Hi,

Migrating over to Exchange 2013 from 2010. The 2013 box is in a different AD site to the 2010 box. We are using Web Application Proxy (WAP) with ADFS to publish OWA using non-claims aware relaying party trust (currently working for 2010 OWA). The WAP and ADFS servers are in the 2010 AD site.

ActiveSync, and Autodiscover are working both internally and externally. OWA and OA work fine internally. 2013 users OWA and OA work fine externally. When a 2010 user logs into OWA externally we get an 'Error has occurred' message page from the ADFS server. 

I've removed the ExternalUrl from the 2010 OWA and ECP virtual directory. Authentication is set (same as 2013) to Integrated Windows. 

In the IIS logs on the 2013 box I can see the OWA requests are being received:

2015-04-08 11:16:16 10.3.12.69 GET /owa &CorrelationID=<empty>;&ClientId=FBAQHKEADPZQUZQ&cafeReqId=04aaa656-f930-449b-9055-01e750a3b8a9; 443 2010User@domain.local 10.1.8.118 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko https://fs.domain.com/adfs/ls?version=1.0&action=signin&realm=urn%3AAppProxy%3Acom&appRealm=33862507-17b3-e411-80da-005056bb775c&returnUrl=https%3A%2F%2Fwebmail.domain.com%2Fowa&client-request-id=26AA0452-7194-0002-BC78-AA269471D001 302 0 0 62

Yet on the 2010 IIS logs I can't see any entries. My understanding is that 2013 will just proxy OWA requests through to 2010 without any further configuration. I've set virtual directory authentication etc as per the Exchange deployment assistance guidance.

There isn't much out there about coexistence with WAP and ADFS. Any help appreciated.

Hello.

I have not seen a single document on the Microsoft site where talking shops to support WAP Windows 2012 in mode coexistence Exchange Organization in 2010 and 2013. Recommend to think about an alternative proxy server.

Really? A Microsoft product does not support another Microsoft product??

WAP works fine on 2010 OWA with exactly the same authentication. The user is authenticating through WAP then being passed to 2013, surely WAP should not be stopping 2013 from proxying back to 2010?

Okay. We assume that the WAP theoretically supports the coexistence of Exchange 2010 and 2013. (I have not seen any referring of this in the documentation Using Application Proxy to Provide Access to SharePoint Server and Exchange Server)
Then I again checked the settings and pass requests on the basis of an example.
Client Connectivity in an Exchange 2013 Coexistence Environment

Maybe you can help this is commandlet for WAP Server:

Get-WebApplicationProxyApplication -name "appname" | Set-WebApplicationProxyApplication -DisableTranslateUrlInRequestHeaders -DisableTranslateUrlInResponseHeaders

If you have Split Name

While there is a split-DNS (.com external and .local internal), all the Exchange URL's (Internal/External) are set to the same which is 'webmail.domain.com'. There's an additional DNS zone setup internally so all .com requests map.

After a call to MS support, apparently while 2010 is supported with WAP, 2013 co-existance with 2010 is not.