Hi, Quick background We have an existing Exchange 2007 environment and are migrating to 2010. The new Exchange 2010 infrastructure has been stood up and we are already using 2010 Edge servers (running TMG) and I'm currently in the testing phase TMG has 3 rules for our legacy environment (OWA/Outlook Anywhere/Active Sync) and another 3 rules for our new 2010 environment (OWA/Outlook Anywhere/Active Sync) There are 3 Mailbox servers at two sites. We have 2010 CAS arrays at both sites. There are active users at both sites so I set up two DAGs (Active/Passive local and Passive copy at other site). The aim is to have everyone connecting to Site1 (has 80% of users) and if you are in Site2 to use a silent redirect. Testing From Internal network: Site 1 - Created a test mailbox in Site1 then logged in fine with OWA and Outlook. Site 2 - Created a second test mailbox in Site2 and can log in via Outlook but not OWA OWA gives me an error 'A server configuration change is temporarily preventing access to your account. Please close all Web browser windows and try again in a few minutes. If the problem continues, contact your helpdesk.' From External network Site 1 - OWA works. Outlook does not work. (I need to do more testing on Outlook Anywhere as have not managed to get this working yet) Site 2 - OWA does not work. Same error as on Internal network. Outlook does not work (see comment above) I can connect via OWA (internal and external network) to mailbox on 2007 environment I think there are 2 main issues here #1 OWA does not work for the mailbox in Site2 #2 My Outlook Anywhere is not working. I think I need to check my Autodiscover ? I think our OWA rule for 2007 is intercepting the request and trying to process. I know there is a lot of info here and I have probably not included enough info but any pointers are gratefully received. Thanks

Hello, For the OWA issue, please check the IIS log and let us know the detailed error codes. For the Outlook Anywhere issue, you can run a Remote connectivity Analyzer first. Thanks, Simon

Hello, For the OWA issue, please check the IIS log and let us know the detailed error codes. For the Outlook Anywhere issue, you can run a Remote connectivity Analyzer first. Thanks, Simon

Hi , For the Outlook issue you need to validated from below URL - CAS Array configuration.<o:p></o:p> How to setup an Exchange 2010 CAS Array to load balance MAPI ClientAccessArray Thanks vino

Some missing info: 2007 URL for East coast users: https://eastcoastmail.company.com/owa (2010 Edge server east coast) 2007 URL for West coast users: https://westcoastmail.company.com/owa (2010 Edge server west coast) 2010 URL for all users: https://email.company.com/owa (2010 Edge server east coast) Both sites are Internet facing After some more OWA testing here are the results: - 2007 user based east coast logs into https://email.company.com/owa and gets redirected to https://eastcoastmail.company.com/owa. After this 2nd login they get in - 2007 users based in west coast logs into https://email.company.com/owa and gets redirected to https://westcoastmail.company.com/owa. After this 2nd login they get in - 2010 user based east coast logs into https://email.company.com/owa and gets straight in - 2010 user based west coast logs into https://email.company.com/owa and gets error: 'A server configuration change is temporarily preventing access to your account' I will look at Outlook Anywhere in a bit but would love to get OWA fully working first. It seems that Exchange 2010 server east coast does not know how to direct OWA if the user is based west coast. I checked the Publish OWA 2010 rule on the TMG server and I see my west coast user hitting the Edge server and there are no errors so it seems that Exchange 2010 is having problems with the redirect ? This article talks about what I am trying to achieve but am a bit confused about removing the external URL: 2010 OWA with multiple AD sites Thanks UPDATE: I managed to get OWA working for the 2010 user based west coast who is logging in via https://email.company.com/owa I had to change the Windows authentication on the west coast HUB/CAS servers to Integrated and also removed the external URL (which was set to https://email.company.com/owa) I don't think this type of configuration will be good for site failover ?