Legacy Namespace for Exchange 2007 to 2013 co-existence
We are migrating from Exchange 2007 to 2013, during the co-existence phase, where is the legacy.{domain.com} namespace used? We are at the point now that we want to move all services over to the Exchange 2013 CAS servers, however... GPO settings
are used to point outlook clients to mail.{domain.com} for Outlook Anywhere. If DNS is updated to point mail.{domain.com} to the Exchange 2013 servers, will there be an issue with connectivity for people still on the Exchange 2007 servers? Do these people
need to point to legacy.{Domain.com} or will mail.{domain.com} proxy the connection to the legacy namespace? I would like to know if the GPO settings will interfer with the settings that Autodiscovery provide back.
I have read a bunch or articles on the approach, but I am still fuzzy on where legacy.{domain.com} comes into play.
Thanks in advance for your help.
In coexistence with exchange 2013 and legacy version the request happens in 2 types.
For Exchange 2010 –
Exchange 2013 does a Proxy for owa and ews requests for users in exchange 2010.
For Exchange 2007 –
Exchange 2013 does redirection for owa and ews requests for users in Exchange 2007.
Certificates:
All the required SAN entries for UM,webservices and activesync should be created.
Add external owa legacy URL to the public certificate and install it on both Exchange 2007 and
Exchange 2013 only then owa redirection will work.
You need to Include internal Legacy. Domain.com on Exchange 2007 Certificate for OWA co-
Existence.
Following change needs to be done in Firewall
External OWA URL should be directed to exchange 2013 Internet Facing CAS.
External EWS URL should be directed to exchange 2013 Internet Facing CAS.
External Autodiscover URL should should be directed to Exchange 2013 CAS.
External ActivesyncVirtualDirectory should be directed to Exchange 2013 CAS.
External UMvirtualDirectory should be directed to Exchange 2013 CAS.
Create new NAT rule on firewall for Legacy.domain.com to Exchange 2007 CAS. You can do this as well.By doing this users will be able to log on directly using the URL https://legacy.domain.com/owa with
a mailbox on Exchange 2007.
External and Internal DNS settings
Public DNS - Map all of your external public DNS records (ews,owa,activesync etc.,) to your
exchange 2013 public IP if you have dedicated one for 2013 or FQDN of your internet facing CAS server.
Example:
Current external owa URL (contoso.domain.com) – point it to dedicated exchange 2013 public ip or internet facing exchange 2013 CAS FQDN.
Current External Autodiscover – point it to dedicated exchange 2013 public ip or internet
facing exchange 2013 CAS FQDN
Internal DNS – Configure the Exchange 2007 to point SCP AutoDiscoverURI to Exchange 2013 Client
Access FQDN by changing DNS entry for Autodiscover.domain.com to exchange 2013 CAS sever Ip
address
The internal DNS records should point to the internal host name and IP address of your Exchange
2013 Client Access server
Make sure that legacy.contoso.com resolves to CAS2007 in internal and external DNS.
Authentication Settings:
This part is little bit tricky. You need to plan according to your organization. If you have FBA configured in TMG or ISA server then you need to configure accordingly.
Set the owa virtual directory authentication only to Basic in exchange 2007.
In exchange 2013 set owa virtual directory to only (Windows Authentication) or only (form-based authentication) or only (Basic, No redirection, SSL Enabled) depends according to your setup.
Things to check:
If you have redirection configured in IIS on the Exchange 2007 Server Make sure that the above
Virtual Directories doesn’t have it configured.
If you have FBA enabled on ISA or TMG then disable FBA on Exchange 2013 CAS else users will be prompted twice for authentication
For further references you can refer my article below
http://exchangequery.com/2014/09/24/owaews-configuration-in-exchange-20132007-coexistence/
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish (MVP)
Similar Messages
-
Free/Busy not working Exchange 2007 and 2013 co-existence
Hi,
I'm migrating our Exchange 2007 environment to Exchange 2013. Now I am in a co-existence environment where all the mailboxes except some test-users resides on Exchange 2007. Between Users on the same Exchange MBX Server athe FREE/BUSY Information sharing
works correctly, but between Exchange 2007 and 2013 it's not working.
I verified my settings and also the EWS virtual directory on 2007 CAS Servers using Get-WebServicesVirtualDirectory.
The internal and the external URLs are set to https://legacy.mydomain.com/....
What am I missing?
Thanks & Kind Regards,
JürgenHi,
According to your description, I understand that the free/busy information between Exchange 2007 and Exchange 2013 is not available for your coexistence environment. To narrow down the issue, please check the following points:
1. Does the issue happen to all users or specific users?
2. Although a user on Exchange 2013 can't get free/busy information from a user on Exchange 2007, please confirm whether Exchange 2007 user can get free/busy information from Exchange 2013 users.
3. Close Outlook and only access user mailbox from OWA to check whether the issue persists. For Outlook client,
create a new Outlook profile
to have a try.
4. Please make sure the virtual directories settings are configured correctly in both Exchange 2013 and Exchange 2007.
Virtual directories settings in Exchange 2007:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration.aspx
Certificate and Virtual directories settings in Exchange 2013:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx
5. Restart IIS service in Exchange server by running iisreset /noforce from a command prompt window.
If possible, please run Test E-mail AutoConfiguration in Outlook to check whether the autodiscover service can get correct Availability service URL in the results. If there is any event logs, please collect some for further analysis.
Regards,
Winnie Liang
TechNet Community Support -
Namespace for Exchange 2003 == 2010 == 2013 Migration
Hi
Hope someone can help. I am working on an Exchange 2003 to 2010 migration, which will then quickly move onto a 2010 to 2013 migration and need some clarification on the namespaces to use. I am aware that if I do not do this right at the 2003
to 2010 migration, this will cause a headache at the 2010 to 2013 migration.
Some background:
2003 Functional Level Domain - 2 x 2008 DC's
Currently users are on a 2003 exchange cluster with a mix of RPC (internal users) and RPC over HTTP connections (roaming users)
We will be installing Exchange 2010 on a single server, with CAS, HUB and Mailbox roles and no load balancer, as we will be moving quickly to 2013.
We have two Kemp load balancers ready for Exchange 2013.
Exchange 2010 is installed on a single server (exh2010.domain.local) and configured with an CAS array name (exh-cas.domain.local) which is resolvable internally only.
Currently we have multiple smtp namespaces e.g. @company.com, @company2.com.
Our main website etc is www.company.com
Our public facing services are at https://service.mycompany.com
Our 2003 RPC address is https://webmail.mycompany.com
I understand that the 2010 RPC CAS array name should be separated from the Outlook Anywhere (RPC over HTTPS) address so that when 2013 takes over the HTTPS address, the RPC connections are not broken.
Two Questions:
Do we have to use the HTTPS same namespace for 2013 as we do in 2010? Its just I would want to test the Kemp load balancers before making them live (slow careful transition), and giving them a different namespace, e.g.
https://mail.mycompany.com would allow a migration, rather then a cutover.
Can we use the *.mycompany.com address rather then the company.com address, even though we have no SMTP addresses at mycompany.com? Can autodiscover still work?
Thanks in advance for any guidance
Cheers
Steve1. No, but you can. Exchange 2013 will proxy all services for Exchange 2010, so if you set up everything right, you should be able to simply swing the name from Exchange 2010 to 2013.
2. Your web services can be published with any domain as long as the hostname is in the certificate. Only Autodiscover needs to match the e-mail domain(s). So in your example, you could publish OWA, ECP, ActiveSync, Web Services and OAB
at owa.mycompany.com. You would need autodiscover.company.com, autodiscover.company2.com, etc., but if you don't have e-mail addresses with mycompany.com, you don't need autodiscover.mycompany.com. If all users have a company.com e-mail address,
the you only need autodiscover.company.com as long as users know to enter that e-mail address when configuring profiles on PCs or devices. If you're going to have to have Autodiscover for multiple domains, then you might consider using an SRV record
instead because it can greatly simplify your certificate requirements.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Migrate from Exchange 2007 to 2013 without modifying client devices
Let's use contesso.com as an example. Let's say the Exchange 2007 server's internal and external
name are currently mail.contesso.com. Now I am going to introduce a new Exchange 2013 server named mail2.contesso.com. The Exchange Server Deployment Assistant says that we should make the external DNS entry point mail.contesso.com to the 2013
server and legacy.contesso.com point to the 2007 server. That takes care of external clients. I don't understand how internal clients will find the correct server because they are all configured for mail.contesso.com which internally points to
the 2007 server. We have over 200 users with multiple devices. We do not want to be forced to create new Outlook profiles or change the configuration of their mobile devices.
Thanks,
Tina
Tina M. White Boundless DataHi,
Mail.contesso.com -> Exchange 2013 OWA/ActiveSync/OA
Legacy.contesso.com -> Exchange 2007 OWA/ActiveSync/OA
Autodiscover.Contesso.com
Make sure the Redirection settings are configured properly.
Regards,
Simon Wu
TechNet Community Support -
ActiveSync in Exchange 2007 and 2013 Coexistence
Hi,
I have exchange 2007 and 2013 coexisting (exchange 2007 sp3 update rollup 13/exchange 2013 SP1)
owa works fine from inside and outside, only that it requires users to authenticate twice when connecting from the external.
autodiscover works well for users on both 2007 and 2013
I have a public SAN certificate from verisign with 2 names on it, mail.mydomain.com and legacy.mydomain.com
I have A records configured for both names on my public DNS and internal DNS
THE ISSUES
testing activesync from testconnectivity.microsoft.com works fine when i run the test using a mailbox on Exch2013 but fails for mailbox on Exch2007.
New users on exch2007 & exch2013 are not able to setup email on their devices (blackberry and windows mobile),
Existing users on exch2007 can no longer receive mails on their mobile devices
URLs
Exchange 2007
Exchange 2013
Internal owa
mydomain.com/owa
mail.mydomain/owa
External owa
legacy.mydomain.com/owa
mail.mydomain.com/owa
AutoDiscover
mail.mydomain.com
mail.mydomain.com
EWS
legacy.mydomain.com
mail.mydomain.com
ECP
mail.mydomain.com
Internal ActiveSync
legacy.mydomain.com
mail.mydomain.com
External ActiveSync
$null
mail.mydomain.com
OutlookAnywhere
legacy.mydomain.com
mail.mydomain.com
I expect that users on exch2013 would be able to setup their mobile devices as the connectivity test completes successfully but it still does not.
Any help on this would be much appreciated ..
Richard ..
..forever is just a minute away*You don't need to use a legacy URL for ActiveSync in Exchange 2013. It will proxy ActiveSync for Exchange 2007 just fine. In fact, ActiveSync is usually the protocol that gives you the least amount of trouble in a transition. I recommend
you configure your URLs for the proxy configuration and point everything to Exchange 2013 CAS.
http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Exchange 2007 and 2013 coexistence
Hi,
we have exchange 2007 and 2013 coexistence. we have created a new url for 2007 legacy servers. Now, when using OWA url (now set for exchange 2013 server) i am getting OWA exchange 2007 login page for exchange 2007 mailboxs.
I was expecting exchange 2013 OWA page and then redirection to OWA 2007.
ThanksHello,
Please check your DNS configuration and ISA/TMG rules.
We recommend you use TMG or UAG.
You can refer to the "TMG rules" section in the following article:
http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-3-step-by-step-exchange-2007-to-2013-migration.aspx
Cara Chen
TechNet Community Support -
Issue moving remote user from exchange 2007 to 2013
have moved over 60 people so far from exchange 2007 to 2013, it was going well with no major problems.
during migration I have created a DNS setting called legacy.mydomain.com, and it points to the old exchange server, while mail.mydomain.com points to the new exchange server.
outlook was working connecting to both servers, and OWA was working on both servers.
couple of remote users who connect via SSL-VPN and outlook 2010 had issues connecting, but as soon as I moved them to 2013 exchange they connected without vpn using outlook anywhere.
but - I have one remote user who even though the mailbox move to the new 2013 server was successful, their outlook still points to the 2007 exchange server.
if I try creating a new profile in outlook 2013, it fails because it cannot contact exchange server, even when ssl-vpn is running.
when I started troubleshooting I found lots of spyware on his laptop, symantec had been blocking some trojans, obviously he had downloaded something he shouldnt have.
could this have caused my outlook connectivity issue?
I ran malawarebytes, and it shows clean now, but still unable to get his outlook to connect.
I had thought about moving his mailbox back to the old server, seeing if it works on outlook, then moving it to the new one again.
any suggestions?I had thought about moving his mailbox back to the old server, seeing if it works on outlook, then moving it to the new one again.
Hi,
Have you done this step? Sometimes moving mailbox to another database can auto-fix problems.
According to your description, I know that all migrated mailboxes work well except a specific user. I notice that the user's laptop has a lots of spyware, and symantec has been clocking some trojans.
Please try to logon OWA to check whether this user works.
If works in OWA, it seems that the mailbox has been migrated to 2013 successfully.
Generally, re-creating profile can fix this issue. Unfortunately, you have tried it and failed.
Please try to run Outlook under safe mode to avoid AVs and add-ins.
Thanks
Mavis Huang
TechNet Community Support -
Can only access emails through OWA after migration from exchange 2007 to 2013
can only access emails through OWA after migration from exchange 2007 to 2013, in other words unable to access mails through outlook or from other Applications services.
needed RCA ... plz help..Hi,
From your description, you can send and receive messages only when you use OWA after migration from Exchange 2007 to Exchange 2013. If I have misunderstood your concern, please let me know.
In your case, I recommend you create a new test mailbox in your Exchange 2013 and check if you can send and receive messages on Outlook. If yes, it is recommended to create a new profile to solve this issue.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support -
How to migrate from exchange 2007 to 2013 step by step tutorials please
Hi
I am running Windows Server 2008 standard, with exchange 2007 SP2 on it.
We have 800 mailbox in total
Our domain controllers are
Win2012 R2 and I would like to upgrade to Exchange 2013 on Windows server 2012 R2.
I am running a VM, on VMware environment, so my Windows 2012 R2 is a VM.
Is there a website or document that explains in detail, step by step how to upgrade from 2007 to 2013.
I currently only have 1 exchange server 2007, with all the roles on the one server. I would like to keep that same as
well with exchange 2013.
ThanksExchange server deployment assistant is always a good service provider to achieve this task as it simply ask few questions about your current environment and proceed further accordingly.
You can refer to this blog explained by technet team that will assist you further to gather more information in depth : http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-1-step-by-step-exchange-2007-to-2013-migration.aspx
Moreover, to avoid the interruptions and proceed a hassle-free migration from exchange 2007 to 2013, this application (http://www.exchangemigrationtool.com/) could also be a good approach to accomplish
migration task in more secure way. -
Migration from Exchange 2007 to 2013 gives error "Failed to communicate with the mailbox database'
I have been trying to migrate several databases from Exchange 2007 to Exchange 2013. The migration started successfully, and many of the mailboxes moved successfully (about 70). The remaining mailboxes, failed. Looking deeper, we found a few issues; The
two 2013 Mailbox servers were on different versions. The Server had run out of disk space, and the NIC drivers needed to be updated.
Now when we try to migrate a mailbox that had failed in the earlier batch, we get the following error:
Data migrated:
Migration rate:
Error:
MigrationTransientException: Failed to communicate with the mailbox database. --> Failed to communicate with the mailbox database. --> MapiExceptionNetworkError: Unable to make connection to the server. (hr=0x80040115, ec=-2147221227) Diagnostic
context: ...... Lid: 9624 dwParam: 0x0 Msg: EEInfo: Detection location: 501 Lid: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0 Lid: 11672 dwParam:
0x0 Msg: EEInfo: NumberOfParameters: 4 Lid: 8856 dwParam: 0x0 Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp Lid: 8856 dwParam: 0x0 Msg: EEInfo: prm[1]: Unicode string: <Server
FQDN> Lid: 12952 dwParam: 0x0 Msg: EEInfo: prm[2]: Long val: 3749909585 Lid: 12952 dwParam: 0x0 Msg: EEInfo: prm[3]: Long val: 382312662 Lid: 45169 StoreEc: 0x824
Lid: 50544 ClientVersion: 15.0.847.32 Lid: 52080 StoreEc: 0x824 Lid: 44273 Lid: 49064 dwParam: 0x1 Lid: 37288
StoreEc: 0x6AB Lid: 49064 dwParam: 0x2 Lid: 59431 EMSMDB.EcDoConnectEx called [length=203] Lid: 51239 EMSMDB.EcDoConnectEx exception [rpc_status=0x6D9][latency=0]
Lid: 62184 Lid: 16280 dwParam: 0x0 Msg: EEInfo: ComputerName: n/a Lid: 8600 dwParam: 0x0 Msg: EEInfo: ProcessID: 3460 Lid: 12696 dwParam: 0x0 Msg: EEInfo:
Generation Time: 0414-04-07T16:32:03.2100000Z Lid: 10648 dwParam: 0x0 Msg: EEInfo: Generating component: 2 Lid: 14744 dwParam: 0x0 Msg: EEInfo: Status: 1753 Lid: 9624
dwParam: 0x0 Msg: EEInfo: Detection location: 501 Lid: 13720 dwParam: 0x0 Msg: EEInfo: Flags: 0 Lid: 11672 dwParam: 0x0 Msg: EEInfo: NumberOfParameters: 4 Lid: 8856
dwParam: 0x0 Msg: EEInfo: prm[0]: Unicode string: ncacn_ip_tcp Lid: 8856 dwParam: 0x0 Msg: EEInfo: prm[1]: Unicode string: <Server FQDN> Lid: 12952 dwParam: 0x0 Msg: EEInfo:
prm[2]: Long val: 2767313664 Lid: 12952 dwParam: 0x0 Msg: EEInfo: prm[3]: Long val: 382312662 Lid: 59505 StoreEc: 0x824 Lid: 50544 ClientVersion:
15.0.847.32 Lid: 52080 StoreEc: 0x824 Lid: 36081 Lid: 51152 Lid: 52465 StoreEc: 0x80040115
Lid: 60065 Lid: 33777 StoreEc: 0x80040115 Lid: 59805 Lid: 52487 StoreEc: 0x80040115 Lid: 19778 Lid: 27970
StoreEc: 0x80040115 Lid: 17730 Lid: 25922 StoreEc: 0x80040115
All of the issues listed above have been corrected, and all of the databases are mounted. Users are able to send and receive mail, but I can not migrate mail using the Migration Batch utility.
The destination server is a Hyper-V Guest running Server 2012, SP1, and Exchange 2013
The Source Server is Running Exchange 2007.
I have tried doing a test move to another destination server that is also Server 2012, and Exchange 2013, and the migration also failed.
I would appreciate any help you can give me!
Thanks,
JonAny update if you have resolved the issue.
Not similar, but this thread can be helpful while you migrate the mailboxes from exchange 2007 to 2013. Please check :http://social.technet.microsoft.com/Forums/exchange/en-US/721f0ae4-623a-4b02-adaf-f561d86c0426/move-mailboxes-and-public-folders-from-exchange-2007-to-exchange-2013?forum=exchangesvrdeploy&prof=required -
Receive Connector stopped working after Update Rollout 2 for Exchange 2007 SP2
One of the Exchange 2007 servers receive connector has stopped working since installing the latest rollout update for Exchange 2007 SP2 - for some reason the following error is received (when troubleshooting on the adjacent server) :
"Remote server server.domain.co.uk failed the mail acceptance test. MAIL FROM command: Respond = 530 5.7.1 Client was not authenticated."
Most admins will know you usually get this when first setting up Exchange and the receive connector not allowing anonymous connections. But our setup has been working for well over a year with no problems. Even enabling anonymous connections still doesn't fix the problem.
Our setup is 2 exchange servers across 2 sites, with the problematic server never receiving email from the internet, only from the other Exchange server (which is internet facing). The above error is received when the internet facing server is relaying email over to the problematic server. Though in the message queue the following error is received:
"SMTPSEND.DNS.NonExistantDomain; nonecistant domain"
After testing DNS that all seems fine, so I don't believe it's a DNS problem.
Any ideas why this would happen?
Thanks,
MattHi Matt....
To receive e-mails from the external servers or domains or clients, you can setup a new receive connector on Hub Transport Server. To do this task, you can go through the steps mentioned in this blog....
https://mailsolutions.wordpress.com/2015/02/06/resolving-error-530-5-7-1-client-was-not-authenticated-with-receiver-connector/
Hope this will work
Thanks -
GroupWise 7.0 API Gateway is supported for Exchange 2007?
Can someone confirm that GroupWise 7.0 API Gateway is supported for Exchange 2007?
I found a note in a guide that stated it was not YET supported as of 1/27/2008.bwalker2,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/ -
OWA Blank Logon Page After Update Rollup 12 for Exchange 2007 SP3
Hello
After installing Update Rollup 12 for Exchange 2007 SP3, can no longer access OWA - internally or externally through Internet Explorer - I just get a blank page (with IE). If I use Chrome or Firefox, and it uses the basic logon, I get a page with just
text, and am able to logon successfully. I have looked at several related forums, but have not found a fix yet. I've seen several people with similar issue have had success by copying contents from a previous owa folder version to the latest one, then running
Updateowa.ps1 and restarting IIS. This did not resolve the issue for me.
Another forum suggested running remove-owavirtualdirectory and
new-owavirtualdirectory, however I haven't attempted that yet, as I'm unsure how I could reverse the changes that the command runs if things get worse.
Any assistance will be appreciated.Hi,
I encountered a same situation,after recreating
the virtual directory, the issue was solved.
The following article for you reference:
How To: Recreate OWA Virtual Directory – Exchange 2007
Hope this helps!
Thanks.
Niko Cheng
TechNet Community Support -
Exchange 2007 to 2013 coexistence Legacy access
I’ve successfully installed Exchange 2013 CU1 (in a cloned environment so I’m no harm done
J) and most thinks seems to work but OWA and Active Sync on EX2007 mailboxes give me some headache.
I’ve created a legacy.company.com DNS record, reconfigured the virtual directories on EX2007 and set OWA to FBA/basic.
OWA IS redirected to EX2007 legacy URL but authentication is not being passed through and you have to enter username password again at the EX2007 OWA site. Active Sync (tested on Iphone) works but you have to enter password at every sync.
What could I be missing?
/Søren EmigFiona,
Reading through the first technet link, it makes it seem as though redirection should happen silently and the FBA should be passed to the CAS2007 server seemlessly.
CAS2007 will consume that hidden form's data, authenticate the user and:
Retrieve and render the user's mailbox data from the Exchange 2007 mailbox server and provide the data view back to the user. The response will contain an FBA cookie for the legacy namespace, and from that point on all user activity within the session
will go to legacy CAS only.
Or proxy the request to the Exchange 2003 mailbox server and provide the data view back to the user. The response will contain an FBA cookie for the legacy namespace, and from that point on all user activity within the session will go to legacy CAS
only.
That sounds like the OWA page should render without the user logging in a second time. Also, if you look at the docs for Exchange 2010, the scenario is the same. http://technet.microsoft.com/en-us/library/bb310763(v=exchg.141).aspx
CAS-01 will look for an Exchange 2007 ExternalURL property
that has an ExternalAuthenticationMethods setting
that's identical to theInternalAuthenticationMethods setting
on the Exchange 2010 Client Access server. If the settings match, CAS-01 will redirect to this external URL. If source and target CAS have Forms Based Authentication (FBA) enabled, the source CAS issues a hidden form back to the browser that contains the user’s
credentials and FBA settings, along with the redirect URL. This is transparent to the user.
Now if the SSO code for Exchange 2013 is not ready, that is another matter. But there is no documentation that I could find explicitly stating this. -
Exchange 2013 Migration issues
I have three issues and decided to list them here. Please pick and choose to assist. Thanks in advance.
Environment:
Mixed 2007 SP3 R12 and 2013 CU3. 2007 Environment was webmail.domain.com. I installed new Exchange 2013 (1 CAS, 1 Mailbox) according to:
http://technet.microsoft.com/en-us/library/ff805032(v=exchg.150).aspx. Exchange 2007 is now legacy.domain.com and Exchange 2013 CAS is webmail.domain.com.
Machine 1: Windows 8.1, not domain joined, using Outlook Anywhere external. Outlook 2013
Machine 2: Windows 7, domain joined, using Outlook Anywhere internal. Outlook 2010 SP2
I have migrated 1 user so far to Exchange 2013. This user was a Domain Admin. I have removed that membership. I checked the box to inherit permissions of the security of the object and reset the AdminCount attribute in ADSIedit to 0 and verified this replicated
to all domain controllers. ( I originally thought this to be the issue with it prompting for the password. )
Here is a Get-OutlookAnywhere cmdlet...
ServerName : EXCHANGE2007SVR
SSLOffloading : False
ExternalHostname : legacy.domain.com
InternalHostname :
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Basic
IISAuthenticationMethods : {Basic}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : False
MetabasePath : IIS://EXCHANGE2007SVR.domain.local/W3SVC/1/ROOT/Rpc
Path : C:\WINDOWS\System32\RpcProxy
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 8.3 (Build 83.6)
Server :
EXCHANGE2007SVR
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE2007SVR,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=DOMAIN,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=local
Identity : EXCHANGE2007SVR\Rpc (Default Web Site)
Guid : 4901bb14-ab81-4ded-8bab-d5ee57785416
ObjectCategory : domain.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 12/31/2013 4:08:04 PM
WhenCreated : 7/18/2008 10:56:46 AM
WhenChangedUTC : 12/31/2013 9:08:04 PM
WhenCreatedUTC : 7/18/2008 2:56:46 PM
OrganizationId :
OriginatingServer : DC1.domain.local
IsValid : True
ObjectState : Changed
ServerName :
EXCHANGE2013SVR
SSLOffloading : True
ExternalHostname : webmail.domain.com
InternalHostname : webmail.domain.com
ExternalClientAuthenticationMethod : Basic
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods : {Basic, Ntlm}
XropUrl :
ExternalClientsRequireSsl : True
InternalClientsRequireSsl : True
MetabasePath : IIS://EXCHANGE2013SVR.domain.local/W3SVC/1/ROOT/Rpc
Path : C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
ExtendedProtectionTokenChecking : None
ExtendedProtectionFlags : {}
ExtendedProtectionSPNList : {}
AdminDisplayVersion : Version 15.0 (Build 775.38)
Server : EXCHANGE2013SVR
AdminDisplayName :
ExchangeVersion : 0.20 (15.0.0.0)
Name : Rpc (Default Web Site)
DistinguishedName : CN=Rpc (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE2013SVR,CN=Servers,CN=Exchange
Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
Groups,CN=DOMAIN,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=DOMAIN,DC=local
Identity : EXCHANGE2013SVR\Rpc (Default Web Site)
Guid : d983a4b1-6921-4a7f-af37-51de4a61b003
ObjectCategory : domain.local/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
WhenChanged : 1/7/2014 11:29:05 AM
WhenCreated : 12/31/2013 1:17:42 PM
WhenChangedUTC : 1/7/2014 4:29:05 PM
WhenCreatedUTC : 12/31/2013 6:17:42 PM
OrganizationId :
OriginatingServer : DC1.domain.local
IsValid : True
ObjectState : Changed
ISSUE 1
Issue: On Machine 1 (reference above) Windows Security prompt that says "Connecting to
[email protected]". Almost always prompts when Outlook is first opened. Afterwards (if it goes away) seemingly random on when it asks for it. I put in the credentials (absolutely correct) and it fails and prompts again.
I always check the box for it to save the password. To get rid of it, I click the Cancel button at which Outlook reports "NEED PASSWORD", but still acts fine sending and receiving emails. Eventually the "NEED PASSWORD" sometimes changes
to say "CONNECTED", but it works regardless.
No issues on Machine 2 so I don't know where the problem might be as there are a lot of variables in play here.
ISSUE 2
Migrated user is unable to open Public folders from Exchange 2007.
Cannot expan the folder. Microsoft Exchange is not available. Either there are network problems or the Exchange server is down for maintenance. (/o=...).
This error occurs on Machine 1, Machine 2 and from OWA, same error each time.
ISSUE 3
Apps. Installed by default are 4 apps (Bing Maps, Suggested Meetings, Unsubscribe, Action Items). I have made sure the apps are enabled in OWA and they show up in mail items on both Machine 1 (Outlook 2013) and OWA. They do not show up in Machine 2 (Outlook
2010). I'm assuming that isn't supported.
In OWA, when I go to the installed apps listing it shows all of the apps but has a broken link on the image describing the app.
When I click the app in either Outlook 2013 or in OWA, I get "APP ERROR, Sorry we can't load the app. Please make sure you have network and/or internet connectivity. Click "Retry" once you're back online.
Current workaround is just disabling them through OWA.Hello,
In order to avoid confusion, we troubleshoot a issue per thread usually.
For your first isue, I agree with Ed's suggestion to check if your certificate name is correct.
Besides, I recommend you change ExternalClientAuthenticationMethod from Basic authentication to Negotiate authentication to check the result.
For the second issue and third issue, please create a new post.
If you have any feedback on our support, please click here
Cara Chen
TechNet Community Support
Maybe you are looking for
-
Report shows no data in the Viewer
Hello, i'm new to Crystal Reports and i have to develop a few Reports. I load the data with a stored procedure form a sql-server. This is working and i get all datas i need. But the Report Viewer doesn't show any data. I don't know why. If i do it ov
-
hi,all I want to use imported JAR packet, in UDF I use the code : InputStream istr = getClass().getClassLoader().getResourceAsStream("property.txt"); for read file "property.txt" what is in JAR Packet, Is it correct way ? Best Regards Hengbing
-
Adding one more table to the select statement joining 4 tables gives dump
Hi All, There is a select statement using which four tables namely VBAK,VBAP,LIPS and LIKPUK(view) are joined(inner join).Here, date and time fields are selected from LIPS and used. My requirement is to consider the Date (LIKP - WADAT_IST) instead of
-
Crystal 9 dist - Brother QL-1050 printer
We use the Crystal 9 distribution to view reports from our application. A bespoke report has been written and setup/configured to use "Brother QL-1050" label printer (used to produce box labels). If they choose to preview the report, prompts for para
-
Feb 15 16:39:59 localhost PCI: BIOS Bug: MCFG area at e0000000 is not E820-reserved Feb 15 16:39:59 localhost PCI: Not using MMCONFIG. Feb 15 16:39:59 localhost ACPI: Error attaching device data Feb 15 16:39:59 localhost ACPI: Error attaching device