Error when opening a message or AB in Exchange 2010

When client try to access any message using OWA, he will find the following error:

OWA Error

User host address:
User: legacy
EX Address: /o=First Organization/ou=All Users/cn=Recipients/cn=legacy
SMTP Address:
OWA version: 14.0.682.1
Mailbox server: MBX-01.domain..local

Exception type: System.NullReferenceException
Exception message: Object reference not set to an instance of an object.

Call stack

Microsoft.Exchange.Security.Authorization.AuthzAuthorization.CheckExtendedRights(AuthzContextHandle authzContextHandle, RawSecurityDescriptor securityDescriptor, Guid[] extendedRightGuids, SecurityIdentifier principalSelfSid)
Microsoft.Exchange.Security.Authorization.ClientSecurityContext.HasExtendedRightOnObject(RawSecurityDescriptor securityDescriptor, Guid extendedRightGuid)
Microsoft.Exchange.Data.Directory.SystemConfiguration.AddressBookBase.GetGlobalAddressList(ClientSecurityContext clientSecurityContext, ADSystemConfigurationSession configurationSession, ADRecipientSession recipientSession)
Microsoft.Exchange.Clients.Owa.Core.Utilities.CreateADRecipientSession(Int32 lcid, Boolean readOnly, ConsistencyMode consistencyMode, Boolean useDirectorySearchRoot, UserContext userContext, Boolean scopeToGal)
Microsoft.Exchange.Clients.Owa.Premium.RenderingUtilities.GetSenderSmtpAddress(UserContext userContext, Participant sender, String& smtpAddress, String& id, String& sipUri, Nullable`1& isDl, Boolean getDataFromAD)
Microsoft.Exchange.Clients.Owa.Premium.RenderingUtilities.GetSender(UserContext userContext, Participant sender, String id, String displayName, Boolean hasContextMenu, Participant from, Boolean hasJunkEmailContextMenu, String senderADObjectId, String senderSmtpAddress, String senderSipUri, Nullable`1 senderIsDl)
Microsoft.Exchange.Clients.Owa.Premium.RenderingUtilities.RenderSender(UserContext userContext, TextWriter output, Participant sender, Participant from)
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemPartWriter.ExpandedItemPartWriter.Render(Boolean isVisible, Boolean isSelected)
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemPartWriter.RenderExpandedItemPart(Boolean isVisible, Boolean isSelected)
Microsoft.Exchange.Clients.Owa.Premium.Controls.ItemPartWriter.Render(String elementId, Boolean isExpanded, Boolean isBranched, Boolean isSelected)
Microsoft.Exchange.Clients.Owa.Premium.ConversationUtilities.RenderItemParts(TextWriter writer, UserContext userContext, OwaStoreObjectId owaConversationId, Conversation conversation, OwaStoreObjectId[] expandedIds, Int32[] expandedInternetMIds, List`1 localItemIds, String searchWords, Boolean shouldRenderSelected)
ASP.forms_premium_readconversation_aspx.__Render__control1(HtmlTextWriter __w, Control parameterContainer)
System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
System.Web.UI.Page.Render(HtmlTextWriter writer)
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Associated with this error, we found the following error in Exchange 2010 CAS server

CAS Error

Watson report about to be sent for process id: 1856, with parameters: E12IIS, c-RTL-AMD64, 14.00.0682.000, OWA, M.Exchange.Net, M.E.S.A.AuthzAuthorization.CheckExtendedRights, System.NullReferenceException, f1e0, 14.00.0682.000.
ErrorReportingEnabled: False
After investigating, I found that “All Global Address List” and “Default Global Address List” containers are not inheriting the permissions from the upper level. The “include inheritable permissions from this object’s parent” check box was cleared


Exchange 2010 Proxying and Redirection in Mixed Exchange Environment

Exchange 2010 Proxying or Redirection includes many scenarios that have to be take into consideration during the Implementation; either in a clean Exchange 2010 environment or in a mixed mode environment (including Exchange 2003 or 2007).

Proxying or Redirection scenarios affect the following Exchange components:

  • OWA.
  • Outlook Anywhere.
  • Activesync.
  • Exchange Web Services.

Exchange 2010/2003 Environment

Outlook Web App

When deciding to switch the mail accessing from Exchange 2003 to Exchange 2010 CAS server, you have to create another A record on the Internet DNS to point to Exchange 2003 server, so the “” A record should point to Exchange 2010 CAS server and another record “” point to Exchange 2003 server.

If the user’s mailbox is on an Exchange 2003 server and the user tried to access Outlook Web App using, it will be automatically redirected to https://

After that you have to run the following Exchange PS command on  Exchange 2010 CAS server

Set-OWAVirtualDirectory <CAS2010>\OWA* -Exchange2003URL

Exchange ActiveSync

If the user’s mailbox is on an Exchange 2003 server, the incoming request is proxied to the Exchange 2003 server that hosts the user’s mailbox and the Exchange ActiveSync virtual directory. By default, in Exchange 2003, the Exchange ActiveSync virtual directory was installed on all mailbox servers. If the incoming request is to an Exchange 2010 Client Access server that’s in a different Active Directory site than the destination back-end server, the request will be proxied directly to the destination back-end server, even if there is an Exchange 2010 Client Access server within the destination Active Directory site. If the incoming request is to an Exchange 2010 Client Access server within the same Active Directory site as the destination back-end server, the request will be proxied directly to the destination back-end server.

Proxying isn’t supported between virtual directories that use Basic authentication. For client communications to be proxied between virtual directories on different servers, the virtual directories must use Integrated Windows authentication.

To configure the integrated authentication on Exchange 2003 ActiveSync virtual directory, Install Front End server (or Back End) and then use the Exchange System Manager to adjust the authentication settings of the ActiveSync virtual directory.


Proxying won’t work for Post Office Protocol version 3 (POP3) or Internet Message Access Protocol version 4rev1 (IMAP4) clients. A client who’s using POP3 or IMAP4 must connect to a Client Access server in the same Active Directory site as their Mailbox server.

Exchange 2010/2007 Environment

Outlook Web App

  • If the Exchange 2007 mailbox is in the same AD Site as Exchange 2010 CAS server, the user will be automatically redirected to the Internet-Facing Exchange 2007 CAS in that AD site.
  • If the Exchange 2007 mailbox is in another Internet facing AD Site, CAS2010 will manually redirect the user to the Exchange 2007 CAS.
  • If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS. Unfortunately this step doesn’t occur automatically as you have to copy the following folder from the Exchange 2007 CAS server (%ProgramFiles%\Microsoft\Exchange Server\Client Access\OWA\8.2.x.x ) to  Exchange 2010 CAS server (%ProgramFiles%\Microsoft\ExchangeServer\V14\ClientAccess\Owa\)


  • If the Exchange 2007 mailbox is in the same AD Site as CAS2010 and the device supports Autodiscover, CAS2010 will notify the device to synchronize with CAS2007.
  • If the Exchange 2007 mailbox is in the same AD Site as CAS2010 and the device does not support Autodiscover, CAS2010 will proxy the connection to CAS2007.
  • If the Exchange 2007 mailbox is in a non-Internet facing AD site, CAS2010 will proxy the connection to the Exchange 2007 CAS.

    Outlook Anywhere

    For Outlook Anywhere, you are going to move the Outlook Anywhere endpoint from the Exchange 2003 Front-End or Exchange 2007 CAS to the Exchange 2010 CAS.  Exchange 2010 CAS will always proxy the Outlook MAPI RPC data that is embedded in the RPC-HTTPS packet to the target legacy mailbox server (regardless of AD site or version) or to the appropriate Exchange 2010 CAS