Home

Azure AD Proxy and Exchange 2010 OWA Issues

%3CLINGO-SUB%20id%3D%22lingo-sub-186018%22%20slang%3D%22en-US%22%3EAzure%20AD%20Proxy%20and%20Exchange%202010%20OWA%20Issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-186018%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EI%20recently%20ran%20into%20issues%20with%20publishing%20Exchange%202010%20OWA%20behind%20Azure%20AD%20Proxy.%20I%20had%20tested%20Exchange%202013%20OWA%20with%20Azure%20AD%20Proxy%20successfully%20and%20then%20decided%20to%20deploy%20it%20for%20a%20customer%20for%20Exchange%202010.%20Deployed%20it%20successfully%20and%20user%20were%20able%20to%20logon%20successfully%20through%20Azure%20AD%20Proxy%20and%20MFA.%20However%20users%20experienced%20annoying%20Notification%20Icon%20on%20top%20of%20the%20page%20and%20when%20they%20click%20it%20it%20will%20show%20error%20message%2C%20%22Notifications%20could%20not%20be%20retrieved%22%2C%20users%20were%20not%20able%20to%20see%20new%20emails%20unless%20they%20refresh%20it.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EI%20worked%20with%20Microsoft%20Premium%20Support%20over%2040%20hours%20and%20we%20were%20not%20able%20to%20fix%20it.%20I%20eventually%20added%20Exchange%202016%20to%20Exchange%20Org%20and%20Published%20that%20through%20Azure%20AD%20Proxy.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EAgain%20users%20with%20mailboxes%20on%20Exchange%202016%20had%20no%20issues%2C%20but%20users%20on%20Exchange%202010%20continued%20to%20have%20same%20bad%20experience.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22public-DraftStyleDefault-block%20public-DraftStyleDefault-ltr%22%3E%3CSPAN%3EAs%20of%20now%20there%20is%20no%20plans%20by%20Microsoft%20to%20fix%20it%2C%20therefore%20realistically%20Exchange%202010%20OWA%20with%20Azure%20AD%20Proxy%20is%20not%20supported.%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-186018%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%20Proxy%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-188898%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Proxy%20and%20Exchange%202010%20OWA%20Issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-188898%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20that%20may%20be%20the%20case%2C%20what%20we%20found%20that%20Notification%20Events%20are%20handled%20differently%20by%20Exchange%202013%20and%20higher%20than%20Exchange%202010.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMy%20customer%20requirement%20was%20to%20ensure%20that%20OWA%20runs%20with%20MFA%2C%20as%20a%20workaround%20I%20accomplished%20it%20by%20installing%20and%20configuring%20MFA%20on%20CAS%20Server.%20It%20works%20like%20a%20charm.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-186239%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Proxy%20and%20Exchange%202010%20OWA%20Issues%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-186239%22%20slang%3D%22en-US%22%3E%3CP%3EIts%20probably%20to%20do%20with%20the%20fact%20that%20OWA%20is%20rendered%20on%20the%20CAS%20not%20the%20MBX%20in%20Exchange%20versions%20%26gt%3B2010%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable
 
I recently ran into issues with publishing Exchange 2010 OWA behind Azure AD Proxy. I had tested Exchange 2013 OWA with Azure AD Proxy successfully and then decided to deploy it for a customer for Exchange 2010. Deployed it successfully and user were able to logon successfully through Azure AD Proxy and MFA. However users experienced annoying Notification Icon on top of the page and when they click it it will show error message, "Notifications could not be retrieved", users were not able to see new emails unless they refresh it.
 
I worked with Microsoft Premium Support over 40 hours and we were not able to fix it. I eventually added Exchange 2016 to Exchange Org and Published that through Azure AD Proxy.
 
Again users with mailboxes on Exchange 2016 had no issues, but users on Exchange 2010 continued to have same bad experience.
 
As of now there is no plans by Microsoft to fix it, therefore realistically Exchange 2010 OWA with Azure AD Proxy is not supported.
2 Replies

Its probably to do with the fact that OWA is rendered on the CAS not the MBX in Exchange versions >2010

Yes, that may be the case, what we found that Notification Events are handled differently by Exchange 2013 and higher than Exchange 2010.

 

My customer requirement was to ensure that OWA runs with MFA, as a workaround I accomplished it by installing and configuring MFA on CAS Server. It works like a charm.

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies