During the co-existence phase of an Exchange 2007 to 2010 migration, when you have cut over your ISA Server publishing rules for Outlook Web App to point to the Exchange 2010 Client Access server, you may encounter the following error for some OWA users.
The mailbox you’re trying to access isn’t currently available. If the problem continues, contact your helpdesk.
Depending on your Exchange environment you may find that this is only occurring for some users and not all of them. In particular you may find that Exchange 2007 mailbox users in remote AD sites are receiving the error, but Exchange 2007 mailbox users in the internet-facing AD site are not.
This can occur because of how the Client Access servers handle OWA traffic differently, depending on which AD site the mailbox user is in.
For the internet-facing AD site the scenarios are simply as follows.
Exchange 2010 Mailbox user:
- Connects to published name for Outlook Web App
- The internet-facing Exchange 2010 CAS connects to the mailbox server in that site on behalf of the user
Exchange 2007 Mailbox user:
- Connects to the published name for Outlook Web App
- The internet-facing Exchange 2010 CAS redirects them to the legacy namespace, which is published to the internet-facing Exchange 2007 CAS
- The Exchange 2007 CAS connects to the mailbox server in that site on behalf of the user
For mailbox users in remote AD sites the situation is slightly different.
Exchange 2010 Mailbox user:
- Connects to published name for Outlook Web App
- The internet-facing CAS proxies the connection to an Exchange 2010 CAS in the remote AD site
- The Exchange 2010 CAS in the remote AD site connects to the mailbox server in that site on behalf of the user
Exchange 2007 Mailbox user:
- Connects to the published name for Outlook Web App
- The internet-facing CAS proxies the connection to an Exchange 2007 CAS in the remote AD site
- The Exchange 2007 CAS in the remote AD site connects to the mailbox server in that site on behalf of the user
For this to work correctly there are a few configuration requirements.
- The OWA virtual directories on the Client Access servers in the remote AD site must have Integrated Windows authentication enabled
- The OWA virtual directories on the Client Access servers in the remote AD site must not have an external URL configured (it should be blank)
- The internet-facing Exchange 2010 CAS needs a copy of the OWA resources files from any down-version Client Access servers it will be proxying to
Often people get the first two correct and leave out the third one. However without meeting that third requirement you will receive the error shown at the start of this article. On the internet-facing Exchange 2010 CAS you’ll also see an event ID 46 logged in the Application Event Log, with details similar to the following:
Log Name: Application
Source: MSExchange OWA
Date: 9/6/2011 11:42:35 PM
Event ID: 46
Task Category: Proxy
Level: Error
Keywords: Classic
User: N/A
Computer: HO-EX2010-CAHT1.exchangeserverpro.net
Description:
Client Access server “https://mail.exchangeserverpro.net/owa”, running Exchange version “14.1.323.3”, is proxying Outlook Web App traffic to Client Access server “br-ex2007-caht.exchangeserverpro.net”, which runs Exchange version “8.3.83.4”. To ensure reliable interoperability, the proxying Client Access server needs to be running a newer version of Exchange than the Client Access server it is proxying to. If the proxying Client Access server is running a newer version of Exchange than the Client Access server it is proxying to, the proxying Client Access server needs to have an Outlook Web App resource folder (for example, “<Exchange Server installation path>)\ClientAccess\owa\8.0.498.0” that contains all the same versioned resource files as the Client Access server it is proxying to. If you will be running Outlook Web App proxying with mismatched server versions, you can manually copy this resource folder to the proxying Client Access server. After you copy this resource folder to the proxying Client Access server, you need to restart IIS before proxying will work.
To resolve this issue you simply follow the instructions in the error. Copy the OWA resource files from a down-version Client Access server over to the Exchange 2010 CAS, and then restart IIS on the Exchange 2010 CAS.
You’ll find the folder name matching the server version (eg 8.3.83.4 above) in the location where Exchange is installed, for example C:\Program Files\Microsoft\Exchange Server\ClientAccess\OWA.
After copying the files run IISReset from a command prompt.
[PS] C:\Windows\system32>iisreset Attempting stop... Internet services successfully stopped Attempting start... Internet services successfully restarted
Outlook Web App should now work successfully for all users regardless of which site their mailbox is located.
Thank you so much! It fixed my issue.
single site scenario,
– have only 1 public ip and that ip is used by internet facing Exchange 2010 CAS.
– Exchange 2007 CAS + MBX also in this site.
– Legacy name space cannot implement because no extra public ip available.
1. should external URL of Exchange 2007 CAS left blank ?
2. will Exchange 2010 CAS, proxies the connection to an Exchange 2007 CAS in the same AD site ?
3. do i still need to copy owa resource file from 2007 to Exchange 2010 CAS ?
any work around, to implement legacy name space in this scenario ?
port mapping/forwarding ?
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
I haven’t done a 2007 -> 2010 migration in a long time. What I recommend is that you go to the Exchange Deployment Assistant (https://technet.microsoft.com/en-us/office/dn756393.aspx) enter in your scenario details and follow the guidance there for how the co-existence configuration needs to be set up.
Hi Paul, what if the internet facing CAS is older than the remote CAS?
They are both 2010, but the remote CAS – according to the folder name – seems to have newer OWA files… Do I have to do the copy from the older to the new one and restart the IIS on the Internet facing CAS?
Many Thank
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
The internet facing server needs to be at the same build or a higher build than the internal servers. You should update your internet facing server.
Totally right!
Internet facing CAS upgraded and issue solved. Thanks Paul!
– I set 2007 CAS external url to blank,
– set integrate windows authenticate,
– copy resource file from 2007 to 2010
what should be the
internal url of 2007 CAS ?
I set it to netbios FQDN of 2007 CAS, like “server07.internal.local” .
and 2010 CAS always redirect to this netbios name, ( not proxy )
i have no idea why 2010 CAS not proxy traffic in this case.
what should I check ?
Hi Paul,
Great, this worked for me!
Also I had to move the files for the ECP directory, so the /ecp ( controlpanel) als worked with the proxy redirection,
Thx!
Hi Paul,
I had the exact same issue where users with mailboxes on Exchange Server 2007 in remote AD sites were getting the error when trying to connect via OWA.
Your solution was right on target and helped resolve my migration problem during co-existence.
Thank you for your invaluable contribution to the Exchange Server community!!
Regards,
John
this is a great site, It helps me a lot.
Thanks a lot..
Hi. Paul, you’re the BEST.!!! your technique solved my problem. I was struggling to fix an OWA issue in one of the CAS Array member. (CAS 1) is 2010 SP1 RU1 and the other (CAS 2) server is Exchange 2010 SP1 RU,1,2 & 3.
Whenever I joined the (CAS 2) on NLB both of are not working with the “OWA-Service not available error” but removing CAS2 works perfectly..
I took that risk of overwriting the existing OWA files from CAS1 and make a config backup of CAS2 just incase it didn’t work.. but fortunately it is works fine..
Thanks a lot..