How to publish Exchange 2003 and Exchange 2010 with ISA 2006

Hi,

First Step-By-Step !

This guide will show you how to configure ISA 2006 for coexistence of Exchange 2003 with Exchange 2010 remote connectivity services, including:

  • Outlook Web Access & Outlook WebApp
  • Microsoft ActiveSync
  • RPCoverHTTP – Outlook Anywhere
  • Publishing Exchange 2010 FARM – two client access servers

This guide assumes that:

  • ISA 2006 is configured to publish OWA 2003 and all additional services
  • SSL is configured for the Exchange 2003 server
  • Windows Integrated Authentication is enabled on the ActiveSync Vdir in the Exchange 2003 Back-End server ( http://support.microsoft.com/?kbid=937031 )
  • RPC-over-HTTP was working for for 2003 mailboxes, and the 2003 back-end is configured as an RPC-over-HTTP
  • The current configuration works 😉
  • This guide will not cover scenarios when exchange is directly exposed to the internet. which I personally do not recommend in generally….

Okay here we go:

  1. Configure redirection for Exchange 2003 OWA:
    Exchange 2010 will redirect a user that holds a mailbox in exchange 2003, this will be possible when the following cmdlet will be run on the Exchange 2010 Client Access server:
    Get-OwaVirtualDirectory -server cas01-2010 | Set-OwaVirtualDirectory -Exchange2003Url https://owa.ext.com/exchange
  2. Publish Exchange 2010 client access web farm with ISA 2006, OWA first:

New OWA 2010 Publishing Rule Outlook Web Access Publishing

– Notice ISA 2006 does not provide a wizard (or the new form) for OWA 2010 – for that you need TMG

– Now we need to create the Web Farm and select it as the target for the publishing rule

– Configure the web listener and authentication delegation option

– The web listener should be already configured for Form Authentication and a valid SSL certificate

– The publishing rule for the Web Farm is now complete.

– Two additional configurations are now required:

    1. Edit the new “exchange2010” Rule:
      Remove the legacy virtual directory’s – /Exchange, /Exchweb and /Public they will continue to be published to your original 2003 rule.
      Add /ecp/* as this is the new “options” applications for users, and a powerful administration web console with Exchange 2010.
    2. Edit the original OWA 2003 publishing rule and remove Microsoft-Server-ActiveSync path, we will next create ActiveSync publishing rule for Exchange 2010.

Now we have three last steps to finish our Exchange 2010 publishing:

  1. Create a new Exchange Web Client Access rule – and select ActiveSync – Repeat most of part 1 except we select ActiveSync, publish the webfarm, enter the same info, and select the same listener.
  2. Now as same for ActiveSync, we need to move the RPCoverHTTP (Outlook Anywhere) from the 2003 publishing rule to 2010 publishing rule. Delete the existing rule. Next you we will create a new publishing rule for Outlook Anywhere based on Exchange 2010.
  3. Create a new Exchange Web Client Access rule – and select Outlook Anywhere – Repeat most of part 1 except we select Outlook Anywhere, publish the webfarm, enter the same info, and select the same listener.

That’s it 🙂

if you kept up with all the requirements, all should be fine and you are now able to migrate your 2003 users to 2010 with ease, while both systems are allowed for external connectivity.

Enjoy!

More relevant links on the subject:

Upgrading Outlook Web App to Exchange 2010

Transitioning Client Access to Exchange Server 2010

15 thoughts on “How to publish Exchange 2003 and Exchange 2010 with ISA 2006”

  1. Hi llantz

    I wonder if you might share some advice. I currently have a setup where we have sbs 2003 running exchange 2003. I recently installed and configured Exchange 2010 running on server 2008. The coexistance is functional in the domain environment with the correct routing between the exchange servers. I have migrated 1 mailbox and can connect successfully internally. My problem is how to publish both exchange 2010 and exchange 2003 such that OWA for web browsing, RPC over http for outlook and activesync for mobiles like iphone, mda and android all operate from a single domain pointer ie mail.domain.com, and will allow users to connect regardless of mailbox location, be them in exchange 2010 or exchange 2003.
    I’m struggling to do this. My front end firewalls are isa 2006 and Forefront TMG. At present the Forefront TMG responds to the domain pointer and publishes all of the aforementioned for exchange 2003. What can I do to achieve my objective ?
    Look forward to your response

  2. Hello ilantz,

    because there is no additional info about the order of the firweall rules and also nothing about second public domain name or ip, I tried this with 1 single weblistener and one public ip but it doesnt work.

    Do you have an idea why? Could you please provide more info?

    Regards
    Letze01

    1. Hi,
      This specific method should work great with a single listener, could you please explain a little what does not work for you? A specific directory ? /owa ? Any errors on client / server side?

  3. Hello,

    I configured everything step by step, but it is not possible to access owa on the new exchange 2010. The browser gives an Error 500. I wonder a bit, that there is no special order given for the rules…

    Regards
    Letze01

    1. Does the test button on the rule for owa 2010 also returns an error code 500?
      Also, make sure that your certificate subjectname on the exchange server matches the “to” hostname in the rule.

          1. Ok, new situation: Its possible to access mailboxes on Exchange 2010 over https://owa.mydomain.com/owa now, but if I want to access a mailbox on the Exchange 2003 there appears an error ‘Access denied due to server configuration changes’

            If I enter https://owa.mydomain.com/exchange, OWA of the Exchange 2003 is displayed successfull.

            Maybe there is something wrong with the redirecting from Ex2010 to Ex2003. I’ve configured Set-OwaVirtualDirectory -Exchange2003Url to https://owa.mydomain.com/exchange. I think, thats right, isn’t it?

          2. Great news !
            This guide actually allows you to only use both access methods. For the redirection work silently you’ll need to do work one of the following options:
            1) Publish both exchange 2010
            and 2003 published on the same listener with SSO enabled on the listener. (Forms enabled only on ISA disabled on the exchange) – only make sure you publish each one under a separate public hostname.
            2) Same as number one, only forms are enabled on both exchange servers – Authentication should be set to all users and no delegation on the ISA rules.

            I do need to update the post to reflect this.

            Hope this sorts it out for you.
            Ilantz

      1. Let me summarize to check if I understood everything right, please:

        To use redirection I should use a second public name e.g. legacy.mydomain.com. I have to configure the Set-OwaVirtualDirectory -Exchange2003Url to https://legacy.mydomain.com/exchange and setup 2 publishing rules on the ISA-Server – one for https://owa.mydomain.com/owa and the other one for https://legacy.mydomain.com/exchange, both with the same listener and sso enabled. Is this right?

Leave a Reply

Your email address will not be published. Required fields are marked *