Avatar of neilbuckman
 asked on

Exchange 2003 and Exchange 2010 configuration for ActiveSync

We are almost there...

We have one Exchange 2003 server and one new Exchange 2010 server.  We will migrate all the mailboxes to the 2010 server in due course and decommission the 2003 server.

It is all good except for ActiveSync.  When we switched the incoming mail flow from our firewall to the 2010 server, ActiveSync, used by iPhones, would not work.  The message on the 2010 server was that a proxy call to the 2003 server timed out.  I expect this is to do with the legacy.domain.com settings or a routing issue.  (We have integrated windows suthentication set on the 2003 ActiveSync web and the patch installed).

We have only 1 public IP address.  The external DNS has mail.domain.com, legacy.domain.com and autodiscover.domain.com all pointed to that IP.  All port 25 and port 443 traffic will be routed by the firewall to the 2010 server (we tried this change then switched it back when activesync was not working).

I have in the hosts file on the 2010 server an entry for legacy.domain.com, pointing to the 2003 server.  That is obviouly not enough.  

Some people say they never use the legacy.domain.com settings and that Exchange sorts itself out in this simple setup.  Is that so?  Or do I need some hosts entries on the Exchange 2003 server as well?  What does the Exchange 2003 server look for to respond to ActiveSync requests?

This configuration could not be simpler.  There must be a standard way to set it up, but the more I read the more unclear it becomes...

All suggestions appreciated...


Avatar of undefined
Last Comment

8/22/2022 - Mon


Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Thanks for these comments. I shall certainly check AD fir the inherited permissions. Almost all of our users will be migrated.

The second public IP may be the solution but I was hoping to avoid that if possible.  Is there no other way. We do not manage our firewall (Cisco) so our ISP may need to advise us what's possible there.

Thanks again


A related queston - I have not yet been able to prove the solution to this issue yet - tomorrow hopefully...

Can I set an internal URL for the attribute Exchange2003Url in the OWAVirtualDirectory?

That is

Set-OWAVirtualDirectory -Identity "MYSERVER\owa (Default Web Site)" -Exchange2003URL https://oldserver.domain.local/exchange

rather than

Set-OWAVirtualDirectory -Identity "MYSERVER\owa (Default Web Site)" -Exchange2003URL https://legacy.domain.com/exchange
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

OK, all done.

I set up the external DNS for legacy.domain.com pointing to a second public IP and routed mail traffic to the Exchange 2003 mail server.  When we changed the incoming mail flow to the Exchange 2010 server I was still not able to get ActiveSync to work for mailboxes on the 2003 server.  Outlook Anywhere was OK but not ActiveSync.  

We changed a few iPhones to use legacy.domain.com as the name of their mail server (instead of mail.domain.com) and they worked fine.  This was just to keep them on line until we moved them to the new server, then they change back.

When we tested connectivity from Exchange 2010 the autodiscovery and certificates worked fine but the xml data was not returned.  On the Exchange 2010 server the Application event log said that the proxy call to the Exchange 2003 server times out.  There was not error on the Exhcnage 2003 server log.  I had Integrated Windows Authentication enabled as well as basic authentication.  I don't know if having basic still there was the cause of the problem.

Case closed.  Thanks for the help offered...

 - Neil