Exchange 2010 SP1 new OWA Coexistence behavior

  • Thread starter Luis G. Molina
  • Start date Views 2,129
L

Luis G. Molina

I applied SP1 this weekend and after some testing noticed that our 2007 homed users see a new screen after the initial logon. There is an Outlook Web App dialog page which states:

" A temporary change has occurred that requires you to connect to a different server. To connect, click the button below. For security reasons, you'll be asked to enter your user name and password again."

Once the user clicks " connect" they are sent back to the logon page and are then sent to the legacy OWA 2007 experience. Our pre-SP1 systems just pass the user straight through to their legacy OWA experience.

Is there a way to disable this notification? I can see this causing lots of confusion, we still have about 12k users on 2007.
 
T

Tom Vanopoulos

Is the Exchange 2007 and 2010 servers in the same AD site? What type of authentication is configured on the 2007 CAS?

When accessing Outlook Web APP from the 2010 server, after the user authenticates and it is a legacy mailbox that resides on 2007 the login should be seamless and redirects you to the 2007 OWA without any additional prompts.

You can take a look at the following article and look at the OWA coexistence

http://technet.microsoft.com/en-us/library/dd638158.aspx

MCITP: Enterprise Messaging Administrator 2007/2010 | MCITP: Server Administrator | MCTS: Windows Server 2008 Applications Infrastructure, Configuring | MCP | MCDST
 
X

Xiu Zhang

Hi,

Please let us know if those Exchange 2007 CAS servers and Exchange 2010 CAS servers in the same AD site.

Please check if you have externalurl or internalurl set on your Exchange 2010 CAS server.

Also please check if you have form-based authentication enabled on Exchange 2007 CAS server. If yes, this will result in a single sign-on redirection.

Understanding Proxying and Redirection

http://technet.microsoft.com/en-us/library/bb310763.aspx

Besides, I'd like to know if the issue would occur again at the next logon.

Regards,

Xiu
 
B

Brian Day MCITP

This sounds like a known issue being worked on. Are you using TMG by any chance?Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
My posts are provided "AS IS" with no guarantees, no warranties, and they confer no rights.
 
L

Luis G. Molina

Yes all Exchange servers 2007 + 2010 are in the same site. The internal and external urls are configured on the 2010 and 2007 legacy CAS. The issue does occur at every logon, not just the first.
 
L

Luis G. Molina

We are not using TMG yet. We are running ISA though. I am getting this issue even when I bypass the ISA servers though.
 
B

Brian Day MCITP

Ok, was just checking. I believe this is a known issue. You may want to call into support so they can verify.Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
My posts are provided "AS IS" with no guarantees, no warranties, and they confer no rights.
 
L

Luis G. Molina

Michel,
Thank you for the link! This is definitely what I am seeing. I'll give MS a call and see if I can get a hotfix for this.
Thanks
 
L

Luis G. Molina

I was told by a support engineer that this is a known issue now. If you are running ISA/TMG then you will experience this issue since Forms Based Auth is disabled on the CAS servers in this scenario. There is a " bug" in SP1 which causes this new behavior. The quick fix is to take ISA/TMG out of the mix and re-enable FBA on the CAS servers. Or wait for rollup 1.
 
W

Ward1982

I installed Rollup 1 for Exchang 2010 SP1. I have still this issue. But the KB article does not mention this issue being fixed.

Exchange 2007 SP3 with Exchange 2010 SP1 with TMG. Is there any related fix in TMG SP1?
 

Top