I would try enabling FBA on 2010, i managed to get it work (was not using ISA though)
On Fri, Sep 3, 2010 at 5:30 PM, Glen Johnson <gjohn...@vhcc.edu> wrote: > Michael. > > I enabled FBA on the 03 server. > > Restarted IIS. > > Went to OWA on the 10 server, entered credentials for an 03 user and it > just timed out. > > That also broke owa access for folks out on the internet authenticating > through ISA to the 03 server. > > FBA login is enabled on the ISA server. > > Now this may or may not be important info. > > We are using a wildcard cert from digicert, it that makes any difference. > > My biggest problem is figuring out where the problem is, ex 03, 10 or the > ISA. > > Should FBA be enabled on both exchange servers and not on ISA? > > I would have thought that FBA should be enabled on ISA and not on either > exchange server. > > Any more pointers or suggestions appreciated. > > Glen. > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Thursday, September 02, 2010 2:21 PM > *To:* MS-Exchange Admin Issues > *Subject:* RE: OWA Question during transition to Exchange 2010 > > > > If you want pass-through auth to work (single-sign-in) you’re going to have > to enable FBA on the 2003 server. > > > > All your 2003 users are auth’ing through the 2010 server, right? That is, > when you connect to OWA, you get a 2010 OWA login screen. If your mailbox is > on the 2010 server, you stay on the 2010 server. If it’s on the 2003 server, > you get redirected to the 2003 server. That’s how it’s supposed to work… > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Glen Johnson [mailto:gjohn...@vhcc.edu] > *Sent:* Thursday, September 02, 2010 2:14 PM > *To:* MS-Exchange Admin Issues > *Subject:* RE: OWA Question during transition to Exchange 2010 > > > > It isn’t. > > If I enabled that, what would happened when users connect via ISA with FBA > enabled on ISA? > > I sure it was setup following some MS guide and I’d hate to break something > that has been working for so long. > > > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Thursday, September 02, 2010 1:39 PM > *To:* MS-Exchange Admin Issues > *Subject:* RE: OWA Question during transition to Exchange 2010 > > > > Sounds like FBA isn’t enabled on the 2003 server. It needs to be. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Glen Johnson [mailto:gjohn...@vhcc.edu] > *Sent:* Thursday, September 02, 2010 1:37 PM > *To:* MS-Exchange Admin Issues > *Subject:* RE: OWA Question during transition to Exchange 2010 > > > > Michael or anyone else. > > Question re this procedure. > > If using ISA between the 2 exchange servers and the big bad internet, and > so *FBA is disabled on the exchange servers* can this work. > > FBA is enabled on the ISA server. > > It seems to almost work, > > If logging onto a 2003 account via the 2010 server owa url, I get prompted > to login twice, and after entering the credentials the second time, I login > fine. > > Both exchange servers are single server setups. > > Or is there a better way of doing this during the co-existence period? > > Thanks. > > Glen. > > > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Wednesday, August 11, 2010 8:57 AM > *To:* MS-Exchange Admin Issues > *Subject:* RE: OWA Question during transition to Exchange 2010 > > > > If you correctly set up your Exchange 2010 server, it will redirect > Exchange 2003 users to the Exchange 2003 server. > > > > A couple of excerpts from an article I had published earlier this year: > > > > Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to > refer OWA clients whose mailboxes are hosted on the Exchange 2003 server, to > that server. For this example, open an EMS session and enter: > > > > Set-OWAVirtualDirectory Clark2008\OWA* ` > > -Exchange2003URL “https://legacy.clarksupport.com” > > …. > > As mentioned earlier, Forms-Based Authentication (FBA) must be set on the > Exchange 2003 server for OWA to allow for seamless transfers from the > Exchange 2010 server. > > > > Using the Certificates MMC or the Exchange 2010 EMC, you should now export > the SSL certificate that we created earlier in this article to a PFX file > (ensuring that you export the private key!). Copy the PFX file to the > Exchange 2003 server and import the key there, also using the Certificates > MMC. > > > > Using the IIS Management Console, modify the properties of the Default Web > Site to use the new SSL key. This will allow the “old” Exchange to accept > both the legacy name (legacy.clarksupport.com in this example) and the > current name (mail.clarksupport.com in this example) until DNS is updated. > Once the update has happened, execute “iisreset” or reboot the old server to > begin using the new certificate. > > …. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Chris Pohlschneider [mailto:chris.pohlschnei...@hollowayusa.com] > *Sent:* Wednesday, August 11, 2010 8:38 AM > *To:* MS-Exchange Admin Issues > *Subject:* OWA Question during transition to Exchange 2010 > > > > We have a facility that is currently running Exchange 2003 SP2 with an OWA > site of mail.company.com in their own forest. This facility has a trust to > an Exchange 2010 Resource forest. The URL for this facility points to their > Exchange 2003 server to serve up the OWA requests. We are moving mailboxes > from Exchange 2003 to Exchange 2010 and would like to keep the > mail.company.com URL link the same for the users of this facility. > However, I am trying to figure out the best way to keep this link working so > that users can still go to one link, regardless of where there mailbox is > located and be able to sign in. Once all users are moved over to the > Exchange 2010 server, we are going to transition the link to point to the > Exchange 2010 server, but until then, I would like to keep this link intact > and not change anything during our transition. I am trying to find some > articles about this situation, but not really coming up with anything that > makes sense. Any input on this topic is appreciated. > > > > Chris Pohlschneider > > Holloway Sportswear > > Network Administrator > > chris.pohlschnei...@hollowayusa.com > > 937-494-2559 > > > > > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe exchangelist > --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
