Solved

Exchange 2010 migration; public domain name switch from 2003 to 2010 issue

Posted on 2010-11-20
4
773 Views
Last Modified: 2012-05-10
Hi,

I am working on upgrading to Exchange 2010 from 2003.  I am having an issue moving the public domain name from the 2003 box to 2010 so that existing Outlook and iPhone ActiveSync connections will route through 2010.  When I move the DNS, any Outlook or ActiveSync connection cannot connect to email any longer.  Am I missing something basic or am I on the wrong track entirely?  Detail below....

Exchange 2003:
Domain name = webmail.company.com
Remote users with webmail.company.com configured in Outlook (with HTTP proxy) and iPhone
SSL cert webmail.company.com and with subject alt names covering legacy, mail, autodiscover

Exchange 2010
Installed with Hub, Client Access and Mailbox
Domain name - mail.company.com
Same SSL cert as above.
Client access array is configured for mail.company.com

Some other details
* OWA for 2010 routes a 2003 mailbox user successfully via legacy.company.com
* mail flow is routing through 2010

I thought the exchange 2003 coexistence is that users can be moved to 2010 without hands on each user.  If I move webmail.company.com to 2010, what is the expected configuration or method for Outlook or ActiveSync clients to successfully proxy through 2010?

I've also tried another test where I moved a mailbox from 2003 to 2010.  My remote Outlook and ActiveSync connections did not work through 2010 with the DNS change of webmail.company.com (moving from 2003 to 2010) or even by reconfiguring the remote connection to mail.company.com.  It's starting to look like each user's PDA and Outlook needs to be touched for this upgrade!

Ideas?
0
Comment
Question by:Aaron_J_Marshall
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34180710
Aaron, you would normally want to have all traffic go to the E2010 server, using the SAME name as the original server used. So you would change your firewall rule so that all 443 traffic now goes to the E2010 server, not the E2003 server. Using two different names is OK for testing, but not for production, especially if you don't want to touch each device.

You would also need to make sure that all the external URLs on your E2010 server match whatever your clients are expecting to see: thus, they should be "webmail.company.com" and not "mail.company.com". If you keep the names different, you will run into problems with the devices.

So do this:

1. Reconfigure the E2010 CAS stuff to use "webmail.company.com" as the external URL and make sure that you have a multi-name cert on the E2010 box that includes webmail.company.com and autodiscover.company.com. Create an A-record for autodiscover in your public DNS that resolves to the same IP as webmail.

2. Change the current firewall rule that directs 443 traffic for webmail.company.com's IP to the E2003 server so that it forwards that traffic to the E2010 server instead.

3. Start moving mailboxes to the new server.

To answer your question about Outlook Anywhere and ActiveSync if you move webmail to the new server, the method should be the same or simpler, if you've set up Autodiscover like I described:

a) An A-record in the public DNS that points autodiscover to the same IP as Webmail
b) A certificate whose names include autodiscover.domain.com
c) A change to the external url on the autodiscover virtual directory so that it is set to https://autodiscover.company.com/autodiscover/autodiscover.xml
0
 

Author Comment

by:Aaron_J_Marshall
ID: 34181617
I've changed the 2010 environment from "mail" to "webmail" matching the URL of the 2003 box.  When I redirect the public DNS to point to the 2010 box for webmail.company.com I can connect to ActiveSync on 2010 only.  A 2003 mailbox connection fails through 2010.

www.testexchangeconnectivity.com for the 2003 mailbox connecting through 2010 brings the following error during the activesync test:

An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  Testing of the OPTIONS command failed. For more information, see Additional Details.
   Additional Details
  A Web exception occurred because an HTTP 401 - Unauthorized response was received from IIS7.
 
I'm wondering if there is an authentication mismatch of requirements between 2010 and 2003 for activesync.  Any ideas?
 
0
 
LVL 6

Accepted Solution

by:
Shack-Daddy earned 500 total points
ID: 34181768
Have you followed the guidance to create an internal name of "legacy" for the E2003 server?

Read this article carefully: it contains the details you need to incorporate into your design:
http://msexchangeteam.com/archive/2009/11/20/453272.aspx
0
 

Author Closing Comment

by:Aaron_J_Marshall
ID: 34183932
Timely and helpful, thanks!
0

Featured Post

Why won’t your email signature format correctly?

Struggling to get your corporate email signatures to format correctly? Does the logo keep resizing? Is the text appearing too big? What can you do to prevent this? Find out how you can save your signatures today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now