Now suppose I want to go back to a plain vanilla OWA internally for test purposes. How do I do that. I have multiple interpretations of the settings required on the virtual directories, but do I have to do something in set-organizationconfig?
The SANs are all there:
CertificateDomains : {owa.mydomain.com,
www.owa.mydomain.com, autodiscover.mydomain.com, edge.mydomain.com,
enterpriseregistration.mydomain.com, mydomain.com, sip.mydomain.com, mail.mydomain.com,
fs.mydomain.com, adfs.mydomain.com}
Thumbprint : 5169E1D598829E6B74315F27F5F7A4543C78DC17
This is the certificate that is bound to the default website.
get-owavirtualdirectory returns
InternalUrl :
https://owa.mydomain.com/owa
ExternalUrl :
https://owa.mydomain.com/owa
Can someone point me to where to look to get them working again?
I get the ADFS login screen and then "something went wrong"
https://owa.mydomain.com/owa/auth/errorfe.aspx?msg=WrongAudienceUriOrBadSigningCert
How as this deployed? Are all of the support requirements on this page met?
https://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx
It was working until I applied CU8 (it was on CU7)
OK done that and they are all there as far as I can tell...
recycled my app pools, reset IIS, restarted the servers
Still the same. I get to the ADFS login screen but no further.
ActiveSync is working fine (passthrough in WAP)
Now suppose I want to go back to a plain vanilla OWA internally for test purposes. How do I do that. I have multiple interpretations of the settings required on the virtual directories, but do I have to do something in set-organizationconfig?
Was there ever a resolution to this? The thread seems to have died without an Answer.
I'm having the same problem.
If Exchange 2013 OWA/ECP virtual directories are set to "-AdfsAuthentication $true" and all other methods $false, per ADFS requirements, we get the error explained above.
If we revert to "-AdfsAuthentication $false" and Basic/fba $true, then we have no issues authenticating to ADFS via WAP from outside the network, passing through to OWA, authenticating to that, and opening the mailbox.
All certificate thumbprints and URLs assigned have been validated.