Is integrated authentication checked on owa and exchange vdir?
From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Mahadevan Subramanian
Sent: Wednesday, July 22, 2009 11:40 PM
Subject: [ExchangeList] CAS to CAS proxying - HTTP 403 forbidden
We are in mid of transitioning from Exchange 2003 to Exchnage 2007. We have 7 sites in new environment and we have adopted Start topology (ie:One site as the central site) We are now facing issue with OWA access in particular site, where we have CAS,HUB & MBX installed on same server. The other sites have HUB & CAS on one server and MBX on other server.
The OWA URL is pointed to F5, which does the load balancing and routes the requests (Https://SeverFQDN/Exchange) to the CAS servers in the central site. From Central Site the CAS servers proxies the requests based on the user mailbox location (Either Exchange 2003 or Exchnage 2007). This works fine for all location and exchnage 2003 users as well. but we face issue in one site where we have all three roles installed in the same server.
The error is HTTP 403 Forbidden..
If i directly access the /Exchnage or /owa in the same server where all three roles are installed, we are able to acces the user mailbox which is located on the same server. But if i try logging in using a user account located in different site.. It does not allow.. It shows page can not be displayed. Simillarly from other CAS server in other sites, if i try to login with the user mailbox located in this problamatic site.. It gives HTTP 403 Forbidden error..
The OWA is only for internal purpose and hence we do not ahve any externalURL. The internalURLs are properly set.