Aaron_J_Marshall
asked on
Exchange 2010 migration; public domain name switch from 2003 to 2010 issue
Hi,
I am working on upgrading to Exchange 2010 from 2003. I am having an issue moving the public domain name from the 2003 box to 2010 so that existing Outlook and iPhone ActiveSync connections will route through 2010. When I move the DNS, any Outlook or ActiveSync connection cannot connect to email any longer. Am I missing something basic or am I on the wrong track entirely? Detail below....
Exchange 2003:
Domain name = webmail.company.com
Remote users with webmail.company.com configured in Outlook (with HTTP proxy) and iPhone
SSL cert webmail.company.com and with subject alt names covering legacy, mail, autodiscover
Exchange 2010
Installed with Hub, Client Access and Mailbox
Domain name - mail.company.com
Same SSL cert as above.
Client access array is configured for mail.company.com
Some other details
* OWA for 2010 routes a 2003 mailbox user successfully via legacy.company.com
* mail flow is routing through 2010
I thought the exchange 2003 coexistence is that users can be moved to 2010 without hands on each user. If I move webmail.company.com to 2010, what is the expected configuration or method for Outlook or ActiveSync clients to successfully proxy through 2010?
I've also tried another test where I moved a mailbox from 2003 to 2010. My remote Outlook and ActiveSync connections did not work through 2010 with the DNS change of webmail.company.com (moving from 2003 to 2010) or even by reconfiguring the remote connection to mail.company.com. It's starting to look like each user's PDA and Outlook needs to be touched for this upgrade!
Ideas?
I am working on upgrading to Exchange 2010 from 2003. I am having an issue moving the public domain name from the 2003 box to 2010 so that existing Outlook and iPhone ActiveSync connections will route through 2010. When I move the DNS, any Outlook or ActiveSync connection cannot connect to email any longer. Am I missing something basic or am I on the wrong track entirely? Detail below....
Exchange 2003:
Domain name = webmail.company.com
Remote users with webmail.company.com configured in Outlook (with HTTP proxy) and iPhone
SSL cert webmail.company.com and with subject alt names covering legacy, mail, autodiscover
Exchange 2010
Installed with Hub, Client Access and Mailbox
Domain name - mail.company.com
Same SSL cert as above.
Client access array is configured for mail.company.com
Some other details
* OWA for 2010 routes a 2003 mailbox user successfully via legacy.company.com
* mail flow is routing through 2010
I thought the exchange 2003 coexistence is that users can be moved to 2010 without hands on each user. If I move webmail.company.com to 2010, what is the expected configuration or method for Outlook or ActiveSync clients to successfully proxy through 2010?
I've also tried another test where I moved a mailbox from 2003 to 2010. My remote Outlook and ActiveSync connections did not work through 2010 with the DNS change of webmail.company.com (moving from 2003 to 2010) or even by reconfiguring the remote connection to mail.company.com. It's starting to look like each user's PDA and Outlook needs to be touched for this upgrade!
Ideas?
ASKER
I've changed the 2010 environment from "mail" to "webmail" matching the URL of the 2003 box. When I redirect the public DNS to point to the 2010 box for webmail.company.com I can connect to ActiveSync on 2010 only. A 2003 mailbox connection fails through 2010.
www.testexchangeconnectivity.com for the 2003 mailbox connecting through 2010 brings the following error during the activesync test:
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
A Web exception occurred because an HTTP 401 - Unauthorized response was received from IIS7.
I'm wondering if there is an authentication mismatch of requirements between 2010 and 2003 for activesync. Any ideas?
www.testexchangeconnectivity.com for the 2003 mailbox connecting through 2010 brings the following error during the activesync test:
An ActiveSync session is being attempted with the server.
Errors were encountered while testing the Exchange ActiveSync session.
Test Steps
Attempting to send the OPTIONS command to the server.
Testing of the OPTIONS command failed. For more information, see Additional Details.
Additional Details
A Web exception occurred because an HTTP 401 - Unauthorized response was received from IIS7.
I'm wondering if there is an authentication mismatch of requirements between 2010 and 2003 for activesync. Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Timely and helpful, thanks!
You would also need to make sure that all the external URLs on your E2010 server match whatever your clients are expecting to see: thus, they should be "webmail.company.com" and not "mail.company.com". If you keep the names different, you will run into problems with the devices.
So do this:
1. Reconfigure the E2010 CAS stuff to use "webmail.company.com" as the external URL and make sure that you have a multi-name cert on the E2010 box that includes webmail.company.com and autodiscover.company.com. Create an A-record for autodiscover in your public DNS that resolves to the same IP as webmail.
2. Change the current firewall rule that directs 443 traffic for webmail.company.com's IP to the E2003 server so that it forwards that traffic to the E2010 server instead.
3. Start moving mailboxes to the new server.
To answer your question about Outlook Anywhere and ActiveSync if you move webmail to the new server, the method should be the same or simpler, if you've set up Autodiscover like I described:
a) An A-record in the public DNS that points autodiscover to the same IP as Webmail
b) A certificate whose names include autodiscover.domain.com
c) A change to the external url on the autodiscover virtual directory so that it is set to https://autodiscover.company.com/autodiscover/autodiscover.xml