Recently I deployed a Netscaler Enterprise Edition HA pair in combination with an Exchange 2013 environment in coexistence with Exchange 2007. In this deployment we are not really aware of where a user’s mailbox resides (on legacy or on 2013). We would think Exchange OWA is able to redirect between OWA 2013 and OWA 2007 and that’s the case, however SSO isn’t really working well when authentication is offloaded. If you Google a little you can find a lot of forum questions about this.
Below a possible solution, it might not be the most elegant solution, but it surely proofs how flexible your Netscaler actually is. :-)
Looking in Active Directory it seems each user with a mailbox has an attribute : “msExchVersion”
If the mailbox resides on an Exchange 2007 Legacy the value is : “4535486012416” and if the mailbox resides on an Exchange 2013 the value is : “88218628259840”.
Group Membership in AAA wasn’t really used anyway so I changed my config like this :
add authentication ldapAction LB_LDAP -serverIP 1.2.3.4 -ldapBase “dc=blubird,dc=local” -ldapBindDn “CN=netscaler_sa,OU=Service Accounts,DC=blubird,DC=eu” -ldapBindDnPassword ea27151279c32e22e6 -encrypted -ldapLoginName samAccountName -groupAttrName msExchVersion
So instead of using “MemberOf” we used “msExchVersion”
Next step is configuring a couple of responders :
add responder action RESP_ACT_exchange_cs_responder_redirect_owa_legacy redirect “\”https://legacy.blubird.eu/owa\””
add responder action RESP_ACT_exchange_cs_responder_redirect_owa redirect “\”https://mail.blubird.eu/owa\””
If the user has his mailbox on the legacy exchange and he/she is using the 2013-OWA-URL redirect him/her to https://legacy.blubird.eu :
add responder policy exchange_resp_redirect_legacy_pol “HTTP.REQ.HOSTNAME.EQ(“mail.blubird.eu”)&& HTTP.REQ.USER.IS_MEMBER_OF(\”4535486012416\”)” RESP_ACT_exchange_cs_responder_redirect_owa_legacy
If the user has his mailbox on the legacy exchange and he/she is using the 2007-legacy-OWA-URL redirect him/her to https://legacy.blubird.eu :
add responder policy exchange_resp_redirect_pol “HTTP.REQ.HOSTNAME.EQ(“legacy.blubird.eu”)&& HTTP.REQ.USER.IS_MEMBER_OF(\”88218628259840\”)” RESP_ACT_exchange_cs_responder_redirect_owa
This way redirection between OWA 2013 and Legacy OWA 2007 is handled dynamically at the Netscaler.
