Tuesday, November 5, 2024

Exchange 2010 to Exchange 2016 Co-Existence migration OWA redirect not working

Abstract: When you try to open the OWA (Outlook Web Access) website via an Exchange 2016 Server with an user account which has the mailbox on an Exchange 2010 server you might get a “Something went wrong” with a CAS14WithNoWIA string in the URL.

Full error is:

Something went wrong
We can't get that information right now. Please try again later.

The URL would be: https://excas.int.contoso.com/owa/auth/errorFE.aspx?CafeError=CAS14WithNoWIA

Troubleshooting & Solution:

According to the Microsoft forum you need to enable Windows Authentication on the OWA web site on the Exchange 2010 CAS server.

As the steps aren´t outlined which are needed to solve the issue, here is a short howto:

1.) Check at first which authentication options you have enabled on your Exchange 2010 CAS server via (keep a note of that so that you can switch back if need):

Get-OwaVirtualDirectory -Identity “excas01\owa (default Web site)” | fl

If you have more then one Exchange 2010 CAS server you might need to check multiple CAS server

If you have the issues as described in the forum, you will end seeing the following:

BasicAuthentication                                 : True
WindowsAuthentication                               : False
FormsAuthentication                                 : True

2.) To fix the issue now, you need to enable Windows Authentication on your Exchange 2010 CAS server (and disable as well FormBased authentication; As we migrate over to exchange 2016 which will handle the form based authentication for us, this shouldn´t be a issue for you). This can be done simply via the following powershell command:

Set-OwaVirtualDirectory -Identity “excas01\owa (default Web site)” -WindowsAuthentication $true -FormsAuthentication $false

If you have more then one Exchange 2010 CAS server you might need to check multiple CAS server

3.) After the command completed you can perform some checks to ensure its fixed

Get-OwaVirtualDirectory -Identity “excas01\owa (default Web site)” | fl

Should show now:

BasicAuthentication                                 : True
WindowsAuthentication                               : True
FormsAuthentication                                 : False

Additional you can open the IIS Manager and check the Authentication features on the OWA subfolder. This should now show a enabled status for Windows Authentication.

5.) Now here comes the tricky part. You need to open the IIS Manager on your Exchange CAS Server, Select the OWA site (A) and need to click on authentication (B).

6.) Select “Windows Authentication” (a) and on the right side click on “Providers” (B). Then add NTLM and Negotiate to the providers (D).

If you have more then one Exchange 2010 CAS server you might need to check multiple CAS server

7.) Restart the IIS (or if you wish the whole Exchange 2010 CAS Server. Keep noted that you need to do that on any CAS in your CAS array!)

 

Note: This should be set on the migration day! If you set that earlier you will disable Form based authentication. Because as outlined here, if you enable Form based authentication, then WindowsAuthentication will be disabled and via versa. As conclusion you can enable only Form based authentication OR Windows authentication but not both!

 

Source1 & Source2

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Stay Connected

35FollowersFollow
- Advertisement -

Latest Articles