Hey Team

I am working on  the following:

1) ExCAS2013 >> EXCas2010>> ExCas 2007.

External URLs are pointed to 2013, 2010. 2007 all in the same site work coprreclty for OWA. If a 2007 user logs onto the site, via the 2013 cas urls, and his mailbox is on 2007 it redirects fine.

If a 2007 users logs onto the same site but his mailbox is in the non-internet connected site (different ad site) and on Exchange 2007 it fails te proxy step with this error:

Outlook Web Access is not available. If the problem continues, contact technical
support for your organization and tell them the following: There is no Microsoft
Exchange Client Access server that has the necessary configuration in the Active
Directory site where the mailbox is stored.

The 2007 server in question is MBX/CAS/HUB. No Clusters. (in this site).  I know the above error is some auth issue but I just cant quite nail it.

Any ideas?

Thanks,

R

There is a somehow similar scenario to yours described here, although you have a non-Internet facing site containing the Exchange 2007 server with the co-located roles. In the article it's stated that "CAS2013 will initiate a single sign-on silent redirect (assumes FBA is enabled on source and target) to legacy.contoso.com. CAS2007 will then facilitate the request and retrieve the necessary data from the Exchange 2007 Mailbox server."

I admit I don't quite get it how Forms Based Authentication comes into play in the setup, but it's worth toggling it on, provided it's not already enabled.

Hi Robert

In coexistence with exchange 2013 and legacy version the request happens in 2 types.

For Exchange 2010 Exchange 2013 does a Proxy for owa and ews requests for users in exchange 2010.

For Exchange 2007 Exchange 2013 does redirection for owa and ews requests for users in Exchange 2007.

 

When a user with an Exchange 2007 mailbox logins externally from OWA the requests goes to Exchange 2013. Now the Exchange 2013 needs this connection to be redirected to exchange2007 server.

 

In Order to do this Exchange 2013 requires a dedicated external host name configured on exchange

2007 servers for the required services accessed from externally. So the external and internal hostnames of the Exchange 2007 server need to be different from the hostnames of the Exchange 2013 server and need to be pointed to the Exchange 2007 server.

 

First all the services URLs needs to be pointed to Exchange 2013 CAS server from exchange2007.Exchange 2013 CAS server will redirect the connections to Exchange 2007 server.

Legacy Names:

Configure following Legacy host names for the below services in exchange 2007

 

OwaVirtualDirectory Create https://ExternalLegacyHostName/owa

WebServicesVirtualDirectory Create https://ExternalLegacyHostName/EWS/Exchange.asmx

UMVirtualDirectory Create https://ExternalLegacyHostName/UnifiedMessaging/Service.asmx

OABVirtualDirectory Create  https://ExternalLegacyHostName/OAB

ActiveSyncVirtualDirectory Create  https://InternalLegacyHostName/Microsoft-Server-ActiveSync

Create new NAT rule on firewall for Legacy.domain.com to Exchange 2007 CAS. You can do this as well.By doing this users will be able to log on directly using the URL https://legacy.domain.com/owa with a mailbox on Exchange 2007.

If you have redirection configured in IIS on the Exchange 2007 Server Make sure that the above

Virtual Directories doesnt have it configured

Just saw that Ross's article actually contains your exact scenario - see the Note under Outlook Web App for the 2nd scenario:

Note: Lets assume that Site3 contains Exchange 2007 servers as well. In this scenario, CAS2013 in Site1 will authenticate the user, do a service discovery, and determine that the mailbox version is 2007 and the mailbox is located in Site3. CAS2013 will issue a single sign-on silent redirect to legacy.contoso.com. CAS2007 in Site1 will authenticate the user and proxy the request to the Exchange 2007 Client Access server infrastructure in Site3.

• Proposed as answer by Edward van BiljonMicrosoft community contributor 15 hours 55 minutes ago

Ok. So here is where i am at: 

1) SITE-A

EX2K13,E2010,E2007. 

The above site is for 2013/2010 is configured with e2k13 having the int/ext URLs. E2010 is proxied to by 2013. This is expected. (mail.domain.com) is used for E2013,

Exchange 2007 - Has its legacy URLs configured. Legacy.domain.com

2) SITE-B

Exchange 20013,2010, 2007. Configured same as above but with mail2.domain.com for E2013, and again 2010 is a proxy target. 

Exchange 2007 in this site as all URLs removed and is a completely non-internet connected. based on my understanding and the excellent article from Ross. the Connectivity should go like this: 

1) User connects to mail.domain.com

2) User submits credentials for a mailbox for exchange 2007

3) E2013 looks up the users account, says "hmm, mailbox is on non internet connected site" and Exchange 2007

4) E2013 redirects to CAS2007, in the same site where E2013 sits

5) CAS2007 then tries to proxy to the non internet connected site. 

Then it fails. For testing i have done the following, logged on to the non-internet connected server, and tested with https://localhost/owa, the account worked as expected. I also tried hitting the legacy.domain.com URL directly and it failed so this is a CAS to CAS issue from 2007 to 2007. 

All 2007 servers are multi-role. 

Robert 

So i reinstalled my RU15 update, for 2007 no change, i also noticed that it was using the wrong domain controllers so i set those statically.  I think in this case I might just have to use another legacy namespace for this process. I still don't understand why i am getting this error: 

Outlook Web Access is not available. If the problem continues, contact technical support for your organization and tell them the following: There is no Microsoft Exchange Client Access server that has the necessary configuration in the Active Directory site where the mailbox is stored. 

The error seems to be one of those try 25 things and it might work so thats no fun. 

Just saw that Ross's article actually contains your exact scenario - see the Note under Outlook Web App for the 2nd scenario:

Note: Lets assume that Site3 contains Exchange 2007 servers as well. In this scenario, CAS2013 in Site1 will authenticate the user, do a service discovery, and determine that the mailbox version is 2007 and the mailbox is located in Site3. CAS2013 will issue a single sign-on silent redirect to legacy.contoso.com. CAS2007 in Site1 will authenticate the user and proxy the request to the Exchange 2007 Client Access server infrastructure in Site3.

• Proposed as answer by Edward van BiljonMicrosoft community contributor Sunday, July 12, 2015 3:33 PM

So i got it fixed. I set the Internal URL value to https://servername.contoso.local/owa and set the auth type to Integrated and Basic. This seems to have resolved the problem.

The thing is yesterday i had the same settings but it still didnt work. It must have been my reinstalling RU15 (Today) that was a contributing factor to the solution. 

Robert 

Hi Robert,

Glad that it worked.

Generally, if the Exchange 2007 Mailbox server is in a different Active Directory site, CAS 2013 determines whether the ExternalURL property is set in that Active Directory site. If the ExternalURL property is not present, and the authentication method on the /OWA virtual directory is set to Integrated Windows authentication, CAS 2013 will proxy the user's request to the Client Access server that's specified by the InternalURL property.

Therefore, please make sure the non-internet facing Exchange server has been set with the OWA internalURL property and the Integrated Windows authentication is enabled for OWA authentication.

Regards,