We help IT Professionals succeed at work.

Exchange Migration

265 Views
Last Modified: 2012-06-27
I am moving a customer from onsite network to a hosted solution. I need to leave the onsite domain in place and move the Exchange mailboxes to the hosted Exchange server. The old Exchange server will be decommissioned. Both the local and hosted domain name are the same - abcxyz.com. I have RPC/HTTP on the hosted server. I need to authenticate to the hosted Exchange server. When I try to connect to the hosted Exchange server, it will not accept my login. How can I make this work?
Comment
Watch Question

Commented:
Wouldn't that be a question for the hosting service support dept?

Am I misunderstanding what you mean by a hosted service?

Bill

Author

Commented:
No, because it's irrelevant that it's in a hosted environment. Sort of.... I think the important thing is that I'm needing to authenticate to two different domains that happen to have the same name.
How is this exchange server set up at your host?
Did you set it up?
If they set it up, then you will have to contact your hosting dept as said above.

Author

Commented:
We are responsible for both locations. Can you clarify your question? Both locations are setup in a standard method. DC and Exchange Server. The domain name is the same at both locations as we are migrating them. This is an unusual situation because the client doesn't want to be down during the transition so we were trying to make the move in steps. Move the Exchange and then the files, etc.

Again, the important thing is that I'm needing to authenticate to two different domains that happen to have the same name. I don't think a trusted relationship will work because of the domain name being the same. Plus, a trust relationship would be a security problem for the hosting facility.
Expert of the Year 2007
Expert of the Year 2006

Commented:
If the authentication is failing then you need to ask the hosting company why.
The domains are not the same. Your SMTP domains may be the same, but not the Windows AD domain - and that is the only place that could cause an authentication conflict. Outlook is connecting, prompting for credentials and then failing. Whether that is a problem with how you have configured the clients, a wrong username format or something else, is something that only the hosting solutions provider can answer.

Simon.

Author

Commented:
Ok - This is Doug - I work with Rodney

Here are a bit more details so it makes sense:

Client has a network with a Domain controller and Exchange. The client wants to move to a Hosted solution (ie: our sister company "hosts" backend servers for client's for a set monthly fee per user and leaves the client with only a member server for file storage... all DC, Exchange etc is moved to the hosting facility).

The hosting company has created a VPN between the hosting facility and the client's office. The hosting company has created a domain by the same exact name as the client's domain and moved all emails (ie export and import) and changed DNS for email for this domain to arrive at the main Exchange server at the hosted facility.

The clients login into the DC at the client's office still since the DC for that domain has not been taken out of the office. The workstations have been set to have Outlook use RPC over HTTP (I think that's what it's called) to get email from the new hosted Exchange. It prompts for authentication. When the name/password is entered, it's not accepted, even though using a web browser to the new Exchange server works with the same name/password.

The techs believe that since the workstations are logging into the old DC that is at the client's site, that might be why they can't authenticate to the Exchange at the hosted location.

maybe a simpler sample would be:
Presume you created 2 DCs while NOT on a network. Then plugged in one and had all workstations attach to the domain. Now plug in the 2nd DC that's exactly the same with same user names, but no added machines and on another subnet that can't see back to the 1st DC, but the users can see both networks.... the users can't access data (ie email) on the 2nd domain with the same name/logins.

That's the problem at hand... not sure the best fix for it.

Commented:
Your "techies" are right.  You have 2 distinct domains with the same name.

Even though I don't have all the info, I'd suggest the following:

NOTE: I'm just wingin it here, I think you should call Microsoft or wait for more ideas from the folks here.

Uninstall Exchange from the Hosted domain and disjoin the Exchange box from the hosted domain and power down the server and leave it off.

Reinstall the hosted domain controller as a regular server.

Join the newly installed server to the EXISTING DOMAIN and reboot.

DCPROMO the newly joined server.

Turn back on the Exchange box and join it to the EXISTING domain.

Install exchange on the new box.

Using AD, transfer all your mailboxes over to the new Exchange box.

The above would be a broad-strokes description of what should be a very loooooong weekend job for you guys.

Bill

Author

Commented:
I appreciate your response, but none of that is possible...

The hosted company has a large DC with over 97 domains on it as OU or subdomains which are teh primary DCs for all hosted clients.. so you don't take down the DC on the hosted side :)

Exchange at the hosted company is also one larger server with over 100 domains on it with thousands of email accounts... again, it doesn't come offline...

Expert of the Year 2007
Expert of the Year 2006

Commented:
People are getting confused between the two domains.

There is a WINDOWS domain and an EMAIL domain.
A hosting company will have created an EMAIL domain on their servers. The EMAIL domain has nothing to do with the WINDOWS domain.

There is no domain clash, and the fact that the two EMAIL domains are the same has nothing to do with it. RPC over HTTPS will connect to the remote server - so the first thing you do need to ensure is that it is connected to the remote server and not a local server. If the hosting company has done something funny with DNS so that you have a host name to connect to in your own EMAIL domain, then that could be causing a problem.

Simon.

Author

Commented:
No Sembee... you are confused.. there are TWO domains

"DC1" - Domain Controller at the client's office
"EX1" - Exchange server at client's office - has been shut down

"DC2" - Hosted Domain Controller at hosted company with 97+ domains hosted on it... ALL client's (except this one at the moment) authenticate to the "DC2" for their specific domains

"EX2" - Exchange server hosting 100+ email domains which includes ALL emails for ALL above domains on the "DC2"

Not that it matters much... 4 techs are onsite today to get the client switched over to all login to the hosted "DC2" and will remove the local "DC1" at the client's site... should no longer be a problem by noon today.
Expert of the Year 2007
Expert of the Year 2006

Commented:
NO I am not confused.
The authentication is failing with hosted Exchange provider.

However there appears to be some idea above that the problem is because of the use of the same EMAIL domain on the local domain and the hosted Exchange providers domain - which is not the case.

Unless there is a major factor here which you haven't stated that the Active Directory domain on both sites is the same - but even that shouldn't matter because the RPC over HTTPS connection will be authenticating against the domain controller the Exchange server is using - what the local domain is called doesn't matter because of the way the traffic is routing.

Simon.

Author

Commented:
That's the problem...

If a machine is added to the hosted domain, login to the hosted domain and use RPC over HTTP to check email on the hosted Exchange.. all is good. If the machine is removed from the hosted domain, add it back to the local domain, login to the local and then attempt to check email with RPC over HTTP on the hosted Exchange.. it doesn't work...

Thus the reason they are now removing all machines from the local domain, adding them to the hosted domain, demoting the local DC and adding it as a member server to the hosted domain... something they were trying to avoid until next week.... but it's done now.
Expert of the Year 2007
Expert of the Year 2006
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
In the end it IS required since ALL hosted clients authenticate to the main DC at the hosted facility where the  hosted Exchange server is as well. No clients have a local DC (they only did or were to have for a short time)

The hosted facility does not only host Exchange, they host the entire back end network for all clients to include the DC for all client's domains. ALL internet traffic is run through the hosting facility over the VPN, backups of the local member servers are to the facility etc...

I am sure it's something to do with how the sub domains are all configured off the main DC.. first time I saw it, I thought it was weird (how I love Novell) ... but it seems to work as long as each client authenticates to the main DC at the hosted facility...

I appreciate your input, but the client was freaking out and wanted it "fixed" ASAP, so the entire conversion was done today instead of in steps.

Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.