This post is the first in a series of diagnosing specific CAS issues. Today were going to take a look specifically at OWA site to site proxy issues.
Outlook Web App isn’t available. If the problem continues, please contact your helpdesk
While appropriate, this isn’t the most descriptive error message in the world. In order to demonstrate this scenario I build a lab with two Exchange Servers, both deployed on domain controllers in different AD sites. In this scenario, OWA is published to the internet in Site 1, however the user in question is trying to login to his mailbox, which is hosted in Site 2. Site 1 is internet facing and Site 2 is not. Both sites are running Exchange 2010.
Let’s look at what’s happening “under the hood”:
In the Exchange Management GUI, you should see the following, first the empty
Second, the authentication method is set to windows integrated:
However we’re still receiving an error.
Looking at the Active Directory event logs on the Domain Controllers in both sites, we may notice a number of Active Directory errors, including Inter Site Topology Generator errors. These are the clue that we need.
When we open the Active Directory Sites and Services administration tool, we would notice that the IP SITE LINK between the two sites is missing or misconfigured. Without valid site links, Exchange cannot proxy between sites and OWA fails.
Re-creating the site link, and waiting for replication and cache timeouts to take effect, (or restarting the “Microsoft Exchange Active Directory Topology” service) and OWA stops replying with an error message and renders the users mailbox.
Let’s recap quickly; our three areas for OWA site to site proxy failures are:
The last one can be a bit tricky since it’s often unexpected, and most of us take for granted that AD is either designed and implemented correctly or at least is healthy.