We have Exchange 2010 SP3 with CU4 and Exchange 2013 CU8.
We switched the CAS from 2010 to 2013.
Most users can succesfull connect to OWA and Outlook.
Unfortunately some users get on OWA > http error 400 the size of the request headers is too long
And when they start Outlook > server is not available

I found this post > http://smtp4it.net/2013/12/05/exchange-2013-to-2007-outlook-anywhere-proxy-issue/ and some other technet artciles but they all mention Exchange 2003 or 2007.
Also I read 1000+ groups we not have nearly that amount of groups.

When i switch CAS back to 2010 user can succesfully open OWA.

In exchange 2013 server in httper folder/log i see

2015-06-03 08:30:08 10.212.119.31 31657 10.212.119.31 444 HTTP/1.1 RPC_IN_DATA /rpc/rpcproxy.dll?server1.contoso.com:6001 400 2 BadRequest MSExchangeRpcProxyAppPool

Please any guidance

• Edited by dirkverhagen123 22 hours 33 minutes ago

Hi 

Have you Configured service connection point,Changed SCP of Exchange 2010 CAS VIP to Exchange 2013 CAS VIP.
Configure DNS records for the new Exchange 2013.
Your DNS entries should be pointed to Exchange 2013 CAS from Exchange 2010 CAS.

Basically your clients will look for any srv or autodiscover records in DNS when connecting to Exchange 2013 CAS.

Also please recycle the MSExchangeAutodiscoverAppPool and MSExchangeRpcProxyAppPool within the IIS Application Pool on the 2013 CAS server and see the results.

Yes, SCP on server objects all point to autodiscover.contoso.com
DNS for webmail and autodiscover points to CAS 2013
Changed DNS to 1 of the 10 CAS2013 servers all gave http 400.
Restart application pool , no success problem exists.

Hi 

Note:  To allow your Exchange 2013 Client Access server to redirect connections to your Exchange 2010servers, 

you must enable and configure Outlook anywhere on all of the Exchange 2010 servers.

You can probably run Get-Outlookanywhere on both Exchange 2010 and 2013 and see all the 
internal and external urls assigned and configured accordingly.

Also check your certificate bindings on exchange are in correct order 

You also need to look at whether that Exchange back end web site certificate bindings is on port 444 . That should be the way it should be assigned

Hi,

Outlook-Anywhere is configured on all Exchange 2010 servers.
Certificate bindings are in correct order

Get-VirDirInfo.ps1

General Client Access Server Information

Server Exchange Version Roles Edition 
contoso-EXC03 Microsoft Exchange Server 2010 SP3 ClientAccess, HubTransport Enterprise 
contoso-EXC04 Microsoft Exchange Server 2010 SP3 ClientAccess, HubTransport Enterprise 
contoso-EXC05 Microsoft Exchange Server 2010 SP3 ClientAccess, HubTransport Enterprise 
contoso-EXC21 Microsoft Exchange Server 2010 SP3 Mailbox, ClientAccess StandardEvaluation 
contoso-EXC22 Microsoft Exchange Server 2010 SP3 Mailbox, ClientAccess StandardEvaluation 
contoso-EXC23 Microsoft Exchange Server 2010 SP3 Mailbox, ClientAccess StandardEvaluation 
contoso-EXC24 Microsoft Exchange Server 2010 SP3 Mailbox, ClientAccess StandardEvaluation 
contoso-EXC25 Microsoft Exchange Server 2010 SP3 Mailbox, ClientAccess StandardEvaluation 
contoso-EXC26 Microsoft Exchange Server 2010 SP3 Mailbox, ClientAccess StandardEvaluation 



Autodiscover

Server Internal Uri InternalURL ExternalUrl Auth. (Int.) Auth. (Ext.) Site Scope Last modified on: 
contoso-EXC03 https://contoso-exc03.contoso.int/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity Basic Ntlm WindowsIntegrated WSSecurity Default-First-Site-Name 11/04/2013 10:34:53 
contoso-EXC04 https://contoso-exc04.contoso.int/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity Basic Ntlm WindowsIntegrated WSSecurity Default-First-Site-Name 11/04/2013 10:34:53 
contoso-EXC05 https://contoso-exc05.contoso.int/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity Basic Ntlm WindowsIntegrated WSSecurity Default-First-Site-Name 11/04/2013 10:34:53 
contoso-EXC21 https://autodiscover.contoso.com/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth Default-First-Site-Name 04/13/2015 11:29:28 
contoso-EXC22 https://autodiscover.contoso.com/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth Default-First-Site-Name 04/13/2015 12:56:41 
contoso-EXC23 https://autodiscover.contoso.com/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth Default-First-Site-Name 04/13/2015 14:02:33 
contoso-EXC24 https://autodiscover.contoso.com/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth Default-First-Site-Name 04/13/2015 15:15:48 
contoso-EXC25 https://autodiscover.contoso.com/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth Default-First-Site-Name 04/13/2015 16:43:44 
contoso-EXC26 https://autodiscover.contoso.com/autodiscover/autodiscover.xml   Basic Ntlm WindowsIntegrated WSSecurity OAuth Basic Ntlm WindowsIntegrated WSSecurity OAuth Default-First-Site-Name 04/13/2015 16:25:45 



Outlook Web App (OWA):

Server Name InternalURL ExternalUrl Int. Auth. Last modified on: 
contoso-EXC03 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 11/04/2013 10:34:54 
contoso-EXC04 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 11/04/2013 10:34:54 
contoso-EXC05 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 11/04/2013 10:34:54 
contoso-EXC21 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 04/13/2015 16:56:06 
contoso-EXC22 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 04/13/2015 17:02:56 
contoso-EXC23 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 04/13/2015 17:04:04 
contoso-EXC24 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 04/13/2015 17:05:16 
contoso-EXC25 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 04/13/2015 17:08:01 
contoso-EXC26 owa (Default Web Site) https://webmail.contoso.com/owa https://webmail.contoso.com/owa Ntlm WindowsIntegrated 04/13/2015 17:06:58 



Exchange Control Panel (ECP):

Server Name InternalURL ExternalUrl Int. Auth. Last modified on: 
contoso-EXC03 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 11/04/2013 10:34:53 
contoso-EXC04 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 11/04/2013 10:34:53 
contoso-EXC05 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 11/04/2013 10:34:53 
contoso-EXC21 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 04/13/2015 16:56:52 
contoso-EXC22 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 04/13/2015 17:18:40 
contoso-EXC23 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 04/13/2015 17:19:52 
contoso-EXC24 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 04/13/2015 17:20:55 
contoso-EXC25 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 04/13/2015 17:24:17 
contoso-EXC26 ecp (Default Web Site) https://webmail.contoso.com/ecp https://webmail.contoso.com/ecp Ntlm WindowsIntegrated 04/13/2015 17:23:09 



Outlook Anywhere:

Server Internal Hostname External Hostname Auth.(Int.) Auth. (Ext.) Auth. IIS Last modified on: 
contoso-EXC03  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:34:55 
contoso-EXC04  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:34:55 
contoso-EXC05  webmail.contoso.com Ntlm Ntlm Ntlm 11/04/2013 10:34:55 
contoso-EXC21 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:37:57 
contoso-EXC22 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:38:54 
contoso-EXC23 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:39:17 
contoso-EXC24 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:39:41 
contoso-EXC25 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:40:09 
contoso-EXC26 webmail.contoso.com webmail.contoso.com Ntlm Ntlm Basic Ntlm Negotiate 04/13/2015 17:40:32 



MAPI/HTTP:

Server Internal URL External URL Auth.(Int.) Auth. (Ext.) Auth. IIS Last modified on: 
contoso-EXC03 Server isn't running Exchange 2013 SP1 or later. 
contoso-EXC04 Server isn't running Exchange 2013 SP1 or later. 
contoso-EXC05 Server isn't running Exchange 2013 SP1 or later. 
contoso-EXC21 https://contoso-exc21.contoso.int/mapi  Ntlm OAuth Negotiate Ntlm OAuth Negotiate Ntlm OAuth Negotiate 04/13/2015 11:30:19 
contoso-EXC22 https://contoso-exc22.contoso.int/mapi  Ntlm OAuth Negotiate Ntlm OAuth Negotiate Ntlm OAuth Negotiate 04/13/2015 12:57:29 
contoso-EXC23 https://contoso-exc23.contoso.int/mapi  Ntlm OAuth Negotiate Ntlm OAuth Negotiate Ntlm OAuth Negotiate 04/13/2015 14:03:12 
contoso-EXC24 https://contoso-exc24.contoso.int/mapi  Ntlm OAuth Negotiate Ntlm OAuth Negotiate Ntlm OAuth Negotiate 04/13/2015 15:16:42 
contoso-EXC25 https://contoso-exc25.contoso.int/mapi  Ntlm OAuth Negotiate Ntlm OAuth Negotiate Ntlm OAuth Negotiate 04/13/2015 16:44:22 
contoso-EXC26 https://contoso-exc26.contoso.int/mapi  Ntlm OAuth Negotiate Ntlm OAuth Negotiate Ntlm OAuth Negotiate 04/13/2015 16:26:17 



Offline Address Book (OAB):

Server OABs Internal URL External Url Auth.(Int.) Auth. (Ext.) Last modified on: 
contoso-EXC03 \Default Offline Address Book https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated WindowsIntegrated 11/04/2013 10:34:53 
contoso-EXC04 \Default Offline Address Book https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated WindowsIntegrated 11/04/2013 10:34:53 
contoso-EXC05 \Default Offline Address Book https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated WindowsIntegrated 11/04/2013 10:34:53 
contoso-EXC21 \Default Offline Address Book (Ex2013) https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated OAuth WindowsIntegrated OAuth 04/13/2015 17:08:49 
contoso-EXC22  https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated OAuth WindowsIntegrated OAuth 04/13/2015 17:08:49 
contoso-EXC23  https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated OAuth WindowsIntegrated OAuth 04/13/2015 17:09:16 
contoso-EXC24  https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated OAuth WindowsIntegrated OAuth 04/13/2015 17:09:16 
contoso-EXC25  https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated OAuth WindowsIntegrated OAuth 04/13/2015 17:09:45 
contoso-EXC26  https://webmail.contoso.com/OAB https://webmail.contoso.com/OAB WindowsIntegrated OAuth WindowsIntegrated OAuth 04/13/2015 17:09:45 



ActiveSync (EAS):

Server Internal URL External Url Auth. (Ext.) Last modified on: 
contoso-EXC03 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  11/04/2013 10:34:53 
contoso-EXC04 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  11/04/2013 10:34:53 
contoso-EXC05 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  11/04/2013 10:34:53 
contoso-EXC21 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  04/13/2015 17:10:54 
contoso-EXC22 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  04/13/2015 17:11:36 
contoso-EXC23 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  04/13/2015 17:12:04 
contoso-EXC24 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  04/13/2015 17:12:33 
contoso-EXC25 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  04/13/2015 17:13:43 
contoso-EXC26 https://webmail.contoso.com/Microsoft-Server-ActiveSync https://webmail.contoso.com/Microsoft-Server-ActiveSync  04/13/2015 17:13:03 



Exchange Web Services(EWS):

Server Internal URL External Url Auth. (Int.) Auth. (Ext.) MRS Proxy Enabled Last modified on: 
contoso-EXC03 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity Ntlm WindowsIntegrated WSSecurity False 11/04/2013 10:34:55 
contoso-EXC04 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity Ntlm WindowsIntegrated WSSecurity False 11/04/2013 10:34:55 
contoso-EXC05 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity Ntlm WindowsIntegrated WSSecurity False 11/04/2013 10:34:55 
contoso-EXC21 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity OAuth Ntlm WindowsIntegrated WSSecurity OAuth False 04/13/2015 17:14:45 
contoso-EXC22 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity OAuth Ntlm WindowsIntegrated WSSecurity OAuth False 04/13/2015 17:15:23 
contoso-EXC23 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity OAuth Ntlm WindowsIntegrated WSSecurity OAuth False 04/13/2015 17:16:08 
contoso-EXC24 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity OAuth Ntlm WindowsIntegrated WSSecurity OAuth False 04/13/2015 17:16:39 
contoso-EXC25 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity OAuth Ntlm WindowsIntegrated WSSecurity OAuth False 04/13/2015 17:17:32 
contoso-EXC26 https://webmail.contoso.com/EWS/Exchange.asmx https://webmail.contoso.com/EWS/Exchange.asmx Ntlm WindowsIntegrated WSSecurity OAuth Ntlm WindowsIntegrated WSSecurity OAuth False 04/13/2015 17:17:03 

Hi,

According to you post, I understand that user cannot login OWA with error http error 400 the size of the request headers is too long, as well as Outlook client after switch Exchange 2010 to Exchange 2013.
If I misunderstand your concern, please do not hesitate to let me know.

Heres an article about this error message: https://support.microsoft.com/en-us/kb/2020943
Since most of user works well, it indicate that the configuration of Exchange server is great.
Firstly, we need to ensure which account face this issue, user in Exchange 2010 or in Exchange 2013, access from internal or external?
Its more helpful for further troubleshooting.

Heres an article about Client Connectivity in an Exchange 2013 Coexistence Environment, for your reference:
http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx

Thanks

Hi Allen,

We applied the regkeys to the 3 Exchange 2010 CAS servers and gave iisreset.

We did not apply the keys to the 6 Exchange 2010 MBX servers , is this necessary?

Issue still persists and error http 400 remains.