Exchange 2013 OWA Coexistence with Exchange 2010

Outlook Web App (OWA) has been a mandatory requirement for every organization. When Exchange 2013 is introduced in an existing environment, it needs to be configured for OWA co-existence with legacy Exchange servers like Exchange 2010 or Exchange 2007. OWA co-existence configuration will provide a single namespace for users accessing OWA, regardless of where their mailbox is located. This document is for the administrator to configure OWA co-existence using single name space for both Exchange 2013 and legacy Exchange servers (Exchange 2010 and Exchange 2007)

Preparing for Coexistence:

1. Exchange 2013 CAS and Mailbox role is installed on the internet facing the site with cumulative updates of 3 and more.
2. Exchange 2010 servers are updated with service pack 3 and latest rollups.
3. Create a new certificate using Exchange 2013 server and with SAN of existing OWA URL (e.g. Mail.domain.com), autodiscovery URL (e.g. Autodiscovery.domain.com) and legacy URL (eg. Legacy.domain.com) to point it to the legacy exchange server. Include additional URLs, if required.
4. Prepare to configure internet firewall to point all OWA (mail.domain.com) web Internet traffic to the load balancer, if you have multiple Exchange 2013 CAS servers, else you can directly point to Exchange 2013, if you have one Exchange server. This is important because Exchange 2013 CAS server has a point of contact for all OWA requests, from both internal and external.
5. Add legacy.domain.com DNS entry for both; internally and externally to point out to the legacy Exchange 2010 CAS servers and also open the internet firewall ports to point legacy.domain.com to exchange 2010 CAS servers.
6. If you have TMG/UAG server in the DMZ, create an additional OWA rule for legacy.domain.com to point to the Exchange 2010 server.

Configuring Exchange 2013 OWA Coexistence with Exchange 2010

1. Install and configure the certificate on all internet facing Exchange 2013 CAS servers.
2. Configure Exchange 2013 OWA virtual directory with external URL and Authentication settings. External URL has to be the one, which is in the SAN of the certificate and users use to connect from the Internet. Below settings with authentication configuration allows the users to connect, authenticate and access emails using Forms based authentication.
   Set-OwaVirtualDirectory -Identity "Exchange2013_CAS_Server_Name\OWA (Default Web Site)"     -InternalURLhttps://owa.domain.com/OWA-ExternalURL https://owa.domain.com/OWA -FormsAuthentication $True -BasicAuthentication $True
3. Exchange control panel (ECP) virtual directory needs to match the OWA virtual directory settings in Exchange 2013 servers.
   Set-ECPVirtualDirectory -Identity "Exchange2013_CAS_Server_Name\ECP (Default Web Site)"–InternalURLhttps://owa.domain.com/ECP -ExternalURLhttps://owa.domain.com/ECP -FormsAuthentication $True -BasicAuthentication $True
4. Configure Exchange 2010 external URL with https://legacy.company.com/owa and configure internal URL to $null. We also need to make sure that authentication is also configured and it has to be the same as the Exchange 2013 OWA virtual directory.  Below is the reference cmdlet to configure external URL and forms based authentication on OWA virtual directory.
   Set-OwaVirtualDirectory -Identity "Exchange2010_CAS_Server_Name\OWA (Default Web Site)" -ExternalURL https://legacy.domain.com/owa -FormsAuthentication $True -BasicAuthentication $True.
5. Similarly, Exchange 2010 Server ECP virtual directory needs to match its OWA virtual directory settings.
   Set-ECPVirtualDirectory -Identity "Exchange2010_CAS_Server_Name\ECP (Default Web Site)"           -InternalURLhttps://legacy.domain.com/ECP -ExternalURLhttps://legacy.domain.com/ECP                   -FormsAuthentication $True -BasicAuthentication $True
6. Change internal DNS for mail.domin.com, to point to the internal load balancer (which points to Exchange 2013 CAS) or Exchange 2013 CAS server directly.
7. Configure firewall to allow https://mail.domain.com/OWA traffic to point to Exchange 2013 server and also allow https://legacy.domain.com/OWA to point to Exchange 2010 servers or TMG
8. If you have TMG, make necessary changes on the TMG OWA rules to point https://mail.domin.com traffic to Exchange 2013 CAS server and https://legacy.domain.com traffic to point to the Exchange 2010 CAS servers

When users access https://mail.domain.com/ from the internet, it connects to Exchange 2013 CAS. These CAS servers determine the mailbox location and if the mailbox is in Exchange 2013 mailbox server, then it just proxies the request to the appropriate mailbox server. Similarly, when the mailbox is on Exchange 2010 then it performs a silent redirection to Exchange 2010 mailbox, as we have configured the same OWA Legacy URL configuration and virtual directory authentication on both Exchange server and legacy exchange server.

Hope you have got some good understanding on preparing and configuring Exchange 2013 and legacy exchange CAS servers for co-existence mode in singe AD site. This configuration will also work, if your legacy system is Exchange 2007.

__________________

If you got this far, you are probably an Exchange Administrator and need to try out Mailscape! 

Mailscape is a unique and innovative Exchange management tool that combines all the key elements for Exchange monitoring, administration, and reporting in a single solution.

Take Mailscape for a TEST DRIVE!