We have installed Exchange 2007 (CAS, MB, HT al in one server) in an existing Exchange 2003 organisation (single Exchange 2003 server).
i have only only few mail boxes to ex 2007 for time being, and we will run coexitance for some time. now both mail flows are working fine
When I use OWA to access to mailboxes on Exchange 2003 or Exchange 2007 from the internal network both works fine. but do not function when using OWA from the internet for exchange 2007 users.
ex-2003 internet owa : http://mail.abc.com/exchange it is working but for the ex 2007 users https//mail.abc.com/owa not work. can use the same IP for the EX-2007 owa. and what i need to change in ISA (Edge firewall). there is already one policy for Ex-2003 owa.
our network as below. internet > dsl router > isa 2004> local network> AD, Ex2003, Ex2007, etc..
i google about this problem, but found so many articles mimicking the same Microsoft article, which i could not understand to my simple scenario.
The company not willing to invest any more in even in the costly certificate or to have nother CAS server. since most of the suggestions i found in the web to go for CAS server.
I just want to use the both owa, i mean same old version for ex-2003 users and for new version for ex-2007 users.
Can any one help me only suggesting solution to my work scenario.
thanks
< Message edited by deemas -- 23.Dec.2008 7:11:55 AM >
As mentioned in the help files, e2k3 owa does not support e2k7 mailboxes. What you need to do is rewrite the DNS records so that your mail.abc.com/exchange is sent to the e2k7 CAS.
FYI, /owa will work only for e2k7 mailboxes, /exchange will work for both e2k3 and e2k7 mailboxes. Just point EVERYONE at the CAS on /exchange, and your system will work as expected.
Make sure that your public facing cert is correct, as are your autodiscover, your Availability Service, your EAS URLs, and your EWS URLs.
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Unless you have a separate CAS server, you will not be able to have a single URL for both Exchange 2003 and Exchange 2007. When CAS co-exists with the mailbox role it will not proxy the traffic to the other server.
Now, my question is without placing a new CAS Server, Can i access the /owa and /exchange for both users.
i mean i don't need to access both user type (ex-2003 mail box and Ex-2007 mailbox) by one url. it can be two different urls (no problem on this). Exch2003 users: http://mail.abc.com/exchange Exch2007 users: https://mail.abc.com/owa this is what i want, how can I archive this? any steps would be very helpful.
< Message edited by deemas -- 23.Dec.2008 3:18:29 AM >
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
If you install a standalone CAS, then just tell everyone to use /exchange until the migration is complete. Exchange will sort out where they need to go automatically.
But my problem is, due to budget there is no way to have another CAS server.
I was trying to create a rule in ISA to allow the 2007 owa with https as some one suggested, but i could not make then rule since it was asking me to install the certificate in isa where my ssl certificate is exchange 2007 default certificate. i don't know how to install this certificate in ISA 2004 .
we have to get work on with the current setup. without spending anything on hardware or software. our resources are very limited. please guide me.
< Message edited by deemas -- 23.Dec.2008 7:21:49 AM >
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
Without a third server you cannot have a co-existence scenario. OWA will have to be either one or the other.
ISA cannot support both servers because of the way that the redirection takes place. ISA is not a frontend/CAS server, it is a publishing device. It can cope with the redirection from /exchange to /owa but it cannot cope with the change of server, because Exchange will redirect you to the Exchange server's REAL name, not its external name.
Depending on how long the co-existence will be for, you could use demo versions of both Windows and Exchange 2007 in a virtual machine. However that will put you on a deadline of 60 days if I recall correctly.
Otherwise you will have to bite the bullet and go without a co-existence scenario. There are technical limitations in the products which cannot be avoided.
Thanks sembee again for your precious comments and knowledge, which you share with novice like me.
In this case i will not go for Virtual Machine, since it will also again make another problem, where i will install VM. because as i told you i am tighten by resources.
Any how i thing for me only option is to completely move the mailboxes to Exchange 2007. and run the owa from there.
But in this case, Will the owa will work perfectly while the exchange server holding roles of MB, CAS and HT in one server.
if so about the SSL, since i have default one only how can i install this one in ISA, since i have to publish there.
"The only way that OWA would work is to have two IP addresses, two SSL certificates and two unique URLs. The users would need to know which server their mailbox is located on and enter the relevant URL. It would not be transparent to the users"
how about for my scenario if we implement as you say above. But only different will be our exchange 2003 users will be http without ssl. and the exchange 2007 users will https with self signed certificate (default certificate).
i can have two different ip address, and two different urls as follow
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
The self generated certificate is not designed for production use. You should be replacing it with a commercial certificate. Furthermore it isn't supported at all for use with Outlook Anywhere or Exchange ActiveSync. Only commercial certificates are supported for that use.
Can't really answer questions on ISA as I don't have much to do with it. Take a look on isaserver.org for assistance with ISA.
sure as you said we will go to commercial SSL soon. atleast for two months i have to run with this, it is very urgent.
for time being i need only OWA to work not Outlook Anywhere or Exchange ActiveSync.
i was asking about your comment on other post, for time being can implement as follow. (i mean two different url and two different IP) exch2003 : http://mail.mydomainname.com/exchange (IP1)
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
You obviously don't care about security, I hope you are not in an industry where security is an issue. Running OWA without SSL or with a home grown SSL certificate simply exposes the server to all sorts of attacks and also puts your users at risk. I also believe that using a self generated untrusted certificate actually reduces the security not only of your users of your network, but your users in general. Users have a habit of only half listening to what people say and will get used to ignoring the security prompt. When they see it on their banking site, they will also ignore it because the IT guy at work told them so.
An SSL certificate for Exchange costs the same as two CALs for Exchange 2007.
As for your question - in theory it should work. Whether ISA can cope with that I wouldn't know. It isn't something I have done before.
Sorry again, I am not in that way as you suggested. I ma much considering the security in our environment. But the problem is, i don't have any budget for this year, hopefully i will a get a budget approved within start of next year. then i will sure go for an commercial ssl.
More over in my exch2007 box only i have few IT users and test users. my intension here is to first test the scenario, whether it is working perfectly and to go head for SSL and even we will go for edge server.
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
If you have no budget for the SSL certificate, then don't deploy the product that requires it. As far as I am concerned a commercial SSL certificate is not an optional item.
Edge is a waste of time and money in my opinion. I can achieve almost everything that Edge does using third party products which cost less than another Exchange server license. The only thing that Edge brings to the party is aggregated safe lists, which I don't see as a big enough incentive to spend the money on that additional license.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> OWA in Coexitance with Exchange 2003 and Exchange 2007 
OWA in Coexitance with Exchange 2003 and Exchange 2007 - 
RE: OWA in Coexitance with Exchange 2003 and Exchange 2007 - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
