Hello!

I'm trying to get Exchange 2010 and Exchange 2013 coexistence to work. I've struggle some time with this i finally manage to get EX2010 to work with EX2013 but not the other way around.

When I login through the OWA on EX2013 (https://webmail.domain.com) with a mailbox residing on EX2010 i'm able to "open a another mailbox..." residing in EX2013. I've had to follow this blog to make this work: http://www.techtalklive.org/ttlblog/Pages/Exchange-2010-2013-Coexistence.aspx

Even in Outlook 2010/2013 this works, the EX2013 mailbox is auto mapped and we are able to manage every single object.
The strange thing is it won't work the other way around. A EX2013 mailbox is unable to open a EX2010 mailbox, problem occurs in both OWA and in Outlook 2010/2013 so i'm guessing its a more central issue.

The error message in OWA when trying to open a EX2010 mailbox from EX2013 mailbox:
"The custom error module does not recognize this error."
The URL becomes: https://webmail.domain.com/owa/Test.Mailbox1@domain.com/?offline=disabled

The error message in Outlook when trying to open a EX2010 mailbox from EX2013 mailbox:
"Cannot display the folder. Microsoft Outlook cannot access the specified folder location. The operation failed. An object cannot be found."

Since we can open a EX2013 mailbox from EX2010 you can remove all thoughts that we are not proxying using EX2013's namespace. We are publishing EX2013 through a Kemp loadbalancer and EX2010 through TMG.
A EX2010 mailbox can't open a EX2010 mailbox when we are proxying through EX2013, if we go straight to the EX2010 CAS via TMG it's fully functionally.

Settings:
EX2010: 1CAS, 2MBOX (TMG for publishing webaccess)
EX2013: 2servers using both CAS and MBOX roles (Kemp for publishing)

Get-OWAVirtualDirectory

LogonFormat                  : FullDomain
ClientAuthCleanupLevel       : High
OwaVersion                   : Exchange2010
ServerName                   : EX-CAS1
LegacyRedirectType           : Silent
CrossSiteRedirectType        : Manual
Name                         : owa (Default Web Site)
InternalAuthenticationMethods: {Basic, Ntlm, WindowsIntegrated}
MetabasePath                 : IIS://EX-CAS1.domain.net/W3S
BasicAuthentication          : True
WindowsAuthentication        : True
DigestAuthentication         : False
FormsAuthentication          : False
LiveIdAuthentication         : False
DefaultDomain                : domain.net
WebSite                      : Default Web Site
DisplayName                  : owa
Server                       : EX-CAS1
InternalUrl                  : https://webmail.domain.com/owa
ExternalUrl                  : https://webmail.domain.com/owa
ExternalAuthenticationMethods: {Fba}

LogonFormat                  : UserName
OwaVersion                   : Exchange2013
ServerName                   : SER-EXCHANGE01
Name                         : owa (Default Web Site)
InternalAuthenticationMethods: {Basic, Fba}
MetabasePath                 : IIS://SER-EXCHANGE01.domain.net/W3SVC/1/ROOT/owa
BasicAuthentication          : True
WindowsAuthentication        : False
DigestAuthentication         : False
FormsAuthentication          : True
LiveIdAuthentication         : False
AdfsAuthentication           : False
OAuthAuthentication          : False
DefaultDomain                : domain.net
WebSite                      : Default Web Site
DisplayName                  : owa
Server                       : SER-EXCHANGE01
InternalUrl                  : https://webmail.domain.com/owa
ExternalUrl                  : https://webmail.domain.com/owa
ExternalAuthenticationMethods: {Fba}

LogonFormat                  : UserName
OwaVersion                   : Exchange2013
ServerName                   : SER-EXCHANGE02
Name                         : owa (Default Web Site)
InternalAuthenticationMethods: {Basic, Fba}
MetabasePath                 : IIS://SER-EXCHANGE02.domain.net/W3SVC/1/ROOT/owa
BasicAuthentication          : True
WindowsAuthentication        : False
DigestAuthentication         : False
FormsAuthentication          : True
LiveIdAuthentication         : False
AdfsAuthentication           : False
OAuthAuthentication          : False
DefaultDomain                : domain.net
WebSite                      : Default Web Site
DisplayName                  : owa
Server                       : SER-EXCHANGE02
InternalUrl                  : https://webmail.domain.com/owa
ExternalUrl                  : https://webmail.domain.com/owa
ExternalAuthenticationMethods: {Fba}

Get-ClientAccessServer

Name                                 : EX-CAS1
Fqdn                                 : EX-CAS1.domain.net
ClientAccessArray                    :
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : EX-CAS1
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {SITE-A}
AlternateServiceAccountConfiguration :
IsOutOfService                       : False
Identity                             : EX-CAS1
IsValid                              : True
ObjectCategory                       : domain.net/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
Id                                   : EX-CAS1
OriginatingServer                    : AD4.domain.net
ObjectState                          : Unchanged

Name                                 : SER-EXCHANGE01
Fqdn                                 : SER-EXCHANGE01.domain.net
ClientAccessArray                    :
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : SER-EXCHANGE01
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {SITE-A}
AlternateServiceAccountConfiguration :
IsOutOfService                       : False
Identity                             : SER-EXCHANGE01
IsValid                              : True
ObjectCategory                       : domain.net/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
Id                                   : SER-EXCHANGE01
OriginatingServer                    : AD4.domain.net

Name                                 : SER-EXCHANGE02
Fqdn                                 : SER-EXCHANGE02.domain.net
ClientAccessArray                    :
OutlookAnywhereEnabled               : True
AutoDiscoverServiceCN                : SER-EXCHANGE02
AutoDiscoverServiceClassName         : ms-Exchange-AutoDiscover-Service
AutoDiscoverServiceInternalUri       : https://autodiscover.domain.com/Autodiscover/Autodiscover.xml
AutoDiscoverServiceGuid              : 77378f46-2c66-4aa9-a6a6-3e7a48b19596
AutoDiscoverSiteScope                : {SITE-A}
AlternateServiceAccountConfiguration :
IsOutOfService                       : False
Identity                             : SER-EXCHANGE02
IsValid                              : True
ObjectCategory                       : domain.net/Configuration/Schema/ms-Exch-Exchange-Server
ObjectClass                          : {top, server, msExchExchangeServer}
Id                                   : SER-EXCHANGE02
OriginatingServer                    : AD4.domain.net

Get-OutlookAnywhere

ServerName                         : EX-CAS1
SSLOffloading                      : True
ExternalHostname                   : webmail.domain.com
InternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://EX-CAS1.domain.net/W3SVC/1/ROOT/Rpc
Path                               : C:\Windows\System32\RpcProxy
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 14.3 (Build 123.4)
Server                             : EX-CAS1
AdminDisplayName                   :
ExchangeVersion                    : 0.10 (14.0.100.0)
Name                               : Rpc (Default Web Site)
Identity                           : EX-CAS1\Rpc (Default Web Site)
Guid                               : 133923b3-b116-4faa-923f-ef63c202fa05
ObjectCategory                     : domain.net/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
Id                                 : EX-CAS1\Rpc (Default Web Site)
OriginatingServer                  : AD4.domain.net
IsValid                            : True
ObjectState                        : Changed

RunspaceId                         : 606c1631-b2c2-45b8-93d8-1a3dd596ee82
ServerName                         : SER-EXCHANGE01
SSLOffloading                      : True
ExternalHostname                   : webmail.domain.com
InternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://SER-EXCHANGE01.domain.net/W3SVC/1/ROOT/Rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 1076.9)
Server                             : SER-EXCHANGE01
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
Identity                           : SER-EXCHANGE01\Rpc (Default Web Site)
Guid                               : 82a17d36-0201-4607-8a0e-6c4c04b37535
ObjectCategory                     : domain.net/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
Id                                 : SER-EXCHANGE01\Rpc (Default Web Site)
OriginatingServer                  : AD4.domain.net
IsValid                            : True
ObjectState                        : Changed

RunspaceId                         : 606c1631-b2c2-45b8-93d8-1a3dd596ee82
ServerName                         : SER-EXCHANGE02
SSLOffloading                      : True
ExternalHostname                   : webmail.domain.com
InternalHostname                   : webmail.domain.com
ExternalClientAuthenticationMethod : Ntlm
InternalClientAuthenticationMethod : Ntlm
IISAuthenticationMethods           : {Basic, Ntlm}
XropUrl                            :
ExternalClientsRequireSsl          : True
InternalClientsRequireSsl          : True
MetabasePath                       : IIS://SER-EXCHANGE02.domain.net/W3SVC/1/ROOT/Rpc
ExtendedProtectionTokenChecking    : None
ExtendedProtectionFlags            : {}
ExtendedProtectionSPNList          : {}
AdminDisplayVersion                : Version 15.0 (Build 1076.9)
Server                             : SER-EXCHANGE02
AdminDisplayName                   :
ExchangeVersion                    : 0.20 (15.0.0.0)
Name                               : Rpc (Default Web Site)
Identity                           : SER-EXCHANGE02\Rpc (Default Web Site)
Guid                               : 133c7875-1947-4ccc-b9e2-a928a96da65c
ObjectCategory                     : domain.net/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
Id                                 : SER-EXCHANGE02\Rpc (Default Web Site)
OriginatingServer                  : AD4.domain.net
IsValid                            : True
ObjectState                        : Changed

When performing migrations I always recommend moving manager-delegate relationships together just to avoid these kinds of problems.  Sorry, but that's the best advice I can offer.

Hi,

As Ed mentioned, we recommend migrate public folder to Exchange 2013 after move all mailbox to it. However, for your question, its a known issue.
Heres an article about it: https://support.microsoft.com/en-us/kb/2834139?wa=wsignin1.0

Thiss caused by incorrectly authentication, please run Get-OutlookAnywhere | FL Identity,*Host*,*Authentication*,*SSL* to double check the configuration.
1. If "ExternalHostName" is set, and "ExternalClientAuthenticationMethod" is Negotiate, change "ExternalClientAuthenticationMethod" to something other than Negotiate.
2. If "InternaClientlAuthenticationMethod" is set to Negotiate, and "InternalRequireSSL" is True, change "InternalClientAuthenticationMethod" to something other than Negotiate, or change "InternalRequireSSL" to False.
3. The new settings should be applied on the Outlook clients the next time that they send a request to the Autodiscover service. Or, you can manually change the settings.

Thanks

Hello,

When I change to InternalRequireSSL:$false I get password prompts on EX2013 mailbox users and they are unable to use Outlook.

Regards

Philip

Hi,

How about repair Outlook profile for testing?
Please try to open Account  Setting---> More Settings---> Connection, open Exchange proxy setting then uncheck "Connect using SSL only", also check the authentication method.

Thanks

Hi,

I've removed the profile several times, created new accounts and the problem still persists. As i wrote in the first post the problem problem appears in OWA also. I don't think it's an issue with the patch level since all servers all full patched in both OS and Exchange.
EX2010 SP3 RU 9 (Server 2008R2 SP1)
EX2013 SP1 (CU8) (Server 2012R2).

Yesterday I removed Outlook Anywhere from EX2010 and uninstalled RPC over HTTP feature and then reinstalled the features but no luck.

Really frustrating that it won't work with the https://support.microsoft.com/en-us/kb/2834139?wa=wsignin1.0
And without it works from EX2010 to EX2013.

Hi,

Do you have deploy legacy on-premises public folders for a hybrid deployment? If not, please refer to below link to configure:
https://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx

Meanwhile, heres an article about On-Premises Legacy Public Folder Coexistence for Exchange 2013 Cumulative Update 7 and Beyond, for your reference:
http://blogs.technet.com/b/exchange/archive/2014/11/07/on-premises-legacy-public-folder-coexistence-for-exchange-2013-cumulative-update-7-and-beyond.aspx

Thanks

Hi,

I've got it to work! The solution was to add the full access permission on a EX2010 mailbox in EX2010 Shell/ECP not in EX2013 Shell/ECP. Now a EX2010 mailbox can access a EX2010 mailbox when proxied thorugh EX2013.

I have tried to find information about full access permissions in a EX2010 / 2013 coexistence envoirment but no luck. Does anyone have information about this?

• Marked as answer by Philip Haglund 20 hours 14 minutes ago