Installing your first Exchange 2010 CAS or the truth about Exchange2003Url

21Jan/1010

Installing your first Exchange 2010 CAS or the truth about Exchange2003Url – Part 1

The Exchange2003Url is a new parameter in the Set-OwaVirtualDirectory cmdlet on Exchange 2010. Although Microsoft documentation clearly states that "The Exchange2003Url parameter specifies the Outlook Web App URL for Exchange 2003 mailboxes." It is all over the net that this parameter is also used to redirect requests to Exchange 2007 mailboxes!

I have no idea where this idea is coming from but I can assure you that is not the case.

Upgrading from Exchange 2003 to Exchange 2010

If you are upgrading from exchange 2003 you should know that an Exchange 2010 CAS cannot communicate directly with an Exchange 2003 mailbox. Thus you will need to publish at least 2 URLs one for your Exchange 2010 CAS and one for you Exchange 2003 Back End server or Front End server.

We will assume that https://owa.yourdomain.com/owa will point you to your exchange 2010 CAS server and https://ex2k3.yourdomain.com/exchange will give you access to your exchange 2003 back end or front end server.

By running, on your Exchange 2010 server,

Get-OwaVirtualDirectory -server Exchange2k10 | Set-OwaVirtualDirectory -ExternalName https://owa.yourdomain.com/owa -Exchange2003Url https://ex2k3.yourdomain.com/exchange

you are instructing your exchange server to redirect all request from users with mailboxes on Exchange 2003 to https://ex2k3.yourdomain.com/exchange

By default this is a silent redirection and it will work seamlessly to the client if you have Form Based Authentication enabled on your Exchange 2003 back end/front end server.

Unfortunately if form based authentication is not enabled the user will be prompt again for credential and after it will fail with 500 Internal error at https://ex2k3.domain.com/exchweb/bin/owaauth.dll.

However many of us who are using ISA/TMG for publishing don't want to enable form based authentication at the server level.

As a workaround for this issue you can disable the silent redirection by issuing to following on your Exchange 2010

Get-OwaVirtualDirectory -server Exchange2k10 | set-OwaVirtualDirectory -LegacyRedirectType manual

This will now offer the user a page with the corresponding legacy URL, although users will have to authenticate again, they will face no error after doing so.

Part 1: Installing your first Exchange 2010 CAS in an Exchange 2003 organization
Part 2: Installing your first Exchange 2010 CAS in an Exchange 2007 organization
Part 3: Installing your first Exchange 2010 CAS in a mixed Exchange 2003/2010 organization

Enjoyed the post, what is next?

Grab our FULL RSS feed! or Email Updates then share it

About Antoine Khater

I have been working in IT consultancy and solution integration since 1998 and I consider myself lucky to be, one in a few, making a living out of my passion. I am also member of the famous Experts Exchange (profile here) online community where I try my best to share what I have learned along the road.

Tagged as: exchange 2003, exchange 2010, Exchange Server, power shell, tutorials Leave a comment

Brian

What about Active Sync?

Can you set the path Exchange 2010 uses to Proxy Active Sync requests?
Antoine Khater

Hi Brian, in short exchange 2010 will proxy ActiveSync requests to the 2003 mailbox server as long as Integrated authentication is enabled the ActiveSync virtual directory in Exchange 2003.
Brian

My issue is with a non intentet addressable domain e.g. mycompany.internal and the 2003 exchange server is in that domain (exch03.mycompany.internal), but the email addresses are internet addressable (itmanager@mycompany.com).

Exchange 2010 authenticates the user, determines the mailbox version is Exchange 2003 by performing a service discovery lookup in Active Directory, and retrieves the Exchange 2003 mailbox server FQDN of exch03.mycompany.internal. Then attempts to proxy the connection to the Exchange 2003 mailbox server's Microsoft-Server-ActiveSync virtual directory. Somthing like this (frm the Exchange 2010 IIS log):

POST /Microsoft-Server-ActiveSync/default.eas User=itmanager&DeviceId=foo&DeviceType=PocketPC&Cmd=FolderSync&Log=PrxTo:exch03.mycompany.internal_LdapC2_ 443 contosouser5 10.20.100.117 MSFT-PPC/5.1.2301 200 0 0 189

Exchange 2003 activesync will not accept connections that are not addressed to the suffix domain of the users email address in this case mycompany.com. If we can direct Exchange 2010 to proxy to exchange 2003 using the internet addressable FQDN oldmail.company.com or similar that would work.

Thoughts?
Bryan

Ok so this is for 2003 what about a mixed 2003/2007 environment? I currently have 2007 CAS and using ISA to publish. Any users with mailboxes in 2003 get to OWA with out an issue. How is this handled now with the introduction of 2010? This is where i believe alot of people are becomming confused. So many people talk about 2003 or 2007 integration but very few speak of both. In any case will publishing legacy.domain.com and pointing that to my 2007 CAS take care of the users in 2003? Thanks
Antoine Khater

Hi Brian, your answer is on part 3 of this tutorial
http://www.zerohoursleep.com/2010/03/installing-y...
Antoine Khater

Hi Brian, this is actually the subject of part 3 of this tutorial you will have the answer in a few hours thanks
Antoine Khater

I know this Anand this is why i wrote
"However many of us who are using ISA/TMG for publishing don't want to enable form based authentication at the server level."
Anand_N

If you disable fba on isa, then clients will auth directly on exchange so lesser security. ISA publishes owa so that clients will login on isa and not exchange i beleive.
Antoine Khater

The only way I got it working was to disable FBA from ISA and enable it on Exchange.
The alternative was to set LegacyRedirectType to manual
Anand_N

I agree with your article. Another thing is if u have ISA, you can enable FBA on exchange 2003, it works, but refresh after owa time out and u get a never ending loop.

blog comments powered by Disqus

« 26 things I shouldn’t forget about Exchange 2010 DAG, nor should you! 5 things to consider when changing the IP of an Exchange server »

Latest Tweets

Upgrading from exchange 2k to 2k7 feeling at least 3 years younger :)September 6, 2010 11:26
Exchange Outlook Web App and OCS 2007 R2 integration http://bit.ly/dbS0V4September 5, 2010 10:05
Updated : Do NOT install Exchange 2010 SP1 on your Edge/TMG server http://bit.ly/b4n8AUSeptember 2, 2010 11:10
@camassey have a great vacationAugust 28, 2010 7:46
Updating a 3 nodes DAG to sp1 hope it wont take too longAugust 26, 2010 6:35

Follow @ZeroHourSleep (66 followers)