RE: OWA Question

[Clark, Steve]

yes
 
Steve Clark
Clark Systems Support, LLC
AVIEN Charter Member
"Who's watching your network?"
www.clarksupport.com
  301-610-9584 voice
  240-465-0323 Efax
 
The data furnished in connection with this document is deemed by Clark
Systems Support, LLC., to contain proprietary and privileged information and
shall not be disclosed or used for the benefit of others without the prior
written permission of Clark Systems Support, LLC.
 
-Original Message-
From: Jamie Domingue [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, January 29, 2002 12:30 PM
To: MS-Exchange Admin Issues
Subject: OWA Question
 
I am going to add a new Exchange 5.5 server to house users' mailboxes.  Is
it possible for users with mailboxes housed on different Exchange servers to
access their mail via OWA from a single server running OWA?
 
Thanks in advance.
 
Jamie Domingue
Systems Integrator II
Global Data Systems
337-291-6535
 
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: OWA Question

[Ropiak Steve - NAO Florence Office Exchange and Bar Code Admn.]

Yup, 
as long as you all are in the same site.  (Maybe even if you aren't, but 
mine all are).
 
mit freundlichen Grüßen,(Best Regards),Steve RopiakZF Group 
NAOCERT, Exchange and Bar Code 
Administrator(207) 989-9115 voice(207) 989-8722 fax(513) 317-0197 
cell [EMAIL PROTECTED] 

  -Original Message-From: Jamie Domingue 
  [mailto:[EMAIL PROTECTED]]Sent: Tuesday, January 29, 2002 
  12:30 PMTo: MS-Exchange Admin IssuesSubject: OWA 
  Question
  
  I am going to add a new Exchange 
  5.5 server to house users' mailboxes.  
  Is it possible for users with mailboxes housed on different Exchange 
  servers to access their mail via OWA from a single server running 
  OWA?
   
  Thanks in 
  advance.
   
  Jamie 
  Domingue
  Systems Integrator 
  II
  Global Data 
  Systems
  337-291-6535
   List Charter 
  and FAQ 
at:http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: OWA Question

[Dennis Atherton]

Yes.
 
We have 4 Exchange Servers, in 3 domains, and 1 OWA box.
To cross domains, the user needs to enter his name on first screen - Fred
Flintstone
On Login Screen (Second Screen) - he would enter bedrock\fflintstone (his
domain and user name)
and then password for
this account.
 
hope this helps.
 
Dennis

-Original Message-
From: Jamie Domingue [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 29, 2002 9:30 AM
To: MS-Exchange Admin Issues
Subject: OWA Question



I am going to add a new Exchange 5.5 server to house users' mailboxes.  Is
it possible for users with mailboxes housed on different Exchange servers to
access their mail via OWA from a single server running OWA?

 

Thanks in advance.

 

Jamie Domingue

Systems Integrator II

Global Data Systems

337-291-6535

 

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm



List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: OWA question

[Jay Dale]

I would check the permissions in IIS first...

 

From: Joe Heaton [mailto:jhea...@etp.ca.gov] 
Sent: Thursday, May 21, 2009 2:09 PM
To: MS-Exchange Admin Issues
Subject: OWA question

 

 I have a user working from home today, and she's trying to access her
mailbox through OWA.  She says that she is able to log in, but when she
clicks on any of the folders on the left side, Inbox, Calendar, Tasks,
etc.  that nothing ever loads.

 

Exchange 2k3 in -house.  No idea what browser she's using at home,
although it really shouldn't matter, right?

 

Anyone have any ideas what I could check on my end?  I've already opened
OWA on my desktop, with Firefox and IE8, with no issues, but I'm also
here in the office.  She's at home, about 100 or so miles away.

 

Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov

 

 


~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~

Re: OWA question

[Steve Ens]

Pop Up blocker?

On Thu, May 21, 2009 at 2:09 PM, Joe Heaton  wrote:

>   I have a user working from home today, and she’s trying to access her
> mailbox through OWA.  She says that she is able to log in, but when she
> clicks on any of the folders on the left side, Inbox, Calendar, Tasks, etc.
> that nothing ever loads.
>
>
>
> Exchange 2k3 in –house.  No idea what browser she’s using at home, although
> it really shouldn’t matter, right?
>
>
>
> Anyone have any ideas what I could check on my end?  I’ve already opened
> OWA on my desktop, with Firefox and IE8, with no issues, but I’m also here
> in the office.  She’s at home, about 100 or so miles away.
>
>
>
> Joe Heaton
>
> AISA
>
> Employment Training Panel
>
> 1100 J Street, 4th Floor
>
> Sacramento, CA  95814
>
> (916) 327-5276
>
> jhea...@etp.ca.gov
>
>
>
>
>

~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~

Re: OWA question

[David]

That could be several things -- Java an issue?  And used to be that Firefox
would not give you a good experience with OWA, though I haven't tried the
latest versions.  And I believe popups have to be allowed, as someone else
said.

David



On Thu, May 21, 2009 at 12:09 PM, Joe Heaton  wrote:

>   I have a user working from home today, and she’s trying to access her
> mailbox through OWA.  She says that she is able to log in, but when she
> clicks on any of the folders on the left side, Inbox, Calendar, Tasks, etc.
> that nothing ever loads.
>
>
>
> Exchange 2k3 in –house.  No idea what browser she’s using at home, although
> it really shouldn’t matter, right?
>
>
>
> Anyone have any ideas what I could check on my end?  I’ve already opened
> OWA on my desktop, with Firefox and IE8, with no issues, but I’m also here
> in the office.  She’s at home, about 100 or so miles away.
>
>
>
> Joe Heaton
>
> AISA
>
> Employment Training Panel
>
> 1100 J Street, 4th Floor
>
> Sacramento, CA  95814
>
> (916) 327-5276
>
> jhea...@etp.ca.gov
>
>
>
>
>



-- 
David

_

Puritanism: The haunting fear that
someone, somewhere, may be happy."

H L Mencken

~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~

RE: OWA question

[Kennedy, Jim]

Adding it to her trusted sites can also cure many things.



From: David [mailto:blazer...@gmail.com]
Sent: Thursday, May 21, 2009 4:07 PM
To: MS-Exchange Admin Issues
Subject: Re: OWA question

That could be several things -- Java an issue?  And used to be that Firefox 
would not give you a good experience with OWA, though I haven't tried the 
latest versions.  And I believe popups have to be allowed, as someone else said.

David



On Thu, May 21, 2009 at 12:09 PM, Joe Heaton 
mailto:jhea...@etp.ca.gov>> wrote:

 I have a user working from home today, and she's trying to access her mailbox 
through OWA.  She says that she is able to log in, but when she clicks on any 
of the folders on the left side, Inbox, Calendar, Tasks, etc.  that nothing 
ever loads.



Exchange 2k3 in -house.  No idea what browser she's using at home, although it 
really shouldn't matter, right?



Anyone have any ideas what I could check on my end?  I've already opened OWA on 
my desktop, with Firefox and IE8, with no issues, but I'm also here in the 
office.  She's at home, about 100 or so miles away.



Joe Heaton

AISA

Employment Training Panel

1100 J Street, 4th Floor

Sacramento, CA  95814

(916) 327-5276

jhea...@etp.ca.gov<mailto:jhea...@etp.ca.gov>







--
David

_

Puritanism: The haunting fear that
someone, somewhere, may be happy."

H L Mencken



~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja~

Re: OWA question

[Todd Lemmiksoo]

I believe no, as the form only comes from TMG. Not sure you would want to
have your internal users access TMG from the external interface. It my work
by copying the HTM files from the TMG to your CAS IIS directory and rebuild
the VDir. Have not see this to work.

On Thu, Nov 17, 2011 at 1:36 PM, Joseph Heaton  wrote:

>  I'm setting up an OWA listener in TMG.  The blog I'm following says to
> turn off FBA in the Exchange console, and let TMG do the forms based
> authentication.  But, if I do this, then users internally hitting the OWA
> site don't get forms based auth, just the normal authentication window that
> comes up connecting to any network resource.
>
> Is there a way to have both, without making the external users log in
> twice?
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe exchangelist
>



-- 
T. Todd Lemmiksoo

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

RE: OWA question

[Ralph Smith]

In my Exchange 2003 and ISA 2006 environment I have the rule on the ISA
server set to listen on the internal interface as well as the external
interface, and mail.mydomain.com is set up on my internal DNS servers
pointing to the internal interface on ISA server.

 

So internal users use the same URL as external users, they hit the
internal interface on ISA which brings up the FBA the same as for
external users, they authenticate and get their OWA. 

 

From: Todd Lemmiksoo [mailto:tlemmik...@gmail.com] 
Sent: Thursday, November 17, 2011 2:57 PM
To: MS-Exchange Admin Issues
Subject: Re: OWA question

 

I believe no, as the form only comes from TMG. Not sure you would want
to have your internal users access TMG from the external interface. It
my work by copying the HTM files from the TMG to your CAS IIS directory
and rebuild the VDir. Have not see this to work.

On Thu, Nov 17, 2011 at 1:36 PM, Joseph Heaton 
wrote:

I'm setting up an OWA listener in TMG.  The blog I'm following says to
turn off FBA in the Exchange console, and let TMG do the forms based
authentication.  But, if I do this, then users internally hitting the
OWA site don't get forms based auth, just the normal authentication
window that comes up connecting to any network resource.

 

Is there a way to have both, without making the external users log in
twice?

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist




-- 
T. Todd Lemmiksoo

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist


---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

RE: OWA question

[Steve Goodman]

Hi Joseph,
I've done similar, most recently on Exchange 2010 using the following steps:

* Leave the default OWA virtual directory web site using forms-based 
authentication (which internal users will access)

* Create a new web site, e.g. "TMG Site" on each Exchange client access 
server, listening on a different port - say 8080 (if using SSL offload) or 8443 
(if using the same SSL cert on the second OWA site)

* Create a new OWA and ECP virtual directory , using 
New-OWAVirtualDirectory -WebSiteName "TMG Site" and New-OWAVirtualDirectory 
-WebSiteName "TMG Site"

* Configure those new OWA and ECP virtual directories to use 
Windows/Basic authentication instead of forms based, run iisreset as usual and 
test you can access the new OWA/ECP virtual directories on the new site (eg 
https://internal.host:8443)

* In the TMG policy for Outlook Web App, open the properties and use 
the Bridging tab to redirect requests to the new site's port (eg 8443)
This should result in TMG using it's forms-based pre-authentication for 
external users and internal users prompted for Exchange's forms-based 
authentication.
Steve
From: Joseph Heaton [mailto:jhea...@dfg.ca.gov]
Sent: 17 November 2011 19:37
To: MS-Exchange Admin Issues
Subject: OWA question

I'm setting up an OWA listener in TMG.  The blog I'm following says to turn off 
FBA in the Exchange console, and let TMG do the forms based authentication.  
But, if I do this, then users internally hitting the OWA site don't get forms 
based auth, just the normal authentication window that comes up connecting to 
any network resource.

Is there a way to have both, without making the external users log in twice?

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

RE: OWA question

[Miller Bonnie L .]

Sounds like a popup blocker is enabled...

http://support.microsoft.com/kb/883575


From: Kevin Sharp [mailto:kevinsh...@sasktel.net]
Sent: Thursday, March 07, 2013 11:06 AM
To: MS-Exchange Admin Issues
Subject: OWA question

I've got a user who has all kinds of strangeness with their mailbox.

Typically they use OWA for access.  Recently when they log into outlook web 
app, they  click on the New Message button, nothing happens.  Opening up an 
email to do a reply, the reply window opens, but they can't type into the reply 
window.  This behavior occurs on multiple machines, across multiple browsers.  
Other people can log onto their account using OWA on the same machines and 
browsers with no issues. Which makes me think it is something with the mailbox 
or the user's account?  Looking at their permissions, I don't see anything that 
stands out to why this user might not be able to access OWA properly.

I moved the user's mailbox to see if that would reset something, but it still 
looks to be having the same issue.  The Exchange environment is 2010 sp2 rollup 
6.

Any thoughts?

Thanks

Kevin

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

RE: OWA Question during transition to Exchange 2010

[Michael B. Smith]

If you correctly set up your Exchange 2010 server, it will redirect Exchange 
2003 users to the Exchange 2003 server.

A couple of excerpts from an article I had published earlier this year:

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to refer 
OWA clients whose mailboxes are hosted on the Exchange 2003 server, to that 
server. For this example, open an EMS session and enter:


Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";

As mentioned earlier, Forms-Based Authentication (FBA) must be set on the 
Exchange 2003 server for OWA to allow for seamless transfers from the Exchange 
2010 server.

Using the Certificates MMC or the Exchange 2010 EMC, you should now export the 
SSL certificate that we created earlier in this article to a PFX file (ensuring 
that you export the private key!). Copy the PFX file to the Exchange 2003 
server and import the key there, also using the Certificates MMC.

Using the IIS Management Console, modify the properties of the Default Web Site 
to use the new SSL key. This will allow the "old" Exchange to accept both the 
legacy name (legacy.clarksupport.com in this example) and the current name 
(mail.clarksupport.com in this example) until DNS is updated. Once the update 
has happened, execute "iisreset" or reboot the old server to begin using the 
new certificate.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Chris Pohlschneider [mailto:chris.pohlschnei...@hollowayusa.com]
Sent: Wednesday, August 11, 2010 8:38 AM
To: MS-Exchange Admin Issues
Subject: OWA Question during transition to Exchange 2010

We have a facility that is currently running Exchange 2003 SP2 with an OWA site 
of mail.company.com in their own forest. This facility has a trust to an 
Exchange 2010 Resource forest. The URL for this facility points to their 
Exchange 2003 server to serve up the OWA requests. We are moving mailboxes from 
Exchange 2003 to Exchange 2010 and would like to keep the mail.company.com URL 
link the same for the users of this facility. However, I am trying to figure 
out the best way to keep this link working so that users can still go to one 
link, regardless of where there mailbox is located and be able to sign in. Once 
all users are moved over to the Exchange 2010 server, we are going to 
transition the link to point to the Exchange 2010 server, but until then, I 
would like to keep this link intact and not change anything during our 
transition. I am trying to find some articles about this situation, but not 
really coming up with anything that makes sense. Any input on this topic is 
appreciated.

Chris Pohlschneider
Holloway Sportswear
Network Administrator
chris.pohlschnei...@hollowayusa.com
937-494-2559

RE: OWA Question during transition to Exchange 2010

[Glen Johnson]

Michael or anyone else.
Question re this procedure.
If using ISA between the 2 exchange servers and the big bad internet, and so 
FBA is disabled on the exchange servers can this work.
FBA is enabled on the ISA server.
It seems to almost work,
If logging onto a 2003 account via the 2010 server owa url, I get prompted to 
login twice, and after entering the credentials the second time, I login fine.
Both exchange servers are single server setups.
Or is there a better way of doing this during the co-existence period?
Thanks.
Glen.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 11, 2010 8:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you correctly set up your Exchange 2010 server, it will redirect Exchange 
2003 users to the Exchange 2003 server.

A couple of excerpts from an article I had published earlier this year:

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to refer 
OWA clients whose mailboxes are hosted on the Exchange 2003 server, to that 
server. For this example, open an EMS session and enter:


Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";

As mentioned earlier, Forms-Based Authentication (FBA) must be set on the 
Exchange 2003 server for OWA to allow for seamless transfers from the Exchange 
2010 server.

Using the Certificates MMC or the Exchange 2010 EMC, you should now export the 
SSL certificate that we created earlier in this article to a PFX file (ensuring 
that you export the private key!). Copy the PFX file to the Exchange 2003 
server and import the key there, also using the Certificates MMC.

Using the IIS Management Console, modify the properties of the Default Web Site 
to use the new SSL key. This will allow the "old" Exchange to accept both the 
legacy name (legacy.clarksupport.com in this example) and the current name 
(mail.clarksupport.com in this example) until DNS is updated. Once the update 
has happened, execute "iisreset" or reboot the old server to begin using the 
new certificate.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Chris Pohlschneider [mailto:chris.pohlschnei...@hollowayusa.com]
Sent: Wednesday, August 11, 2010 8:38 AM
To: MS-Exchange Admin Issues
Subject: OWA Question during transition to Exchange 2010

We have a facility that is currently running Exchange 2003 SP2 with an OWA site 
of mail.company.com in their own forest. This facility has a trust to an 
Exchange 2010 Resource forest. The URL for this facility points to their 
Exchange 2003 server to serve up the OWA requests. We are moving mailboxes from 
Exchange 2003 to Exchange 2010 and would like to keep the mail.company.com URL 
link the same for the users of this facility. However, I am trying to figure 
out the best way to keep this link working so that users can still go to one 
link, regardless of where there mailbox is located and be able to sign in. Once 
all users are moved over to the Exchange 2010 server, we are going to 
transition the link to point to the Exchange 2010 server, but until then, I 
would like to keep this link intact and not change anything during our 
transition. I am trying to find some articles about this situation, but not 
really coming up with anything that makes sense. Any input on this topic is 
appreciated.

Chris Pohlschneider
Holloway Sportswear
Network Administrator
chris.pohlschnei...@hollowayusa.com<mailto:chris.pohlschnei...@hollowayusa.com>
937-494-2559



---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

RE: OWA Question during transition to Exchange 2010

[Michael B. Smith]

Sounds like FBA isn't enabled on the 2003 server. It needs to be.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, September 02, 2010 1:37 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Michael or anyone else.
Question re this procedure.
If using ISA between the 2 exchange servers and the big bad internet, and so 
FBA is disabled on the exchange servers can this work.
FBA is enabled on the ISA server.
It seems to almost work,
If logging onto a 2003 account via the 2010 server owa url, I get prompted to 
login twice, and after entering the credentials the second time, I login fine.
Both exchange servers are single server setups.
Or is there a better way of doing this during the co-existence period?
Thanks.
Glen.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 11, 2010 8:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you correctly set up your Exchange 2010 server, it will redirect Exchange 
2003 users to the Exchange 2003 server.

A couple of excerpts from an article I had published earlier this year:

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to refer 
OWA clients whose mailboxes are hosted on the Exchange 2003 server, to that 
server. For this example, open an EMS session and enter:


Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";

As mentioned earlier, Forms-Based Authentication (FBA) must be set on the 
Exchange 2003 server for OWA to allow for seamless transfers from the Exchange 
2010 server.

Using the Certificates MMC or the Exchange 2010 EMC, you should now export the 
SSL certificate that we created earlier in this article to a PFX file (ensuring 
that you export the private key!). Copy the PFX file to the Exchange 2003 
server and import the key there, also using the Certificates MMC.

Using the IIS Management Console, modify the properties of the Default Web Site 
to use the new SSL key. This will allow the "old" Exchange to accept both the 
legacy name (legacy.clarksupport.com in this example) and the current name 
(mail.clarksupport.com in this example) until DNS is updated. Once the update 
has happened, execute "iisreset" or reboot the old server to begin using the 
new certificate.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Chris Pohlschneider [mailto:chris.pohlschnei...@hollowayusa.com]
Sent: Wednesday, August 11, 2010 8:38 AM
To: MS-Exchange Admin Issues
Subject: OWA Question during transition to Exchange 2010

We have a facility that is currently running Exchange 2003 SP2 with an OWA site 
of mail.company.com in their own forest. This facility has a trust to an 
Exchange 2010 Resource forest. The URL for this facility points to their 
Exchange 2003 server to serve up the OWA requests. We are moving mailboxes from 
Exchange 2003 to Exchange 2010 and would like to keep the mail.company.com URL 
link the same for the users of this facility. However, I am trying to figure 
out the best way to keep this link working so that users can still go to one 
link, regardless of where there mailbox is located and be able to sign in. Once 
all users are moved over to the Exchange 2010 server, we are going to 
transition the link to point to the Exchange 2010 server, but until then, I 
would like to keep this link intact and not change anything during our 
transition. I am trying to find some articles about this situation, but not 
really coming up with anything that makes sense. Any input on this topic is 
appreciated.

Chris Pohlschneider
Holloway Sportswear
Network Administrator
chris.pohlschnei...@hollowayusa.com<mailto:chris.pohlschnei...@hollowayusa.com>
937-494-2559



---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe exchangelist

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

RE: OWA Question during transition to Exchange 2010

[Glen Johnson]

It isn't.
If I enabled that, what would happened when users connect via ISA with FBA 
enabled on ISA?
I sure it was setup following some MS guide and I'd hate to break something 
that has been working for so long.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, September 02, 2010 1:39 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Sounds like FBA isn't enabled on the 2003 server. It needs to be.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, September 02, 2010 1:37 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Michael or anyone else.
Question re this procedure.
If using ISA between the 2 exchange servers and the big bad internet, and so 
FBA is disabled on the exchange servers can this work.
FBA is enabled on the ISA server.
It seems to almost work,
If logging onto a 2003 account via the 2010 server owa url, I get prompted to 
login twice, and after entering the credentials the second time, I login fine.
Both exchange servers are single server setups.
Or is there a better way of doing this during the co-existence period?
Thanks.
Glen.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 11, 2010 8:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you correctly set up your Exchange 2010 server, it will redirect Exchange 
2003 users to the Exchange 2003 server.

A couple of excerpts from an article I had published earlier this year:

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to refer 
OWA clients whose mailboxes are hosted on the Exchange 2003 server, to that 
server. For this example, open an EMS session and enter:


Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";

As mentioned earlier, Forms-Based Authentication (FBA) must be set on the 
Exchange 2003 server for OWA to allow for seamless transfers from the Exchange 
2010 server.

Using the Certificates MMC or the Exchange 2010 EMC, you should now export the 
SSL certificate that we created earlier in this article to a PFX file (ensuring 
that you export the private key!). Copy the PFX file to the Exchange 2003 
server and import the key there, also using the Certificates MMC.

Using the IIS Management Console, modify the properties of the Default Web Site 
to use the new SSL key. This will allow the "old" Exchange to accept both the 
legacy name (legacy.clarksupport.com in this example) and the current name 
(mail.clarksupport.com in this example) until DNS is updated. Once the update 
has happened, execute "iisreset" or reboot the old server to begin using the 
new certificate.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Chris Pohlschneider [mailto:chris.pohlschnei...@hollowayusa.com]
Sent: Wednesday, August 11, 2010 8:38 AM
To: MS-Exchange Admin Issues
Subject: OWA Question during transition to Exchange 2010

We have a facility that is currently running Exchange 2003 SP2 with an OWA site 
of mail.company.com in their own forest. This facility has a trust to an 
Exchange 2010 Resource forest. The URL for this facility points to their 
Exchange 2003 server to serve up the OWA requests. We are moving mailboxes from 
Exchange 2003 to Exchange 2010 and would like to keep the mail.company.com URL 
link the same for the users of this facility. However, I am trying to figure 
out the best way to keep this link working so that users can still go to one 
link, regardless of where there mailbox is located and be able to sign in. Once 
all users are moved over to the Exchange 2010 server, we are going to 
transition the link to point to the Exchange 2010 server, but until then, I 
would like to keep this link intact and not change anything during our 
transition. I am trying to find some articles about this situation, but not 
really coming up with anything that makes sense. Any input on this topic is 
appreciated.

Chris Pohlschneider
Holloway Sportswear
Network Administrator
chris.pohlschnei...@hollowayusa.com<mailto:chris.pohlschnei...@hollowayusa.com>
937-494-2559



---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe exchangelist

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe exchangelist

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

RE: OWA Question during transition to Exchange 2010

[Michael B. Smith]

If you want pass-through auth to work (single-sign-in) you're going to have to 
enable FBA on the 2003 server.

All your 2003 users are auth'ing through the 2010 server, right? That is, when 
you connect to OWA, you get a 2010 OWA login screen. If your mailbox is on the 
2010 server, you stay on the 2010 server. If it's on the 2003 server, you get 
redirected to the 2003 server. That's how it's supposed to work...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, September 02, 2010 2:14 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

It isn't.
If I enabled that, what would happened when users connect via ISA with FBA 
enabled on ISA?
I sure it was setup following some MS guide and I'd hate to break something 
that has been working for so long.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, September 02, 2010 1:39 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Sounds like FBA isn't enabled on the 2003 server. It needs to be.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, September 02, 2010 1:37 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Michael or anyone else.
Question re this procedure.
If using ISA between the 2 exchange servers and the big bad internet, and so 
FBA is disabled on the exchange servers can this work.
FBA is enabled on the ISA server.
It seems to almost work,
If logging onto a 2003 account via the 2010 server owa url, I get prompted to 
login twice, and after entering the credentials the second time, I login fine.
Both exchange servers are single server setups.
Or is there a better way of doing this during the co-existence period?
Thanks.
Glen.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 11, 2010 8:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you correctly set up your Exchange 2010 server, it will redirect Exchange 
2003 users to the Exchange 2003 server.

A couple of excerpts from an article I had published earlier this year:

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to refer 
OWA clients whose mailboxes are hosted on the Exchange 2003 server, to that 
server. For this example, open an EMS session and enter:


Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";

As mentioned earlier, Forms-Based Authentication (FBA) must be set on the 
Exchange 2003 server for OWA to allow for seamless transfers from the Exchange 
2010 server.

Using the Certificates MMC or the Exchange 2010 EMC, you should now export the 
SSL certificate that we created earlier in this article to a PFX file (ensuring 
that you export the private key!). Copy the PFX file to the Exchange 2003 
server and import the key there, also using the Certificates MMC.

Using the IIS Management Console, modify the properties of the Default Web Site 
to use the new SSL key. This will allow the "old" Exchange to accept both the 
legacy name (legacy.clarksupport.com in this example) and the current name 
(mail.clarksupport.com in this example) until DNS is updated. Once the update 
has happened, execute "iisreset" or reboot the old server to begin using the 
new certificate.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Chris Pohlschneider [mailto:chris.pohlschnei...@hollowayusa.com]
Sent: Wednesday, August 11, 2010 8:38 AM
To: MS-Exchange Admin Issues
Subject: OWA Question during transition to Exchange 2010

We have a facility that is currently running Exchange 2003 SP2 with an OWA site 
of mail.company.com in their own forest. This facility has a trust to an 
Exchange 2010 Resource forest. The URL for this facility points to their 
Exchange 2003 server to serve up the OWA requests. We are moving mailboxes from 
Exchange 2003 to Exchange 2010 and would like to keep the mail.company.com URL 
link the same for the users of this facility. However, I am trying to figure 
out the best way to keep this link working so that users can still go to one 
link, regardless of where there mailbox is located and be able to sign in. Once 
all users are moved over to the Exchange 2010 server, we are going to 
transition the link to point to the Exchange 2010 server, but until then, I 
would like to keep this link intact and not change anything during our 
transition. I am trying to find some articles about this situation, but not 
really coming up with anything that makes sense. Any input on this topic is 
appreciated.

Chris Pohlschneider
Holloway Sportswear
Network Administrator
chris.pohlschnei...@ho

RE: OWA Question during transition to Exchange 2010

[Glen Johnson]

Michael.
I enabled FBA on the 03 server.
Restarted IIS.
Went to OWA on the 10 server, entered credentials for an 03 user and it just 
timed out.
That also broke owa access for folks out on the internet authenticating through 
ISA to the 03 server.
FBA login is enabled on the ISA server.
Now this may or may not be important info.
We are using a wildcard cert from digicert, it that makes any difference.
My biggest problem is figuring out where the problem is, ex 03, 10 or the ISA.
Should FBA be enabled on both exchange servers and not on ISA?
I would have thought that FBA should be enabled on ISA and not on either 
exchange server.
Any more pointers or suggestions appreciated.
Glen.
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, September 02, 2010 2:21 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you want pass-through auth to work (single-sign-in) you're going to have to 
enable FBA on the 2003 server.

All your 2003 users are auth'ing through the 2010 server, right? That is, when 
you connect to OWA, you get a 2010 OWA login screen. If your mailbox is on the 
2010 server, you stay on the 2010 server. If it's on the 2003 server, you get 
redirected to the 2003 server. That's how it's supposed to work...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, September 02, 2010 2:14 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

It isn't.
If I enabled that, what would happened when users connect via ISA with FBA 
enabled on ISA?
I sure it was setup following some MS guide and I'd hate to break something 
that has been working for so long.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Thursday, September 02, 2010 1:39 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Sounds like FBA isn't enabled on the 2003 server. It needs to be.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu]
Sent: Thursday, September 02, 2010 1:37 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Michael or anyone else.
Question re this procedure.
If using ISA between the 2 exchange servers and the big bad internet, and so 
FBA is disabled on the exchange servers can this work.
FBA is enabled on the ISA server.
It seems to almost work,
If logging onto a 2003 account via the 2010 server owa url, I get prompted to 
login twice, and after entering the credentials the second time, I login fine.
Both exchange servers are single server setups.
Or is there a better way of doing this during the co-existence period?
Thanks.
Glen.

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, August 11, 2010 8:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you correctly set up your Exchange 2010 server, it will redirect Exchange 
2003 users to the Exchange 2003 server.

A couple of excerpts from an article I had published earlier this year:

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to refer 
OWA clients whose mailboxes are hosted on the Exchange 2003 server, to that 
server. For this example, open an EMS session and enter:


Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";

As mentioned earlier, Forms-Based Authentication (FBA) must be set on the 
Exchange 2003 server for OWA to allow for seamless transfers from the Exchange 
2010 server.

Using the Certificates MMC or the Exchange 2010 EMC, you should now export the 
SSL certificate that we created earlier in this article to a PFX file (ensuring 
that you export the private key!). Copy the PFX file to the Exchange 2003 
server and import the key there, also using the Certificates MMC.

Using the IIS Management Console, modify the properties of the Default Web Site 
to use the new SSL key. This will allow the "old" Exchange to accept both the 
legacy name (legacy.clarksupport.com in this example) and the current name 
(mail.clarksupport.com in this example) until DNS is updated. Once the update 
has happened, execute "iisreset" or reboot the old server to begin using the 
new certificate.


Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Chris Pohlschneider [mailto:chris.pohlschnei...@hollowayusa.com]
Sent: Wednesday, August 11, 2010 8:38 AM
To: MS-Exchange Admin Issues
Subject: OWA Question during transition to Exchange 2010

We have a facility that is currently running Exchange 2003 SP2 with an OWA site 
of mail.company.com in their own forest. This facility has a trust to an 
Exchange 2010 Resource forest. The URL for this facility poin

RE: OWA Question during transition to Exchange 2010

[Knoch, James W]

If you're going to be using FBA on the ISA server, then I believe you
need to disable forms-based authentication on both the Exchange 2003 FE
and 2010 CAS.

 

See here:

ISA 2006 SP1 Configuration with Exchange 2010

http://msexchangeteam.com/archive/2009/12/17/453625.aspx

 

These are from two different sections of the document, but is where I
basing my information off of.

In addition if utilizing ISA Pre-Authentication, the Exchange 2003
Front-End Servers are configured as follows: 

1.  The /exchange OWA virtual directory has been configured with
Basic Authentication and/or Windows Integrated Authentication and not
Forms Based Authentication. 
2.  SSL is required.

7. If leveraging ISA Pre-Authentication, on Exchange 2010 CAS within the
"Internet Facing AD Site", you will disable forms-based authentication
by executing the following cmdlets: 

*   Set-OWAVirtualDirectory cas2010\OWA* -BasicAuthentication $true
-WindowsAuthentication $true 
*   Set-ECPVirtualDirectory cas2010\ECP* -BasicAuthentication $true
-WindowsAuthentication $true

 

 

 

From: Glen Johnson [mailto:gjohn...@vhcc.edu] 
Sent: Friday, September 03, 2010 10:30 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

 

Michael.

I enabled FBA on the 03 server.

Restarted IIS.

Went to OWA on the 10 server, entered credentials for an 03 user and it
just timed out.

That also broke owa access for folks out on the internet authenticating
through ISA to the 03 server.

FBA login is enabled on the ISA server.

Now this may or may not be important info.

We are using a wildcard cert from digicert, it that makes any
difference.

My biggest problem is figuring out where the problem is, ex 03, 10 or
the ISA.

Should FBA be enabled on both exchange servers and not on ISA?

I would have thought that FBA should be enabled on ISA and not on either
exchange server.

Any more pointers or suggestions appreciated.

Glen.

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, September 02, 2010 2:21 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

 

If you want pass-through auth to work (single-sign-in) you're going to
have to enable FBA on the 2003 server.

 

All your 2003 users are auth'ing through the 2010 server, right? That
is, when you connect to OWA, you get a 2010 OWA login screen. If your
mailbox is on the 2010 server, you stay on the 2010 server. If it's on
the 2003 server, you get redirected to the 2003 server. That's how it's
supposed to work...

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Glen Johnson [mailto:gjohn...@vhcc.edu] 
Sent: Thursday, September 02, 2010 2:14 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

 

It isn't.

If I enabled that, what would happened when users connect via ISA with
FBA enabled on ISA?

I sure it was setup following some MS guide and I'd hate to break
something that has been working for so long.

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Thursday, September 02, 2010 1:39 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

 

Sounds like FBA isn't enabled on the 2003 server. It needs to be.

 

Regards,

 

Michael B. Smith

Consultant and Exchange MVP

http://TheEssentialExchange.com

 

From: Glen Johnson [mailto:gjohn...@vhcc.edu] 
Sent: Thursday, September 02, 2010 1:37 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

 

Michael or anyone else.

Question re this procedure.

If using ISA between the 2 exchange servers and the big bad internet,
and so FBA is disabled on the exchange servers can this work.

FBA is enabled on the ISA server.

It seems to almost work, 

If logging onto a 2003 account via the 2010 server owa url, I get
prompted to login twice, and after entering the credentials the second
time, I login fine.

Both exchange servers are single server setups.

Or is there a better way of doing this during the co-existence period?

Thanks.

Glen.

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, August 11, 2010 8:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

 

If you correctly set up your Exchange 2010 server, it will redirect
Exchange 2003 users to the Exchange 2003 server.

 

A couple of excerpts from an article I had published earlier this year:

 

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to
refer OWA clients whose mailboxes are hosted on the Exchange 2003
server, to that server. For this example, open an EMS session and enter:

 

Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";



As mentioned earlier, Forms-Based Authentication (FBA) must

Re: OWA Question during transition to Exchange 2010

[Al Rose]

I would try enabling FBA on 2010, i managed to get it work (was not using
ISA though)

On Fri, Sep 3, 2010 at 5:30 PM, Glen Johnson  wrote:

>  Michael.
>
> I enabled FBA on the 03 server.
>
> Restarted IIS.
>
> Went to OWA on the 10 server, entered credentials for an 03 user and it
> just timed out.
>
> That also broke owa access for folks out on the internet authenticating
> through ISA to the 03 server.
>
> FBA login is enabled on the ISA server.
>
> Now this may or may not be important info.
>
> We are using a wildcard cert from digicert, it that makes any difference.
>
> My biggest problem is figuring out where the problem is, ex 03, 10 or the
> ISA.
>
> Should FBA be enabled on both exchange servers and not on ISA?
>
> I would have thought that FBA should be enabled on ISA and not on either
> exchange server.
>
> Any more pointers or suggestions appreciated.
>
> Glen.
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Thursday, September 02, 2010 2:21 PM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: OWA Question during transition to Exchange 2010
>
>
>
> If you want pass-through auth to work (single-sign-in) you’re going to have
> to enable FBA on the 2003 server.
>
>
>
> All your 2003 users are auth’ing through the 2010 server, right? That is,
> when you connect to OWA, you get a 2010 OWA login screen. If your mailbox is
> on the 2010 server, you stay on the 2010 server. If it’s on the 2003 server,
> you get redirected to the 2003 server. That’s how it’s supposed to work…
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* Glen Johnson [mailto:gjohn...@vhcc.edu]
> *Sent:* Thursday, September 02, 2010 2:14 PM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: OWA Question during transition to Exchange 2010
>
>
>
> It isn’t.
>
> If I enabled that, what would happened when users connect via ISA with FBA
> enabled on ISA?
>
> I sure it was setup following some MS guide and I’d hate to break something
> that has been working for so long.
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Thursday, September 02, 2010 1:39 PM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: OWA Question during transition to Exchange 2010
>
>
>
> Sounds like FBA isn’t enabled on the 2003 server. It needs to be.
>
>
>
> Regards,
>
>
>
> Michael B. Smith
>
> Consultant and Exchange MVP
>
> http://TheEssentialExchange.com
>
>
>
> *From:* Glen Johnson [mailto:gjohn...@vhcc.edu]
> *Sent:* Thursday, September 02, 2010 1:37 PM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: OWA Question during transition to Exchange 2010
>
>
>
> Michael or anyone else.
>
> Question re this procedure.
>
> If using ISA between the 2 exchange servers and the big bad internet, and
> so *FBA is disabled on the exchange servers* can this work.
>
> FBA is enabled on the ISA server.
>
> It seems to almost work,
>
> If logging onto a 2003 account via the 2010 server owa url, I get prompted
> to login twice, and after entering the credentials the second time, I login
> fine.
>
> Both exchange servers are single server setups.
>
> Or is there a better way of doing this during the co-existence period?
>
> Thanks.
>
> Glen.
>
>
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Wednesday, August 11, 2010 8:57 AM
> *To:* MS-Exchange Admin Issues
> *Subject:* RE: OWA Question during transition to Exchange 2010
>
>
>
> If you correctly set up your Exchange 2010 server, it will redirect
> Exchange 2003 users to the Exchange 2003 server.
>
>
>
> A couple of excerpts from an article I had published earlier this year:
>
>
>
> Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to
> refer OWA clients whose mailboxes are hosted on the Exchange 2003 server, to
> that server. For this example, open an EMS session and enter:
>
>
>
> Set-OWAVirtualDirectory Clark2008\OWA* `
>
> -Exchange2003URL “https://legacy.clarksupport.com”
>
> ….
>
> As mentioned earlier, Forms-Based Authentication (FBA) must be set on the
> Exchange 2003 server for OWA to allow for seamless transfers from the
> Exchange 2010 server.
>
>
>
> Using the Certificates MMC or the Exchange 2010 EMC, you should now export
> the SSL certificate that we created earlier in this article to a PFX file
> (ensuring that you export the private key!). Copy the PFX file to the
> Exchange 2003 server and import the key there, also using the Certificat

RE: OWA Question during transition to Exchange 2010

[Michael B. Smith]

+1

For details, refer to: http://msexchangeteam.com/archive/2009/12/17/453625.aspx

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Al Rose [mailto:arose...@gmail.com]
Sent: Friday, September 03, 2010 12:47 PM
To: MS-Exchange Admin Issues
Subject: Re: OWA Question during transition to Exchange 2010

I would try enabling FBA on 2010, i managed to get it work (was not using ISA 
though)
On Fri, Sep 3, 2010 at 5:30 PM, Glen Johnson 
mailto:gjohn...@vhcc.edu>> wrote:
Michael.
I enabled FBA on the 03 server.
Restarted IIS.
Went to OWA on the 10 server, entered credentials for an 03 user and it just 
timed out.
That also broke owa access for folks out on the internet authenticating through 
ISA to the 03 server.
FBA login is enabled on the ISA server.
Now this may or may not be important info.
We are using a wildcard cert from digicert, it that makes any difference.
My biggest problem is figuring out where the problem is, ex 03, 10 or the ISA.
Should FBA be enabled on both exchange servers and not on ISA?
I would have thought that FBA should be enabled on ISA and not on either 
exchange server.
Any more pointers or suggestions appreciated.
Glen.
From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Thursday, September 02, 2010 2:21 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you want pass-through auth to work (single-sign-in) you're going to have to 
enable FBA on the 2003 server.

All your 2003 users are auth'ing through the 2010 server, right? That is, when 
you connect to OWA, you get a 2010 OWA login screen. If your mailbox is on the 
2010 server, you stay on the 2010 server. If it's on the 2003 server, you get 
redirected to the 2003 server. That's how it's supposed to work...

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu<mailto:gjohn...@vhcc.edu>]
Sent: Thursday, September 02, 2010 2:14 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

It isn't.
If I enabled that, what would happened when users connect via ISA with FBA 
enabled on ISA?
I sure it was setup following some MS guide and I'd hate to break something 
that has been working for so long.

From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Thursday, September 02, 2010 1:39 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Sounds like FBA isn't enabled on the 2003 server. It needs to be.

Regards,

Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com

From: Glen Johnson [mailto:gjohn...@vhcc.edu<mailto:gjohn...@vhcc.edu>]
Sent: Thursday, September 02, 2010 1:37 PM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

Michael or anyone else.
Question re this procedure.
If using ISA between the 2 exchange servers and the big bad internet, and so 
FBA is disabled on the exchange servers can this work.
FBA is enabled on the ISA server.
It seems to almost work,
If logging onto a 2003 account via the 2010 server owa url, I get prompted to 
login twice, and after entering the credentials the second time, I login fine.
Both exchange servers are single server setups.
Or is there a better way of doing this during the co-existence period?
Thanks.
Glen.

From: Michael B. Smith 
[mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>]
Sent: Wednesday, August 11, 2010 8:57 AM
To: MS-Exchange Admin Issues
Subject: RE: OWA Question during transition to Exchange 2010

If you correctly set up your Exchange 2010 server, it will redirect Exchange 
2003 users to the Exchange 2003 server.

A couple of excerpts from an article I had published earlier this year:

Next, configure the Exchange 2003 OWA URL that Exchange 2010 will use to refer 
OWA clients whose mailboxes are hosted on the Exchange 2003 server, to that 
server. For this example, open an EMS session and enter:


Set-OWAVirtualDirectory Clark2008\OWA* `

-Exchange2003URL "https://legacy.clarksupport.com";

As mentioned earlier, Forms-Based Authentication (FBA) must be set on the 
Exchange 2003 server for OWA to allow for seamless transfers from the Exchange 
2010 server.

Using the Certificates MMC or the Exchange 2010 EMC, you should now export the 
SSL certificate that we created earlier in this article to a PFX file (ensuring 
that you export the private key!). Copy the PFX file to the Exchange 2003 
server and import the key there, also using the Certificates MMC.

Using the IIS Management Console, modify the properties of the Default Web Site 
to use the new SSL key. This will allow the "old" Exchange to accept both the 
legacy name (legacy.clarksupport.com<http://legacy.clarksupport.com>