Back to Blog

Exchange 2013 OWA Coexistence with Exchange 2010

Image of ENow Software
ENow Software
Exchange Coexistence

Outlook Web App (OWA) has been a mandatory requirement for every organization. When Exchange 2013 is introduced in an existing environment, it needs to be configured for OWA co-existence with legacy Exchange servers like Exchange 2010 or Exchange 2007. OWA co-existence configuration will provide a single namespace for users accessing OWA, regardless of where their mailbox is located. This document is for the administrator to configure OWA co-existence using single name space for both Exchange 2013 and legacy Exchange servers (Exchange 2010 and Exchange 2007)

Preparing for Coexistence:

  1. Exchange 2013 CAS and Mailbox role is installed on the internet facing the site with cumulative updates of 3 and more.
  2. Exchange 2010 servers are updated with service pack 3 and latest rollups.
  3. Create a new certificate using Exchange 2013 server and with SAN of existing OWA URL (e.g., autodiscovery URL (e.g. and legacy URL (eg. to point it to the legacy exchange server. Include additional URLs, if required.
  4. Prepare to configure internet firewall to point all OWA ( web Internet traffic to the load balancer, if you have multiple Exchange 2013 CAS servers, else you can directly point to Exchange 2013, if you have one Exchange server. This is important because Exchange 2013 CAS server has a point of contact for all OWA requests, from both internal and external.
  5. Add DNS entry for both; internally and externally to point out to the legacy Exchange 2010 CAS servers and also open the internet firewall ports to point to exchange 2010 CAS servers.
  6. If you have TMG/UAG server in the DMZ, create an additional OWA rule for to point to the Exchange 2010 server.

Configuring Exchange 2013 OWA Coexistence with Exchange 2010

    1. Install and configure the certificate on all internet facing Exchange 2013 CAS servers.
    2. Configure Exchange 2013 OWA virtual directory with external URL and Authentication settings. External URL has to be the one, which is in the SAN of the certificate and users use to connect from the Internet. Below settings with authentication configuration allows the users to connect, authenticate and access emails using Forms based authentication.
      Set-OwaVirtualDirectory -Identity "Exchange2013_CAS_Server_Name\OWA (Default Web Site)"     -InternalURL -FormsAuthentication $True -BasicAuthentication $True
    3. Exchange control panel (ECP) virtual directory needs to match the OWA virtual directory settings in Exchange 2013 servers.
      Set-ECPVirtualDirectory -Identity "Exchange2013_CAS_Server_Name\ECP (Default Web Site)"–InternalURL -ExternalURL -FormsAuthentication $True -BasicAuthentication $True
    4. Configure Exchange 2010 external URL with and configure internal URL to $null. We also need to make sure that authentication is also configured and it has to be the same as the Exchange 2013 OWA virtual directory.  Below is the reference cmdlet to configure external URL and forms based authentication on OWA virtual directory.
      Set-OwaVirtualDirectory -Identity "Exchange2010_CAS_Server_Name\OWA (Default Web Site)" -ExternalURL -FormsAuthentication $True -BasicAuthentication $True.
    5. Similarly, Exchange 2010 Server ECP virtual directory needs to match its OWA virtual directory settings.
      Set-ECPVirtualDirectory -Identity "Exchange2010_CAS_Server_Name\ECP (Default Web Site)"           -InternalURL -ExternalURL                   -FormsAuthentication $True -BasicAuthentication $True
    6. Change internal DNS for, to point to the internal load balancer (which points to Exchange 2013 CAS) or Exchange 2013 CAS server directly.
    7. Configure firewall to allow traffic to point to Exchange 2013 server and also allow to point to Exchange 2010 servers or TMG
    8. If you have TMG, make necessary changes on the TMG OWA rules to point traffic to Exchange 2013 CAS server and traffic to point to the Exchange 2010 CAS servers

When users access from the internet, it connects to Exchange 2013 CAS. These CAS servers determine the mailbox location and if the mailbox is in Exchange 2013 mailbox server, then it just proxies the request to the appropriate mailbox server. Similarly, when the mailbox is on Exchange 2010 then it performs a silent redirection to Exchange 2010 mailbox, as we have configured the same OWA Legacy URL configuration and virtual directory authentication on both Exchange server and legacy exchange server.

Hope you have got some good understanding on preparing and configuring Exchange 2013 and legacy exchange CAS servers for co-existence mode in singe AD site. This configuration will also work, if your legacy system is Exchange 2007.


If you got this far, you are probably an Exchange Administrator and need to try out Mailscape

Mailscape is a unique and innovative Exchange management tool that combines all the key elements for Exchange monitoring, administration, and reporting in a single solution.

Take Mailscape for a TEST DRIVE!

Exchange migration flowchart

Running Exchange 2010? Start Planning Your Exchange 2016 Migration Now

Image of Steve Goodman
Steve Goodman

Exchange Server 2016 has arrived and has been lauded as one of the most reliable releases of...

Read more
Microsoft Exchange Security Updates banner image

January 2023 Exchange Security Updates

Image of Jaap Wesselius
Jaap Wesselius

On January 10, 2023, Microsoft released new Security Updates for Exchange 2013 CU23, Exchange 2016...

Read more