none
OWA Redirection Issue RRS feed

  • Question


  • A temporary change has occurred that requires you to connect to a different server. To connect, click the button below. For security reasons, you'll be asked to enter your user name and password again.

    We have 2 DB's in DAG all databases are fine , only issue when users working from home login to OWA it redirects to drmail and that happens where DR site is hosted, the secondary server.

    Please help , tried all done iis reset restarted services ,servers no luck , checked CAS file too.


    Sumanth.S Exchange Admin

    Saturday, September 20, 2014 3:57 PM

All replies

  • Hi ,

    Have you configured the owa url's on the dr server as same the url settings on the server in primary site.

     please check the virtual directories for the owa .

    Then you are saying issue is happening for external users.

    for external users most of the organisations will configure web based publishing rules for the exchange services in reverse proxy (TMG) .Check the owa rule and find out the whether it is routed to the cas server or the LB in primary site .

    Please reply me if you have any queries .

    Regards 

    S.Nithyanandham


    Thanks S.Nithyanandham


    Saturday, September 20, 2014 4:22 PM
  • Yes its same URL's on the dr server ,primary site. Routed through CAS only and not onfigured web based publishing rules for the exchange services in reverse proxy (TMG) as far as i know..

    Could it be due to logs sync issue because the primary database shows mounted but secondary DB shows failed and suspended as i have put it under seeding mode and its currently seeding..


    Sumanth.S Exchange Admin

    Sunday, September 21, 2014 4:33 PM
  • Hi ,

    Thanks for your reply .

    Please tell me and also don't mistake me,how you have find and said that the external owa access for the users are redirected to DR site.Because if you explain me and that would be easy for me to know the root cause for this issue.

    Reply me if you have any queries .

    Regards

    S.Nithyanandham


    Thanks S.Nithyanandham

    Sunday, September 21, 2014 6:39 PM
  • This is the error i get -- A temporary change has occurred that requires you to connect to a different server. To connect, click the button below. For security reasons, you'll be asked to enter your user name and password again. 


    After this it shows connect then after i click connect it shows drmail.contoso.com/owa


    Sumanth.S Exchange Admin

    Monday, September 22, 2014 12:25 AM
  • Hi ,

    Have you installed both cas and mailbox role together in pr and dr site ?

    If possible please share me the output for the below mentioned command ?

    get-owavirtualdirectory | fl name,server,*internal*,*External* 

    1.I hope you are experiencing this issue after failover the exchange databases from one node to another node. (i.e from production site to dr site)

    2.Please check all the databases has been mounted in the production site mailbox server.

    3.Same please go to iis and check is there any redirection for owa is configured additionally.

    4.may be this is not required ,please try to have a up to date replica on the dr site mailbox server.

    Hey ,you know we have also faced the same issue in exchange 2010 sp3 after site failback during mock DR drill.

    Please reply me if you have any queries and also check all the above .

    Regards

    S.Nithyanandham


    Thanks S.Nithyanandham

    Monday, September 22, 2014 5:55 AM
  • [PS] C:\Windows\system32>get-owavirtualdirectory | fl name,server,*internal*,*External*


    Name                                    : owa (Default Web Site)
    Server                                  : EXCH-BLR
    RemoteDocumentsInternalDomainSuffixList : {}
    InternalAuthenticationMethods           : {Basic, Fba, Ntlm, WindowsIntegrated}
    InternalUrl                             : https://mail.ansrsource.com/owa
    ExternalUrl                             : https://mail.ansrsource.com/owa
    ExternalAuthenticationMethods           : {Fba}


    Name                                    : owa (Default Web Site)
    Server                                  : CH-EXCH
    RemoteDocumentsInternalDomainSuffixList : {}
    InternalAuthenticationMethods           : {Basic, Fba, Ntlm, WindowsIntegrated}
    InternalUrl                             : https://ch-exch.ansr.com/owa
    ExternalUrl                             : https://drmail.ansrsource.com/owa
    ExternalAuthenticationMethods           : {Fba}

    Name                                    : owa (Exchange Back End)
    Server                                  : TEMP-EXCH13
    RemoteDocumentsInternalDomainSuffixList : {}
    InternalAuthenticationMethods           : {Ntlm, WindowsIntegrated}
    InternalUrl                             :
    ExternalUrl                             :
    ExternalAuthenticationMethods           : {Fba}

    Name                                    : owa (Default Web Site)
    Server                                  : TEMP-EXCH13
    RemoteDocumentsInternalDomainSuffixList : {}
    InternalAuthenticationMethods           : {Basic, Fba}
    InternalUrl                             : https://temp-exch13.ansr.com/owa
    ExternalUrl                             :
    ExternalAuthenticationMethods           : {Fba}

    1. Yes.

    2. Both are mounted, production servers are mounted and fine.

    3. please let me know where to check this as i aldready checked this and didnt fine,,are you talking in default thing the bindings?

    4.i feel it is up to date, but the thing is when i try to move mailbox from chennai exchange to bangalore exchange it stays queued only..


    Sumanth.S Exchange Admin


    • Edited by SumanthS Monday, September 22, 2014 6:50 AM edited
    Monday, September 22, 2014 6:48 AM
  • Hi Sumanth ,

    Please check the following settings .

    Name                                    : owa (Default Web Site)
    Server                                  : CH-EXCH
    RemoteDocumentsInternalDomainSuffixList : {}
    InternalAuthenticationMethods           : {Basic, Fba, Ntlm, WindowsIntegrated}
    InternalUrl                             : https://ch-exch.ansr.com/owa
    ExternalUrl                             : https://drmail.ansrsource.com/owa
    ExternalAuthenticationMethods           : {Fba}

    On the above please have look in to the external url it was set to https://drmail.ansrsource.com/owa instead of https://ch-exch.ansr.com/owa .

    Same time please share me the output for the below mentioned command .

    Get-exchangeserver | fl *name*,*server*,*site*

    Regarding mailbox move please check with following command to know the statistics .

    get-moverequest ---------->this command it to know how may move request has been completed and hom many of them is still pending .

    remove-moverequest ---------->this command is to remove the completed move request and also you can use this command to remove the mailbox move request if any mailbox move is under problem .

    get-moverequeststatistics -identity "give the identity here" -includereport | fl 

    Above is the command which will tell you why the mailbox is not moved and which will also help us to know the reason for not moving .

    Please reply me if you have any queries .Don't forget to share the output for the below mentioned command 

    Get-exchangeserver | fl *name*,*server*,*site*,*version*

    Regards

    S.Nithyanandham 


    Thanks S.Nithyanandham

    Monday, September 22, 2014 7:25 AM
  • No IF i Give both same URL it will work only onternally domian end and not external or on WIFI..

    [PS] C:\Windows\system32>Get-exchangeserver | fl *name*,*server*,*site*


    PSComputerName           : exch-blr.ansr.com
    Name                     : EXCH-BLR
    DistinguishedName        : CN=EXCH-BLR,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative
                               Groups,CN=ANSR,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ANSR,DC=com
    ExchangeLegacyServerRole : 0
    IsHubTransportServer     : True
    IsClientAccessServer     : True
    IsEdgeServer             : False
    IsMailboxServer          : True
    IsProvisionedServer      : False
    IsUnifiedMessagingServer : False
    ServerRole               : Mailbox, ClientAccess, HubTransport
    OriginatingServer        : ANSR-BLR-DC.ANSR.com
    Site                     : ANSR.com/Configuration/Sites/Default-First-Site-Name

    PSComputerName           : exch-blr.ansr.com
    Name                     : CH-EXCH
    DistinguishedName        : CN=CH-EXCH,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative G
                               roups,CN=ANSR,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ANSR,DC=com
    ExchangeLegacyServerRole : 0
    IsHubTransportServer     : True
    IsClientAccessServer     : True
    IsEdgeServer             : False
    IsMailboxServer          : True
    IsProvisionedServer      : False
    IsUnifiedMessagingServer : False
    ServerRole               : Mailbox, ClientAccess, HubTransport
    OriginatingServer        : ANSR-BLR-DC.ANSR.com
    Site                     : ANSR.com/Configuration/Sites/CHN-DR

    PSComputerName           : exch-blr.ansr.com
    Name                     : MS-EDGE
    DistinguishedName        : CN=MS-EDGE,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative G
                               roups,CN=ANSR,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=ANSR,DC=com
    ExchangeLegacyServerRole : 0
    IsHubTransportServer     : False
    IsClientAccessServer     : False
    IsEdgeServer             : True
    IsMailboxServer          : False
    IsProvisionedServer      : False
    IsUnifiedMessagingServer : False
    ServerRole               : Edge
    OriginatingServer        : ANSR-BLR-DC.ANSR.com
    Site                     : ANSR.com/Configuration/Sites/CHN-DR


    Sumanth.S Exchange Admin

    Monday, September 22, 2014 12:03 PM
  • Hi ,

    From your additional info i came to know the below mentioned things .

    1.you are having server EXCH-BLR in the Default-First-Site-Name with the roles Mailbox, ClientAccess, HubTransport 

    2.Then you are having the server CH-EXCH in the site CHN-DR with the roles Mailbox, ClientAccess, HubTransport

    3.Then you are having one edge server in the site CHN-DR.

    Let me tell you my findings ,

    You are trying to use two namespaces for owa external access .

      1.) https://mail.ansrsource.com/owa
     2.)  https://drmail.ansrsource.com/owa

    On the above two you can use only the first url for external owa access .why i am saying is when i try to resolve the mail.ansrsource.com from external dns it is getting resolved in to two ip address .Because you have created two host A recorsd for that namespace and at the same time port no 443 is opened for both the ip address .

    one more thing you need to ensure on your side like the namespace mail.ansrsource.com should have to be present on the san certificate.

    Most importantly you should have to check with the security team or network team to know whether they are routing the external owa users queries for the name space mail.ansrsource.com to the appropriate cas server which you would like whether it would be the server EXCH-BLR  or CH-EXCH. 

    Then  don,t forget to set the URL "https://mail.ansrsource.com/owa" as the external url on the server which is choosed by you .

    Let me tell you why you cannot use the namespace https://drmail.ansrsource.com/owa .For that you have created one host a record in external dns and at the same time port 443 is not opened for the public ip address mapped on the host A record. Owa will be access will happen only on port no 443 (both internally and externally)

    In case if you wanted to use the the namespace drmail.ansrsource.com you should have to open the port no 443 in your firewall and also the external owa users queries coming from that namespace should have to be routed to the appropriate cas server which ever you would like whether it would be EXCH-BLR  or CH-EXCH.

    Then  don,t forget to set the URL "https://drmail.ansrsource.com/owa" as the external url on the server which is choosed by you .

    one more thing i need to include on this ,If you have planned to use the namespace drmail.ansrsource.com and that should have to be present on the san certificate .

    You can use mxtoolbox and ping.eu to check the port details and also about dns name resolution .

    Please reply me if you have any queries.

    Regards

    S.Nithyanandham



    Thanks S.Nithyanandham

    Monday, September 22, 2014 1:33 PM