Solved

Exchange 2010 migration; public domain name switch from 2003 to 2010 issue

Posted on 2010-11-20
4
772 Views
Last Modified: 2012-05-10
Hi,

I am working on upgrading to Exchange 2010 from 2003.  I am having an issue moving the public domain name from the 2003 box to 2010 so that existing Outlook and iPhone ActiveSync connections will route through 2010.  When I move the DNS, any Outlook or ActiveSync connection cannot connect to email any longer.  Am I missing something basic or am I on the wrong track entirely?  Detail below....

Exchange 2003:
Domain name = webmail.company.com
Remote users with webmail.company.com configured in Outlook (with HTTP proxy) and iPhone
SSL cert webmail.company.com and with subject alt names covering legacy, mail, autodiscover

Exchange 2010
Installed with Hub, Client Access and Mailbox
Domain name - mail.company.com
Same SSL cert as above.
Client access array is configured for mail.company.com

Some other details
* OWA for 2010 routes a 2003 mailbox user successfully via legacy.company.com
* mail flow is routing through 2010

I thought the exchange 2003 coexistence is that users can be moved to 2010 without hands on each user.  If I move webmail.company.com to 2010, what is the expected configuration or method for Outlook or ActiveSync clients to successfully proxy through 2010?

I've also tried another test where I moved a mailbox from 2003 to 2010.  My remote Outlook and ActiveSync connections did not work through 2010 with the DNS change of webmail.company.com (moving from 2003 to 2010) or even by reconfiguring the remote connection to mail.company.com.  It's starting to look like each user's PDA and Outlook needs to be touched for this upgrade!

Ideas?
0
Comment
Question by:Aaron_J_Marshall
  • 2
  • 2
4 Comments
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 34180710
Aaron, you would normally want to have all traffic go to the E2010 server, using the SAME name as the original server used. So you would change your firewall rule so that all 443 traffic now goes to the E2010 server, not the E2003 server. Using two different names is OK for testing, but not for production, especially if you don't want to touch each device.

You would also need to make sure that all the external URLs on your E2010 server match whatever your clients are expecting to see: thus, they should be "webmail.company.com" and not "mail.company.com". If you keep the names different, you will run into problems with the devices.

So do this:

1. Reconfigure the E2010 CAS stuff to use "webmail.company.com" as the external URL and make sure that you have a multi-name cert on the E2010 box that includes webmail.company.com and autodiscover.company.com. Create an A-record for autodiscover in your public DNS that resolves to the same IP as webmail.

2. Change the current firewall rule that directs 443 traffic for webmail.company.com's IP to the E2003 server so that it forwards that traffic to the E2010 server instead.

3. Start moving mailboxes to the new server.

To answer your question about Outlook Anywhere and ActiveSync if you move webmail to the new server, the method should be the same or simpler, if you've set up Autodiscover like I described:

a) An A-record in the public DNS that points autodiscover to the same IP as Webmail
b) A certificate whose names include autodiscover.domain.com
c) A change to the external url on the autodiscover virtual directory so that it is set to https://autodiscover.company.com/autodiscover/autodiscover.xml
0
 

Author Comment

by:Aaron_J_Marshall
ID: 34181617
I've changed the 2010 environment from "mail" to "webmail" matching the URL of the 2003 box.  When I redirect the public DNS to point to the 2010 box for webmail.company.com I can connect to ActiveSync on 2010 only.  A 2003 mailbox connection fails through 2010.

www.testexchangeconnectivity.com for the 2003 mailbox connecting through 2010 brings the following error during the activesync test:

An ActiveSync session is being attempted with the server.
  Errors were encountered while testing the Exchange ActiveSync session.
   Test Steps
   Attempting to send the OPTIONS command to the server.
  Testing of the OPTIONS command failed. For more information, see Additional Details.
   Additional Details
  A Web exception occurred because an HTTP 401 - Unauthorized response was received from IIS7.
 
I'm wondering if there is an authentication mismatch of requirements between 2010 and 2003 for activesync.  Any ideas?
 
0
 
LVL 6

Accepted Solution

by:
Shack-Daddy earned 500 total points
ID: 34181768
Have you followed the guidance to create an internal name of "legacy" for the E2003 server?

Read this article carefully: it contains the details you need to incorporate into your design:
http://msexchangeteam.com/archive/2009/11/20/453272.aspx
0
 

Author Closing Comment

by:Aaron_J_Marshall
ID: 34183932
Timely and helpful, thanks!
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now