Exchange 2013 OWA -> 2010 : “something went wrong” issue


Ran into this issue after setting up and configuring two new Exchange 2013 CU5 servers when 2010 SP3 RU6 based mailbox users attempting to login into OWA via Exchange 20130 OWA.

This is probably one of the most useless messages in Exchange, yeah there were many bad ones in earlier versions I know, but really disappointed Microsoft couldn’t provide a bit more troubleshooting information than this partial sentence.  Nothing in event or IIS logs, which I found at least either.

Here’s the whole message you get in OWA 2013 when you run into the problem I did:

EX2013-OWA Error

Users, only test users at this phase of the deployment luckily, who are on Exchange 2010 would get this error when they went to the testing URL (mail2.company.com/owa) for Exchange 2013 OWA access.  After they logged into they would get this error, but the browser would continue to act like it was loading the page.

IIS logs on 2013 didn’t contain any errors:
2014-08-12 18:14:59 10.10.69.220 POST /owa/auth.owa &CorrelationID=<empty>;&cafeReqId=<cut>; 443 zEX20.Test@ company.com 10.10.55.6 Mozilla/5.0+(compatible;+MSIE+10.0;+Windows+NT+6.2;+WOW64;+Trident/6.0) https://mail2.company.com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail2.company.com%2fowa%2f 302 0 0 343

Nor did the HttpProxy logs:
2014-08-12T19:14:37.044Z,e4ab9b1b-9483-4f82-9d0b-e91f2e7b1ecf,15,0,913,7,,Owa,mail2.company.com,/owa/auth.owa,,FBA,True,COMPANY\ex20test,,Sid~S-1-5-21-<cut>,Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko,10.10.69.7,DCOCEXC220,302,,,POST,,,,,WindowsIdentity,,DCOCEXC020,388,164,,,,72,1003,,0,229;,229,90;48;9;,147,376,,0,1109.4356,4,,,,,,,,,28,1032,0,,1036,,1108,1108,,,BeginRequest=2014-08-12T19:14:35.935Z;CorrelationID=<empty>;ProxyState-Run=None;ServerLocatorCall=c03fc9f8-0322-4166-ba65-e51ddbaa4c24;DownLevelTargetHash=0/0/2;ClientAccessServer=DCOCEXC011.company.com;ResolveCasLatency=31;ProxyState-Complete=CalculateBackEnd;EndRequest=2014-08-12T19:14:37.044Z;I32:ADS.C[DCOCADC007N]=1;F:ADS.AL[DCOCADC007N]=0.9467;I32:ATE.C[DCOCADC006N.company.com]=9;F:ATE.AL[DCOCADC006N.company.com]=1.666667;I32:ATE.C[DCOCADC007N.company.com]=1;F:ATE.AL[DCOCADC007N.company.com]=93;I32:ADS.C[DCOCADC006N]=7;F:ADS.AL[DCOCADC006N]=3.064757;I32:ADR.C[DCOCADC006N]=3;F:ADR.AL[DCOCADC006N]=1.140667,

After trying many things, links to a couple at the end, I got it working after enabling Windows Authentication in IIS on the OWA & ECP virtual directories on the Exchange 2010 CAS servers.  I should have checked that 1st! After making this change you will also need to recycle the MSExchangeOWAAppPool & MSExchangeECPAppPool Application Pools to make it take effect immediately.

This left Basic & Windows Authentication enabled on the OWA & ECP VDs on 2010 in IIS and just basic on Exchange 2013.

Output from Get-OWA\ECPVirtualDirectory after fixing the issue:

Get-OwaVirtualDirectory | fl name, server, *auth*

Name                          : owa (Default Web Site)
Server                        : DCOCEXC011 (2010 server)
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
ExternalAuthenticationMethods : {Fba}

Name                          : owa (Default Web Site)
Server                        : DCOCEXC220 (2013 server)
ClientAuthCleanupLevel        : High
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Get-EcpVirtualDirectory | fl name, server, *auth*

Name                          : ecp (Default Web Site)
Server                        : DCOCEXC011 (2010 server)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : True
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
ExternalAuthenticationMethods : {Fba}

Name                          : ecp (Default Web Site)
Server                        : DCOCEXC220 (2013 server)
InternalAuthenticationMethods : {Basic, Fba}
BasicAuthentication           : True
WindowsAuthentication         : False
DigestAuthentication          : False
FormsAuthentication           : True
LiveIdAuthentication          : False
AdfsAuthentication            : False
OAuthAuthentication           : False
ExternalAuthenticationMethods : {Fba}

Related issues, but not the solution for my issue:
http://ril3y.wordpress.com/2014/03/25/exchange-2013-owa-and-ecp-logins-fail-with-500-error/
https://support.microsoft.com/kb/2898571

About jasonsherry

I am a 20 year Exchange consultant and expert. I currently work for Commvault as a Solutions Specialist for Microsoft Infrastructure For more info see my resume at: http://jasonsherry.org
This entry was posted in Exchange, Technical and tagged . Bookmark the permalink.

10 Responses to Exchange 2013 OWA -> 2010 : “something went wrong” issue

  1. John Garner says:

    and it was not because that the timezone wasn’t set on E2013 mailbox?
    I had the same error, where this was the case, found that timezone was not set on the mailbox, and after running below, user could access OWA;
    (Set-MailboxRegionalConfiguration “alias” -TimeZone “Romance Standard Time”)

    Like

  2. Pingback: Weekly IT Newsletter – August 11-15, 2014 | Just a Lync Guy

  3. Mikey says:

    Thanks. That helped me with a deployment at a big university

    I just had to go to 2010 CAS servers IIS > OWA/ECP > authentication > enable “Windows authentication”

    BUT….

    I didn’t get the same results when I ran the get-owavirtualdirectory command. I got all false (2010 servers).

    Like

  4. Mikey says:

    Well, my apologies

    I ran my get-owavirtualdirectory command with -ADPropertiesOnly parameter and that is when I got all “False”.

    Don’t know why though!

    Like

  5. Mikey says:

    Now if a user goes to owa > options; it doesn’t work!!!!!!. Above trick is incomplete

    You get a message that says “error executing child request”

    How about that?

    Like

  6. Mikey says:

    1. Your information provided above doesn’t explain why this thing is happening. There is no document provided by Microsoft that says “windows authentication” is required on 2010 ecp / owa.
    2. Also it doesn’t tell you that 2010 users will get error messages when going to owa options (I figured out this problem though)

    Like

  7. jasonsherry says:

    Contact Microsoft support for assistance. This blog post only covers one fix for this error, there are many other things that can also cause this generic error message.

    Like

  8. Matthias Scharl says:

    you made my day ! thanks for the fix

    Like

  9. Thomas says:

    Thanks – my 2010 owa directory was missing Windows Auth – access from Exchange 2016 gave the error.

    Your fix worked. Thanks!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s