• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 794
  • Last Modified:

Exchange 2010 migration; public domain name switch from 2003 to 2010 issue


I am working on upgrading to Exchange 2010 from 2003.  I am having an issue moving the public domain name from the 2003 box to 2010 so that existing Outlook and iPhone ActiveSync connections will route through 2010.  When I move the DNS, any Outlook or ActiveSync connection cannot connect to email any longer.  Am I missing something basic or am I on the wrong track entirely?  Detail below....

Exchange 2003:
Domain name = webmail.company.com
Remote users with webmail.company.com configured in Outlook (with HTTP proxy) and iPhone
SSL cert webmail.company.com and with subject alt names covering legacy, mail, autodiscover

Exchange 2010
Installed with Hub, Client Access and Mailbox
Domain name - mail.company.com
Same SSL cert as above.
Client access array is configured for mail.company.com

Some other details
* OWA for 2010 routes a 2003 mailbox user successfully via legacy.company.com
* mail flow is routing through 2010

I thought the exchange 2003 coexistence is that users can be moved to 2010 without hands on each user.  If I move webmail.company.com to 2010, what is the expected configuration or method for Outlook or ActiveSync clients to successfully proxy through 2010?

I've also tried another test where I moved a mailbox from 2003 to 2010.  My remote Outlook and ActiveSync connections did not work through 2010 with the DNS change of webmail.company.com (moving from 2003 to 2010) or even by reconfiguring the remote connection to mail.company.com.  It's starting to look like each user's PDA and Outlook needs to be touched for this upgrade!

  • 2
  • 2
1 Solution
Aaron, you would normally want to have all traffic go to the E2010 server, using the SAME name as the original server used. So you would change your firewall rule so that all 443 traffic now goes to the E2010 server, not the E2003 server. Using two different names is OK for testing, but not for production, especially if you don't want to touch each device.

You would also need to make sure that all the external URLs on your E2010 server match whatever your clients are expecting to see: thus, they should be "webmail.company.com" and not "mail.company.com". If you keep the names different, you will run into problems with the devices.

So do this:

1. Reconfigure the E2010 CAS stuff to use "webmail.company.com" as the external URL and make sure that you have a multi-name cert on the E2010 box that includes webmail.company.com and autodiscover.company.com. Create an A-record for autodiscover in your public DNS that resolves to the same IP as webmail.

2. Change the current firewall rule that directs 443 traffic for webmail.company.com's IP to the E2003 server so that it forwards that traffic to the E2010 server instead.

3. Start moving mailboxes to the new server.

To answer your question about Outlook Anywhere and ActiveSync if you move webmail to the new server, the method should be the same or simpler, if you've set up Autodiscover like I described:

a) An A-record in the public DNS that points autodiscover to the same IP as Webmail
b) A certificate whose names include autodiscover.domain.com
c) A change to the external url on the autodiscover virtual directory so that it is set to https://autodiscover.company.com/autodiscover/autodiscover.xml
Aaron_J_MarshallAuthor Commented:
I've changed the 2010 environment from "mail" to "webmail" matching the URL of the 2003 box.  When I redirect the public DNS to point to the 2010 box for webmail.company.com I can connect to ActiveSync on 2010 only.  A 2003 mailbox connection fails through 2010.

www.testexchangeconnectivity.com for the 2003 mailbox connecting through 2010 brings the following error during the activesync test:

An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  Testing of the OPTIONS command failed. For more information, see Additional Details.
   Additional Details
  A Web exception occurred because an HTTP 401 - Unauthorized response was received from IIS7.
I'm wondering if there is an authentication mismatch of requirements between 2010 and 2003 for activesync.  Any ideas?
Have you followed the guidance to create an internal name of "legacy" for the E2003 server?

Read this article carefully: it contains the details you need to incorporate into your design:
Aaron_J_MarshallAuthor Commented:
Timely and helpful, thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now