OWA 2013 and Timeout

OWA 2013 (CU6) timeout values have been set according the following article.
http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/OutlookOWA/how-configure-public-and-private-computer-settings-owa-2013.html
On the "external" or "public" side - default is 15 minutes. When 15 minutes of inactivity occurs, OWA does not exit the session. Instead the content remains on the screen - and you can browse around the information that remains
in the display. You cannot create a new message or open a message in a new window.
If a browser "refresh" is sent the logon to OWA screen appears.
Contacted Microsoft and they were also able to reproduce this same behavior.
This is not a secure way to handle timeout. Anyone else experience this?

Hi,
The time-out feature will only works with Forms-Based Authentication method enabled on CAS server.
http://technet.microsoft.com/en-us/library/bb124787(v=exchg.141).aspx
Although this document applies to Exchange 2010, it’s just the same in Exchange 2013.
In addition, is there TMG in your deployment? If yes, please refer to the following document to
configure the idle session time-out period for Outlook Web Access clients.
Before performing this task, we must have a Web listener that uses forms-based authentication for Outlook Web Access.
http://technet.microsoft.com/en-us/library/cc995140.aspx
Best Regards.

Similar Messages

OWA 2013 and Entrust certification

hi,
is there a way to have entrust encryption working with OWA 2013 ?

Or are you referring to Entrust?
http://www.entrust.com/
And if so...
Are you asking if Entrust SSL certs can be used (I would imagine, just like Digicert or Comodo, etc.).
If you are asking about two-factor authentication (?)
Not sure...
If you could explain more precisely what you are looking for, perhaps we could help you better.
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

Authorization Error Exchange 2013 and Mobile MS Outlook

With some logins
problem when connected via an MS Outlook for android client
writes that not correct login, password, domain.
And on the other
logins all right, authorization and connection
checked through https: //testconnectivity.microsoft.som
all right.

Hi,
The ability for users to use Search folders isn’t currently available in Exchange 2013. When you use Outlook in Exchange Cached Mode, the local copy of your mailbox maintains a Finder folder. So, with cached mode enabled we can make search folders still
there when we re-open Outlook.
For Outlook Online mode(cached mode off) and OWA 2013, Outlook is directly connected to Exchange mailbox without local cached. The search folder can’t be automatically synced to mailbox. Therefore, Search folders are not supported in OWA 2013 and Outlook
Online mode. We can refer to the Outlook We App and Outlook part in the following article:
What's Discontinued in Exchange 2013
http://technet.microsoft.com/en-us/library/jj619283(v=exchg.150).aspx
Regards,
Winnie Liang
TechNet Community Support

Exchange 2013 and OWA 2013 customization

Hi all
In OWA 2013 we try to manage customization in UIExtensions.xml as in previous Exchange 2010 OWA version.
Problem is that any new entries in <SmallIconMappings>, <RightClickMenuExtensions> and <NewItemMenuEntries> are not accepted by OWA. Is there something new on background what needs to be set/changed to allow OWA work with this
customization?
Any advise?
Thanks!
cciapocka

Same issue here! Any news about this issue?

Exchange 2013 and 2010 co-existance

We will have 2013 and 2010 exist together for a while...we plan to move away from using Unified Access Gateway for HTTP redirection to our Exchange services and implement Kemp
load balancers...two at our HQ site and two at our DR stie...
We plan to have a one arm configuration...from what I gathered...each load balancer will have a network connection and only one network connection and be on the same network as
our new Exchange 2013 servers. Can someone take a look at my config and give some input whether or not this will work and some suggestion on Ex13 urls, cert SAN names, etc.
HQKemp 2400 A
HQKemp 2400 B
DCKemp 2400 A        DCKemp 2400 B
172.16.1.104
172.16.1.105
172.25.1.104
172.25.1.10
Virtual IP   172.16.1.106
                         Virtual IP
172.25.1.104
From the video I’ve watched for Kemp install…we’ll create the following internal DNS records for the Exchange services that will be configured on balancers.
OWA/ECP
    mail.corp.local.com
              172.16.1.107
EWS               ews.corp.local.com
172.16.1.108
OAB               oab.corp.local.com
172.16.1.109
ActiveSync      mobile.corp.local.co
172.16.1.110
OA                 oa.corp.local.com
172.16.1.111
Autodiscover   autodiscover.corp.local.com 172.16.1.112
Question:
We will configure the Exchange services with these ip addresses linked to each service on all four load balancers?
Or will DR site load balancers have different IPs configured for same Exchange services?
Exchange services are split between our two sites…meaning Outlook Anywhere is configured for our CAS servers at our DR site and ActiveSync comes to HQ CAS servers as an example…so
I want all Exchange services to come through the newly installed load balancers at HQ and if they don’t respond…the Exchange services get redirected to the load balancers at our DR site.
Can you give some insight on the config of load balancers as to how we can do that?
I have a question about the cert we will have.
Our Microsoft rep says we should get a new wildcard cert…currently we have a UCC cert with the following SANs attached.
Will this new cert have to be installed on load balancers?
If so…can you suggest some ideas as to what new SANs I need if any of the new cert with Exchange 2010 and 2013 co-existing for a while.
Below are the SANs on our current UCC cert.
Outside resolvable SANs
Webmail.corp.local.com
205.223.19.25           portal.corp.local.com     205.223.27.78
Portal2.corp.local.com
205.223.19.25
Autodiscover.corp.local.com
205.223.19.25
Internal SANs
Hqcas1.corp.local.com
Hqcas2.corp.local.com
Dccas1.corp.local.com
Dccas2.corp.local.com
Owamail.corp.local.com
(this CAS Array server name that HQ CAS servers create)
What do you suggest we use for the external urls on Exchange 2013 for these services?
Our firewall guy says we’ll use same names,
but I’m not sure if we try to use same name if we’ll get an error?
Active Directory may say name already in use?
We plan to have firewall to just redirect requests for external urls to load balancers…sound correct?
Meaning load balancer won’t have an external NIC defined…which makes it a one arm config…correct?

Hi Techy,
According to your description, I am still not quite sure about your environment. Could you please provide more information about it, such as:
1. How many Exchange servers in your coexistence environment? One Exchange 2010 with all roles and one Exchange 2013 with all roles? Or several Exchange 2010 and multiple Exchange 2013?
2. Are there two sites in your environment? What’s the Exchange deployment in different sites?
3. Please confirm if both Exchange 2010 and Exchange 2013 are Internet-facing.
Additionally, if you are using different namespaces for different services for internal access and external accessing, we need to include all service namespaces in your certificate with IIS service. Personal suggestion, we can follow ED Crowley’s suggestion
to use split-brain DNS in your environment and only use the same namespace for Exchange service URLs.
The following article described the details about how to configure different namespace for Exchange services by using Load Balance in Exchange 2013:
http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/introducing-load-balancing-exchange-server-2013-part2.html
Regards,
Winnie Liang
TechNet Community Support

OWA 2013 : An error occurred while signing this S/MIME message. No certificate was found.

Hi,
I've configured SMIME (certificate templates, signing/encryption certificate, etc.)
All users receive their certificate, and in Outlook (2010) everything is working as expected.
When I use the OWA 2013 however to send an encrypted message, I receive the error :
"An error occurred while signing this S/MIME message. No certificate was found. If you have a smart card-based certificate, insert the card and try again."
environment : exchange 2013 SP1, ie 9 and 10
Get-SMIMEConfig
[PS] D:\Scripts>Get-SmimeConfig
RunspaceId : 24178a41-aead-45fc-a4c2-5504b2541e7e
OWACheckCRLOnSend : False
OWADLExpansionTimeout : 60000
OWAUseSecondaryProxiesWhenFindingCertificates : True
OWACRLConnectionTimeout : 60000
OWACRLRetrievalTimeout : 10000
OWADisableCRLCheck : False
OWAAlwaysSign : False
OWAAlwaysEncrypt : False
OWAClearSign : True
OWAIncludeCertificateChainWithoutRootCertificate : False
OWAIncludeCertificateChainAndRootCertificate : True
OWAEncryptTemporaryBuffers : True
OWASignedEmailCertificateInclusion : True
OWABCCEncryptedEmailForking : 0
OWAIncludeSMIMECapabilitiesInMessage : False
OWACopyRecipientHeaders : False
OWAOnlyUseSmartCard : False
OWATripleWrapSignedEncryptedMail : True
OWAUseKeyIdentifier : False
OWAEncryptionAlgorithms : 6610
OWASigningAlgorithms : 8004
OWAForceSMIMEClientUpgrade : True
OWASenderCertificateAttributesToDisplay :
OWAAllowUserChoiceOfSigningCertificate : False
SMIMECertificateIssuingCA :
SMIMECertificatesExpiryDate :
SMIMEExpiredCertificateThumbprint :
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Smime Configuration
DistinguishedName : CN=Smime Configuration,CN=Global Settings,CN=customer,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=customer,DC=com
Identity : Smime Configuration
Guid : 1184683a-2fcd-446b-98a6-bf0fb16ca282
ObjectCategory : customer.com/Configuration/Schema/ms-Exch-Container
ObjectClass : {top, container, msExchContainer}
WhenChanged : 17/06/2014 14:21:52
WhenCreated : 17/06/2014 14:21:52
WhenChangedUTC : 17/06/2014 12:21:52
WhenCreatedUTC : 17/06/2014 12:21:52
OrganizationId :
OriginatingServer : DC1.customer.COM
IsValid : True
ObjectState : Unchanged

Have you set up a virtual certificate collection? Looks like that's new with Exchange 2013:
http://technet.microsoft.com/en-us/library/dn626158(v=exchg.150).aspx
http://technet.microsoft.com/en-us/library/dn626155(v=exchg.150).aspx
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

OWA 2013 Expired Password Change - not working

We are in the process of moving mailboxes from our 2010 environment to our 2013 environment and are using the 2013 CAS as internet facing, for any mailboxes on 2010, requests are proxied through.
We have the registry DWORD ChangeExpiredPasswordEnabled set to 1 in HKLM\SYSTEM\CurrentControlSet\Services\MSExchange OWA but this isn't working.
It use to work perfectly well when we had the 2010 CAS server internet facing.
Is this still supported in Exchange 2013?

I opened up a case with Microsoft and we've done 2 things, not sure which has fixed it.
1) On the password policy for the domain, set the min password age as 0 days (previously set as 1)
2) On the CAS server, under IIS, Default Websit, OWA, Authentication and on Basic Authentication set the default domain to "\"
This has resolved the issue for us.
I had the 1st suggestion done and running for a few days and it still would not work. The 2nd one, however, was the one that worked for me. Instructions below.
1- Open IIS Manager on the CAS server.
2- Navigate to "<Server Name>\Sites\Default Web Site\owa". Double-click "Authentication". Select "Basic Authentication". Make sure it is enabled. Click "Edit" in the far-right pane. Enter "\" into the "Default domain" field. Leave "Realm" field blank.
Click "OK".
3- Navigate to "<Server Name>\Sites\Default Web Site\owa\auth". Double-click "Authentication". Select "Basic Authentication". Make sure it is enabled. Mine was disabled. Click "Edit" in the far-right pane. It should pick-up the "\" through the
hierarchy. Enter "\" into the "Default domain" field if it has not. Leave "Realm" field blank. Click "OK".
4- Navigate back up to "<Server Name>" under "Start Page" in the left pane. Click on the server name to select the server. Click on "Restart" in the far-right pane to restart the web server.

Error proxing from OWA 2013 to Mailboxes in 2010

We have a problem about the Exchange 2013 OWA accessing to a mailbox in Exchange 2010, if the mailbox is in 2013, the OWA works like a charm, but if I use another user mailbox that is residing in 2010, appears a screen shows me that something gone wrong,
but does not shows more details, I searched in the application viewer, Exchange management, system, the IIS log in CAS and Mailbox of 2013 and 2010 and there's nothing correlated to this issue.
The servers are Exchange 2010 Sp3 last CU, Exchange 2013 CU5, the schema and domain are in 2013 CU5.
This problem presented previously with Exchange 2013 SP1 (CU4), so I update the Exchange 2013 to CU5, but the problem remained, so I think that the issue is not in the Exchange
Only shows:
something went wrong
Sorry, we can't get that information right now. Please try again later. If the problem continues, contact your helpdesk.
X-FEServer: MAIL
Date: 8/8/2014 10:01:05 PM
Is there some thing that I can enable to try to get a detail or clue for this problem? because in any place there are not a error code or something else to dig
I saw another sites that describes a problem about the canary, but this is not the issue
I saw other about problems to open another user mailbox, so that neither apply to this situation
In the ADSIedit, I saw the info in the picture.
All the configuration and modifications are writen to CN=Exchange Administrative Group (FYD...), and the other I think that came from another previous update, I'm afraid if I delete that subtree can be worst for all the Exchange organization or may
be not. But I not sure if that can be the issue.
The CN=Primera Organizacion has not subfolders

Hi Brenle
I got the log for OWA, but it's not to clear to me, administrator user's mailbox is in Exchange 2013, but User001 is in Mailbox 2010, this is a piece of the part where I suppouse must be information:
2014-08-11T22:52:19.069Z,6e574ce5-17b8-4ba9-921e-abcbcf050166,15,0,913,7,,,,,,,,,,,,,IL02,,,,,,,,,,,,,,,,,,,,,,,,,,,,600028.7001,,,,,,,,,,,,,,,,,,,,S:ActivityStandardMetadata.Action=GlobalActivity;I32:ADS.C[SUPPR]=1;F:ADS.AL[SUPPR]=6.982,
2014-08-11T22:52:34.346Z,9233fcd2-a899-42b9-912b-83aac34803a0,15,0,913,7,,Owa,il02,/owa/prem/15.0.913.22/resources/themes/base/images/0/thinking16_grey.gif,,FBA,True,DOMAIN\Administrator,,Sid~S-1-5-21-436374069-117609710-682003330-5827,Mozilla/5.0 (Windows
NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,200,,GET,Proxy,il04.DOMAIN.com.mx,15.00.0913.000,IntraForest,WindowsIdentity,Database~b60e120a-ea6c-4e29-aa53-d656595064ed~~09/10/2014 22:50:55,,,0,2456,1,,1,1,,0,,0,,0,0,,0,20.0001,0,,,,13,1,0,0,0,0,17,1,15,4,5,6,19,,,BeginRequest=2014-08-11T22:52:34.326Z;CorrelationID=<empty>;ProxyState-Run=None;BeginGetResponse=2014-08-11T22:52:34.330Z;OnResponseReady=2014-08-11T22:52:34.342Z;EndGetResponse=2014-08-11T22:52:34.342Z;ProxyState-Complete=ProxyResponseData;EndRequest=2014-08-11T22:52:34.346Z;,
2014-08-11T22:52:34.436Z,7996816e-c79f-436f-aa2f-2741d1757c7b,15,0,913,7,,Owa,il02,/owa/service.svc,GetConversationItems,FBA,True,DOMAIN\Administrator,,Sid~S-1-5-21-436374069-117609710-682003330-5827,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0)
like Gecko,::1,IL02,200,200,,POST,Proxy,il04.DOMAIN.com.mx,15.00.0913.000,IntraForest,WindowsIdentity,Database~b60e120a-ea6c-4e29-aa53-d656595064ed~~09/10/2014 22:50:55,,,1140,2265,1,,2,0,,0,,0,,0,0,,0,110.7049,0,68,4,1,32,0,1,0,0,0,109,1,33,4,8,10,112,?action=GetConversationItems&UA=0&ID=-24&AC=1,,BeginRequest=2014-08-11T22:52:34.326Z;CorrelationID=f060d948-02cc-4468-b4af-09e4f0cd8a4b_140779755430123;ProxyState-Run=None;BeginGetRequestStream=2014-08-11T22:52:34.330Z;OnRequestStreamReady=2014-08-11T22:52:34.334Z;BeginGetResponse=2014-08-11T22:52:34.402Z;OnResponseReady=2014-08-11T22:52:34.421Z;EndGetResponse=2014-08-11T22:52:34.421Z;ProxyState-Complete=ProxyResponseData;EndRequest=2014-08-11T22:52:34.436Z;,
2014-08-11T22:52:36.736Z,f5173f4e-50a8-4f1a-9022-b2f67f0dfec5,15,0,913,7,,Owa,il02,/owa/service.svc/s/GetPersonaPhoto,,FBA,True,DOMAIN\Administrator,,Sid~S-1-5-21-436374069-117609710-682003330-5827,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like
Gecko,::1,IL02,200,200,,GET,Proxy,il04.DOMAIN.com.mx,15.00.0913.000,IntraForest,WindowsIdentity,Database~b60e120a-ea6c-4e29-aa53-d656595064ed~~09/10/2014 22:52:34,,,0,42,1,,1,1,,0,,0,,0,0,,0,27.9959,0,,,,20,0,0,1,0,0,24,0,22,3,3,4,25,?email=microsoftexchange329e71ec88ae4615bbc36ab6ce41109e%40promotur.com.mx&UA=0&size=HR96x96,,BeginRequest=2014-08-11T22:52:36.708Z;CorrelationID=<empty>;ProxyState-Run=None;BeginGetResponse=2014-08-11T22:52:36.712Z;OnResponseReady=2014-08-11T22:52:36.736Z;EndGetResponse=2014-08-11T22:52:36.736Z;ProxyState-Complete=ProxyResponseData;EndRequest=2014-08-11T22:52:36.736Z;,
2014-08-11T22:52:46.166Z,ee1f9a0f-41cc-401c-b151-1d59a0c3046b,15,0,913,7,,Owa,il02,/owa/service.svc,UpdateItem,FBA,True,DOMAIN\Administrator,,Sid~S-1-5-21-436374069-117609710-682003330-5827,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,200,,POST,Proxy,il04.DOMAIN.com.mx,15.00.0913.000,IntraForest,WindowsIdentity,Database~b60e120a-ea6c-4e29-aa53-d656595064ed~~09/10/2014
22:52:36,,,987,489,1,,1,0,,0,,0,,0,0,,0,45.8468,1,9,1,0,24,0,0,0,0,0,42,1,25,10,11,12,45,?action=UpdateItem&ID=-25&AC=1,,BeginRequest=2014-08-11T22:52:46.121Z;CorrelationID=f060d948-02cc-4468-b4af-09e4f0cd8a4b_140779756610624;ProxyState-Run=None;BeginGetRequestStream=2014-08-11T22:52:46.121Z;OnRequestStreamReady=2014-08-11T22:52:46.121Z;BeginGetResponse=2014-08-11T22:52:46.142Z;OnResponseReady=2014-08-11T22:52:46.166Z;EndGetResponse=2014-08-11T22:52:46.166Z;ProxyState-Complete=ProxyResponseData;EndRequest=2014-08-11T22:52:46.166Z;,
2014-08-11T22:52:46.294Z,9836d0f7-0ad5-464f-bb49-57be028225b4,15,0,913,7,,Owa,il02,/owa/service.svc,GetConversationItems,FBA,True,DOMAIN\Administrator,,Sid~S-1-5-21-436374069-117609710-682003330-5827,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0)
like Gecko,::1,IL02,200,200,,POST,Proxy,il04.DOMAIN.com.mx,15.00.0913.000,IntraForest,WindowsIdentity,Database~b60e120a-ea6c-4e29-aa53-d656595064ed~~09/10/2014 22:52:46,,,1152,973,1,,1,0,,0,,0,,0,0,,0,32.0006,0,14,1,1,12,0,0,0,0,1,32,0,13,4,5,6,33,?action=GetConversationItems&UA=0&ID=-26&AC=1,,BeginRequest=2014-08-11T22:52:46.262Z;CorrelationID=f060d948-02cc-4468-b4af-09e4f0cd8a4b_140779756624825;ProxyState-Run=None;BeginGetRequestStream=2014-08-11T22:52:46.266Z;OnRequestStreamReady=2014-08-11T22:52:46.266Z;BeginGetResponse=2014-08-11T22:52:46.282Z;OnResponseReady=2014-08-11T22:52:46.294Z;EndGetResponse=2014-08-11T22:52:46.294Z;ProxyState-Complete=ProxyResponseData;EndRequest=2014-08-11T22:52:46.294Z;,
2014-08-11T22:52:57.088Z,6b191c51-2018-4e99-8868-9569b88f3b43,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,302,,,GET,,,,,,,,,0,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.088Z;CorrelationID=<empty>;NoCookies=302
- GET/E14AuthPost;EndRequest=2014-08-11T22:52:57.088Z;,
2014-08-11T22:52:57.088Z,61107d43-98d7-4d34-93bf-e8c508393fb8,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/logon.aspx,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,1,,1,1,?url=https%3a%2f%2fil02.DOMAIN.com.mx%2fowa&reason=0,,BeginRequest=2014-08-11T22:52:57.088Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.088Z;,
2014-08-11T22:52:57.103Z,3d2df762-7fed-4cb8-8e34-240dd50d6248,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/logon.css,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.103Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.103Z;,
2014-08-11T22:52:57.103Z,af5e0edf-4e2e-4fe0-bd72-e184e1d58e14,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/scripts/premium/flogon.js,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.103Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.103Z;,
2014-08-11T22:52:57.150Z,d20e7cd3-a58e-4b87-9757-7a4f32c0e058,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/favicon.ico,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.150Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.150Z;,
2014-08-11T22:52:57.150Z,b28ae997-486d-494f-84bc-e15825a4af6a,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/logon.aspx,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,1,,1,1,?replaceCurrent=1&url=https%3a%2f%2fil02.DOMAIN.com.mx%2fowa,,BeginRequest=2014-08-11T22:52:57.150Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.150Z;,
2014-08-11T22:52:57.166Z,fc4786a5-e2ae-468d-bf76-2a4c40b2d5fc,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/olk_logo_white.png,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.166Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.166Z;,
2014-08-11T22:52:57.166Z,d325bece-df65-4096-82f5-f2ec6c508379,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/olk_logo_white_small.png,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.166Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.166Z;,
2014-08-11T22:52:57.166Z,9cd41aa1-f709-4300-b243-f2becdf0a3df,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/Sign_in_arrow.png,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.166Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.166Z;,
2014-08-11T22:52:57.166Z,7f85d4a2-2466-4ff8-807c-31242ff087ef,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/owa_text_blue.png,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,1,,1,1,,,BeginRequest=2014-08-11T22:52:57.166Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.166Z;,
2014-08-11T22:52:57.197Z,85fc6b08-eb36-4757-b701-80b349497c82,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/segoeui-regular.eot,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.197Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.197Z;,
2014-08-11T22:52:57.197Z,f7866efb-e63f-4eb9-bdff-39f6086a5796,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/bg_gradient_login.png,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.197Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.197Z;,
2014-08-11T22:52:57.197Z,1df7cef8-e913-44db-bef2-b351dedb4e71,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/15.0.913/themes/resources/segoeui-semilight.eot,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,0,,0,0,,,BeginRequest=2014-08-11T22:52:57.197Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:52:57.197Z;,
2014-08-11T22:53:05.761Z,af2a7460-04ea-43d4-8404-c685724a17a8,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth.owa,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,302,,,POST,,,,,,,,,160,,,,,,,,,,,,,,,78.2059,,,,,,,,,,,,,,78,,78,78,,,BeginRequest=2014-08-11T22:53:05.683Z;CorrelationID=<empty>;NoCookies=302
- GET/E14AuthPost;EndRequest=2014-08-11T22:53:05.761Z;,
2014-08-11T22:53:05.777Z,36821f0a-58d3-49da-88f8-05cf490ed5e6,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/logon.aspx,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,15.6374,,,,,,,,,,,,,,1,,1,1,?url=https%3a%2f%2fil02.DOMAIN.com.mx%2fowa&reason=2,,BeginRequest=2014-08-11T22:53:05.761Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:53:05.777Z;,
2014-08-11T22:53:05.808Z,4e8cfc0a-9ed5-4581-aa08-60af994627cd,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/logon.aspx,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,2,,2,2,?replaceCurrent=1&reason=2&url=https%3a%2f%2fil02.DOMAIN.com.mx%2fowa,,BeginRequest=2014-08-11T22:53:05.808Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:53:05.808Z;,
2014-08-11T22:53:13.113Z,9cbaf0da-01ff-44f0-99cd-78347ede5cd1,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth.owa,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,302,,,POST,,,,,,,,,163,,,,,,,,,,,,,,,78.2043,,,,,,,,,,,,,,75,,75,75,,,BeginRequest=2014-08-11T22:53:13.035Z;CorrelationID=<empty>;NoCookies=302
- GET/E14AuthPost;EndRequest=2014-08-11T22:53:13.113Z;,
2014-08-11T22:53:13.113Z,7d1e79be-5d2b-40d8-afc5-d07410419a49,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/logon.aspx,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,0,,,,,,,,,,,,,,1,,1,1,?url=https%3a%2f%2fil02.DOMAIN.com.mx%2fowa&reason=2,,BeginRequest=2014-08-11T22:53:13.113Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:53:13.113Z;,
2014-08-11T22:53:13.160Z,24f55f51-c937-4e68-b855-68761fffb578,15,0,913,7,,Owa,il02.DOMAIN.com.mx,/owa/auth/logon.aspx,,FBA,False,,,,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,::1,IL02,200,,,GET,,,,,,,,,0,,,,0,,,,,,,,,,,15.6377,,,,,,,,,,,,,,1,,1,1,?replaceCurrent=1&reason=2&url=https%3a%2f%2fil02.DOMAIN.com.mx%2fowa,,BeginRequest=2014-08-11T22:53:13.144Z;CorrelationID=<empty>;EndRequest=2014-08-11T22:53:13.144Z;,
The server name is: il02
Doc MX

Workflow approvals in OWA 2013 - App Error something went wrong

Hi,
We are testing an attribute workflow approval. When the approver reads the message in OWA 2013, expands 'action items' we see the following error...instead of the usual 'Approve' or 'Reject' buttons. This computer does not have Outlook, so we cannot deploy
the FIM add-ins and extensions...but I dont think they are required if we're just using OWA?
Thank you

Hello Shim!
As far as I know the action items in OWA cannot display "approve" or "reject" options witch sends an response to FIM Service account Mailbox. The options Microsoft offers is FIM portal, Outlook with add-ins.
/Robert

OWA 2013 Can't Update groups list

Home » Email
See moreRELATED
PROJECTS
Novell
to Microsoft Migration
In one corner: Novell 4.11, eDirectory, Groupwise, Oracle 8/8i, NT4 In the other: Windows Server 2000/2003, Active Directory Exchange 2000/2003, SQL Server 2000, XP Winner: Our users.
Total
Virtualization
I lead a project to virtualize all 12 of our current servers onto 2 physical hosts using VMware vCenter Server and setting up VM backups with Veeam.
Mimecast
Mail Filtering
Moving off of an antiquated Postini system to the new Mimecast platform.
1
Sonora
OWA 2013 Can't Update groups
Wrathyimp Feb
9, 2014 at 12:19 PM | MICROSOFT
EXCHANGE
Hi,
I am receiving the following error, while tring to update Distribution list from OWA 2013:
"The group can't be updated right now. Please try again later"
I have searched, but the discussion are mentioning the possibility of old Distribution List migrated from Old Exchange 2003. But I am still getting this error for newly created Distribution List also.
According to this technet discussion, its an bug, but its old like in August 2013, URL:
http://social.technet.microsoft.com/Forums/exchange/en-US/50937049-f919-4ce3-be21-24fdef2c7695/
http://social.technet.microsoft.com/Forums/exchange/en-US/cdd6f7ae-1b61-4d94-a57e-80c6711d09ce/ews-contactgroup-cant-edit-from-owa
So is it being fixed or is there any workaround to it.

I have Outlook 2007. Any Groups Created from Outlook is not editable, though I an create a new group (distribution list) on the OWA, which can be editable.
So What I feel is something with Outlook 2007.

Autodiscover exchange 2013 and 2007

hello,
i am in the process of setting up autodiscover properly for a coexistence environment of exchange 2007 and 2013.
currently, exchange 2007 has the active CAS server role. let's call it server1.contoso.com. Exchange 2013 is installed with the CAS and Mailbox role. let's call that server server2.contoso.com
Assuming all certificates have been installed, i assume that server2.contoso.com has to point to the autodiscover of server1.contoso.com until i have fully moved all mailboxes over to 2013 CAS, correct?
the powershell command i used to set autodiscover on server2 is as follows,
Set-ClientAccessServer -AutodiscoverServiceInternalUri https://server2.contoso.com/Autodiscover/Autodiscover.xml
it then asks for identity and i enter "server2.contoso.com".
Currently, when i type "get-clientaccess server | fl server,*uri I get the follow results,
AutoDiscoverServiceInternalUri : https://server1.contoso.com/autodiscover/autodiscover.xml
AutoDiscoverServiceInternalUri : https://server2.contoso.com/autodiscover/autodiscover.xml
Should they both be "AutoDiscoverServiceInternalUri : https://server1.contoso.com/autodiscover/autodiscover.xml" since server1 is the active CAS server?
Again, once everything has been migrate i will then change the CAS server to server2.contoso.com
Thanks!!

Apologies if I have confused everyone here.
we need 2 urls for Owa and EWS in 2007 and 2013. My this blog should help
http://msexchangeguru.com/2013/12/31/e20132007-urlsauth/
Undying: Answers are in line.
1. What I understand from the post marked as Answer is there is no need for legacy namespace for Exchange2007/Exchange2013 co-existence, meaning after the installation of Exchange 2013 in the environment there is no need to modify the virtual dirs on exchange
2007 side. Both 2013 and 2007 will be using the mail.domain.com namespace for all the services and once the virtual directories have been configured on the Exchange 2013 CAS it will redirect the request to Exchange2007 CAS for the Exchange2007 mailboxes. And
since there's no need for legacy namespace, it should also mean that there would be no need for any additional publishing rule in the reverse proxy (ISA/TMG), just modifying the current one (mail.domain.com) to point to the Exchange 2013 CAS should do the
trick. Am I correct?
Just to summarize, all the redirection from Exchange 2013 to Exchange 2007 will be done without the need of legacy namespace and without modifying any URls on the Exchange 2007 side.
PN Answer:
You need 2 urls for OWA and EWS.
legacy.domain.com and mail.domain.com
Also need
autodiscover.domain.com
Basically you need to change these urls on 2007 side to legacy.domain.com
This means you need to get this url added into the cert.
On TMG side direct all the traffic to 2013 and it will redirect to 2007.
you would need a new public host record for the legacy url.
2. If all that is indeed correct then why the Technet article still make it sound like that the legacy host name is mandatory? http://technet.microsoft.com/en-us/library/jj898582(v=exchg.150).aspx
(Step 7)
PN Answer: Yes we need legacy url
Regards, Prabhat Nigam XHG and AD Architect and DR Expert Website: msexchangeguru.com VBC: https://www.mcpvirtualbusinesscard.com/VBCServer/wizkid/card

Exchange 2013 and 2007 - Coexistence and ActiveSync

Good morning all,
We're currently in the process of migrating our Exchange server from 2007 to 2013, and am experiencing a few problems. At the moment, OWA redirection works fine, but ActiveSync does not. At the moment the 2013 Server isn't public facing, it's internal until
all testing is complete. However despite being on the LAN, when an iPhone is configured to target the 2013 server, it isn't proxying to the 2007 CAS, but instead provides a vague error of being Unable to Verify account information. No mail is retrieved.
Has there been a step I've missed to allow this to work seamlessly?

Generally, both the internal and external Exchange 2007 ActiveSync URL should be pointing to the legacy namespace - legacy.yourdomain.com. If you've set correctly the internal name resolution (resolving the legacy namespace to the internal Exchange 2007
IP address), ActiveSync should be working fine.
Have you tried Android phones as well?
Alternatively, you can set the Exchange 2007 ActiveSync External and Internal URL to $NULL, forcing Exchange 2013 CAS to proxy all requests to the Exchange 2007 CAS. This way devices are not affected by a redirect.

Cannot access another users mailbox via OWA 2013

Hello
I have just migrated a few users from Exchange 2010 to Exchange 2013.
If I try and access their mailboxes via OWA 2013 using "open another users mailbox" I receive the following error:
something went wrong
Sorry, we can't get that information right now. Please try again later. If the problem continues, contact your helpdesk.
X-OWA-Error: SDServerErr;Microsoft.Exchange.Data.Storage.AccessDeniedException
X-OWA-Version: 15.0.995.28
X-FEServer: EX2013
X-BEServer: EX2013.company.local
Date: 07/11/2014 11:23:46I can still access any mailbox on a 2010 server via the same method.
Can anyone assist in resolving this issue please?
Matt

Hi Amy,
Yes Inheritance is enabled.
Just to clarify this is affecting ALL mailboxes once moved to Exchange 2013, not specific users.
There are multiple 2013 databases all with mailboxes on. Each databases is displaying the same behaviour.
Here are the permissions I have checked so far:
ADSI Edit: CN=Databases,CN=Exchange Administrative Group (<>),CN=Administrative Groups,CN=Company
,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=domain,DC=localnet
The AD group has inherited Full Control on all of the database objects.
EAC: The AD group has full control on every migrated mailbox
EMS: The AD group has the following permissions on all mailbox databases:
Identity User IsInherited Deny AccessRights
MDB01 Company\AD Group True False {GenericAll}
I have removed permissions for the group and re-added them, this has made no difference.
The only way I can access any of the migrated mailboxes is to explicitly grant my account "Full Access" via the Add-MailboxPermission command.
Regards
Matt

Certificate configuring for exchange 2013 and office 365 hybrid deployment

Please advise on what digital certificate requirements for hybrid deployment and to configure it.

Hi sphilip,
If you want to deploy AD FS with Single Sign-On(SSO), we need use certificate to establish secure trust between on-premises Exchange 2013 and Office online.
We can use and configure a trusted third-part CA within all on-premises Exchange 2013 Mailbox and Client Access servers to ensure secure mail transport, more details about
Office 365 Hybrid Configuration Certificate Planning, for your reference:
http://blogs.technet.com/b/neiljohn/archive/2011/08/25/office-365-hybrid-configuration-certificate-planning-adfs-exchange-web-services-owa-oa.aspx
Best Regards,
Allen Wang

Certificate errors with Exchange 2013 and Outlook 2013

Hello, I wonder if someone could help.
I've recently set up a network with one Windows 2012 domain controller and one windows 2012 server running Exchange 2013.
Clients run Outlook 2013 and are all one the same Lan. Outlook's setup wizard finds the exchange server automatically and sets up the profile. However if I choose the manual setup and enter the server
name and user name it does not find the server.
When I check the server name in Outlook it shows as
[email protected] rather than the real name of the server: AYCEX01.AYC.local.
When Outlook is opened there is a certificate error saying "The name on the security certificate is invalid or does not match the name of the site." and another error saying "There is
a problem with the server's security certificate. The name on the security certificate is invalid or does not match the name of the target site mail.ardfernyacht.co.uk. Outlook is unable to connect to the proxy server. (Error code 10)
The external address by which users connect to OWA and active sych is mail.ardfernyacht.co.uk. The
certificate which is used is one automatically generated by Exchange.
Any suggestions you may have would be appreciated.
Many thanks,
Ruaridh
Ruaridh Mackintosh

Self sign cert wont work With autodiscover.For that you need 3rd part or from Your own CA.
Please follow this guide to install CA in Your domain:
http://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/
Please follow this guide to request New cert in Exchange 2013:
http://exchangeserverpro.com/create-ssl-certificate-request-exchange-2013/
Your cert must contain external hostname of Your mail.domain.com
Also configure Your Virtual directories to contain internal and external hostname:
http://blogs.msdn.com/b/mvpawardprogram/archive/2013/03/18/virtual-directories-exchange-2013.aspx
Regarding servername when using autodiscover,it should automatically resolve mailbox guid instead of servername.
Please check if Your DNS is setup With autodiscover.domain.local (which is pointed to Your Exchange server)
Hope this helps!
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

OWA 2013 and Timeout

Similar Messages

Maybe you are looking for