Hello,

I'm trying to SingleSignOn to OWA 2013 using NetScaler AAA. Everything seems to be working fine, however I get the 2010 version of OWA. If I connect to the exchange server directly I get the 2013 version.

From what I can tell, this happens because I get the light version of owa, right?

I have read many articles that state that I have to specify a combination of the variables "flags" and "trusted".

Although I tried "flags=0&trusted=0" and "flags=4&trusted=4" I haven't got it to work.

One last thing, when I check the version of the OWA using ECP and Powershell I get that it is 2010.

This is a clean installation of Exchange 2013 on a brand new domain with just one server. The version of the server is 15 build 516.32 and it's running on Windows Server 2012 R2.

Thanks in advance,

Chris

Hi,

According to your description, I understand that the version of OWA is 2010 after deploy Single Sign-On by NetScaler AAA, however the version of Exchange is 2013.
If I misunderstand your concern, please do not hesitate to let me know.

Do you have install Exchange server within a coexistence environment? Details about Client Connectivity in an Exchange 2013 Coexistence Environment, for your reference:
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx

If not, what the function of Single Sign-on? Is it used for supporting single sign on between Outlook Web App and Exchange Control Panel?
You can enable forms-based authentication both in Outlook Web App and Exchange Control Panel virtual directories to achieve this goal.

Please try to run below command or Register to double check the version of Exchange:
Get-ExchangeServer | Format-List

Thanks

Hello Allen,

Yes, that is correct. I should clarify though that I get the 2010 version when I'm connecting using SSO. If I open OWA on the server directly I get the 2013 version.

No, this is a brand new environment in my lab built from scratch on Windows 2012 R2 and I have only one Exchange 2013 server that is the first exchange server installed. I have already enabled Forms Based Authentication on both virtual directories.

I want to use SSO because I want the authentication done on the NetScaler using the existing authentication policies (MFA, and policies based on Client IPs and AD group membership).

Get-ExchangeServer | fl

ExchangeVersion: 0.1 (8.0.535.0)
AdminDisplayVersion: Version 15.0 (Build 516.32)

Get-OWAVirtualDirectory | fl

OWAVersion: Exchange2010
ExchangeVersion: 0.10 (14.0.100.0)

As you can see I haven't applied any CU updates to the server. This is on purpose because I want to test with this version first and then with the latest. Since I can't get it to work I think I'll create a checkpoint 

Hello Allen,

Yes, that is correct. I should clarify though that I get the 2010 version when I'm connecting using SSO. If I open OWA on the server directly I get the 2013 version.

No, this is a brand new environment in my lab built from scratch on Windows 2012 R2 and I have only one Exchange 2013 server that is the first exchange server installed. I have already enabled Forms Based Authentication on both virtual directories.

I want to use SSO because I want the authentication done on the NetScaler using the existing authentication policies (MFA, and policies based on Client IPs and AD group membership).

Get-ExchangeServer | fl

ExchangeVersion: 0.1 (8.0.535.0)
AdminDisplayVersion: Version 15.0 (Build 516.32)

Get-OWAVirtualDirectory | fl

OWAVersion: Exchange2010
ExchangeVersion: 0.10 (14.0.100.0)

As you can see I haven't applied any CU updates to the server. This is on purpose because I want to test with this version first and then with the latest. Since I can't get it to work I think I'll create a checkpoint 

I would suggest not doing any testing RTM.  Especially since they are 8 CU's into the product and anything older than 2 CUs technically isn't even supported.  Also, you mentioned that you installed Exchange on a Windows Server 2012 R2 box and support for that wasn't introduced until SP1.

That being said, I think you have to be atleast on CU2 for this to have a chance of working the way you want it to.

http://blogs.technet.com/b/rmilne/archive/2013/07/09/exchange-2013-rtm-cu2-released.aspx

I would recommend doing your testing with a higher CU supported CU. 

Hello,

Upgrading to SP1 seems to have fixed the problem.

I'll do some more testing before updating to CU8 and then some more.

Thanks,

Chris