking that this is the windows
  authentication that is causing this but not sure?
  also would be good to get an understanding as to what the Authentication, SSL and redirection setting should be set to on your CAS servers as looking at the ECP and autodiscover folder within IIS this currently has a redirect set to go to OWA surely that
  cannot be right,
  thanks
  J

  Hi
  you are correct, the immediate concern is the double login to owa i do however want to also know what the settings/configuration for Authentication redirection and SSL should be set to on all virtual directories.
  we do not have any additional OWA virtual directories just the default
  These are the current live servers
  Identity                      : ACAS01\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://email.Company.com.com/owa
  ExternalUrl                   : https://email.Company.com/owa
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  Identity                      : BCAS01\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               : https://www.Companyt.co.uk/
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  These are the new servers which i have just installed
  Identity                     : CAS05\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  Identity                      : CAS06\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  Identity                      : CAS04\owa (Default Web Site)
  Url                           : {}
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   : https://webmail.Company.com/owa
  ExternalUrl                   : https://webmail.Company.com/owa
  InternalAuthenticationMethods : {Basic, Fba, Ntlm, WindowsIntegrated}
  ExternalAuthenticationMethods : {Fba}
  I have noticed that FBA is set on the new servers does this need turning off and if so is this on IIS or in Exchange?
  the link that you have provided talks about creating new Vdir for TMG we are looking at removing TMG and replacing it with KEMP load balancers would we still need to have two Vdir to make FBA work internally and externally
   to make a new vdir do you need a new IP address? and what are the steps required in Exchange and IIS to get this working.
  thanks
  Jason