OWA issue with /exchange

[ShackDaddy]

Ok, here's the scenario:

1 CAS-only server - CASSVR
1 CAS/mbox server - MBOX
1 2003 Mailbox server - E2003

If I connect to CASSVR with the /EXCHANGE path, I can open up mailboxes that are on the E2003 server, but if I try and access a mailbox on the MBOX server, after I authenticate, I get an ACCESS DENIED page with some red bars across the page. If I then just tweak the path to go to /OWA and then refresh the page, it loads the mailbox just fine.

If I hit the CASSVR with /OWA and authenticate to a mailbox that's on E2003, I get an "Outlook Web Access could not find a mailbox for domain\user" error message. And again, if I simply change the path to /EXCHANGE and refresh, the proper mailbox will load.

So basically each path only opens its own kind of mailbox, and won't properly translate/proxy the other type. What does this boil down to? What should I be looking at to resolve this?

Dave Shackelford
Shackelford Consulting

 

[58sniper]

Are you testing this internally or externally? Internally, going to /owa should work for mailboxes on either.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[ShackDaddy]

Yes, it does work internally. But this client has 6 internal users and 380 external users....

Dave Shackelford
Shackelford Consulting

 

[58sniper]

There needs to be a path to the 2003 externally. If a user goes to the CAS box externally (/owa), and gets redirected to the the 2003 because that's where the mailbox is, the path to the 2003 must be available externally.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[ShackDaddy]

So what does that mean, exactly? If I already had an E2003 FE/BE arrangement, and /Exchange properly brings up E2003 mailboxes but /OWA doesn't, could I still be missing an external path? Where should I be verifying a path?

Dave Shackelford
Shackelford Consulting

 

[ShackDaddy]

Ok, this turned out to be due to a couple of things:

1. The CAS had been an EDGE role, and the EDGE role had been uninstalled before. For some reason, this led to the local firewall being put into an aberrant condition. I haven't bothered going through the rules yet to see what the problem is, but I had to turn off the CAS server local firewall completely to be able to properly manage it from the mailbox server. This step did not resolve the core problem, but it made things less messy.

2. Installing Rollup 4. Due to my repeated tear-out and replacement of IIS and the CAS role, I had neglected to keep bringing it back up to maximum patch. Once I loaded Rollup 4, the problem I described above went away. I was able to go to FQDN/exchange and access mailboxes on both the legacy and the new server.

Dave Shackelford
Shackelford Consulting

 

[Zelandakh]

Dave - because Edge is supposed to be a non domain member box and installs ADAM, you would probably have been better off reloading the box anyway.

When troubleshooting any potential issues like this that are entire stumbling blocks, I favour (with the english spelling) installing Windows service pack then application service pack then any post SP roll ups.

It is amazing how often that will fix most problems.