?
Solved

Migration of Exchange 2007 on SBS 2008 to Exchange 2010 Activesync issue

Posted on 2012-03-22
11
Medium Priority
?
762 Views
Last Modified: 2012-04-05
I followed the instructions in the attached link: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_25005312.html to migrate Exchange 2007 running on Windows SBS 2008 to Exchange 2010 running on Windows Server 2008 R2 on a completely separate server.

Nearly everything is working correctly except for Activesync. When trying to connect a device via Activesync, the automatic configuration option fails. According to the log on the device, there appears to be an issue with the certificate:

"checking certificate...checking to see if server is self-signed:
https://remote.mydomain.com Server cert not trusted, setting accept all certs
Checking Activesync with SSL...
ActiveSync location returned HTTP code 404: Not Found
ActiveSync version check returned negative, but still trying for 12.1"

Also, each time a user opens Outlook, they are prompted with a security alert. The security alert indicates that the name on security certificate is invalid or does not match the name of the site.

As info, the certificate we are using is NOT a self-signed certificate. We were using a go-Daddy certificate on the SBS server. The external web address of the old SBS exchange server, remote.mydomain.com, was simply re-assigned to the new exchange server. As such, I rekeyed the certificate last night. I generated a request from the Exchange 2010 server and used that request to rekey the certificate. After installing the certificate, I configured the IIS service to use this newly rekeyed certificate.

I'm sure I've missed something but I'm at a loss at this point. Certificates are not my expertise!
0
Comment
Question by:dsurrett2
  • 6
  • 5
11 Comments
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 2000 total points
ID: 37753676
The issue is likely caused by Autodiscover being configured to use a different host name than your certificate contains. Follow the instructions here: http://www.thirdtier.net/2011/06/setting-up-autodiscover-for-sbs-2011/ and see if that helps.
0
 

Author Comment

by:dsurrett2
ID: 37753911
I added the SRV record to my public DNS server and that didn't seem to make a difference. We did not have any issues with this prior to migrating from Exchange 2007/SBS 2008 to Exchange 2010/Server 2008 R2. Prior to the migration, we were not using any autodiscover SRV record and the activesync clients connected just fine.

In addition, we are still getting a security alert in Outlook complaining about the name in the security certificate each time Outlook opens. This occurs even for Outlook clients that are connected directly to the Exchange 2010 server on the same LAN/Domain. I wouldn't think these clients are using Autodiscover, are they?
0
 
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 2000 total points
ID: 37753939
Outlook clients after 2003 utilize Autodiscover for a lot of different purposes. You may also need to set the autodiscover virtual directory to use the appropriate URL.

set-autodiscovervirtualdirectory -internalurl "https://remote.mydomain.com/autodiscover/autodiscover.html" -externalurl "https://remote.mydomain.com/autodiscover/autodiscover.xml"

Also note that changes to your Public DNS settings may actually take a good bit of time to take affect depending on TTLs.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:dsurrett2
ID: 37754146
Please forgive my exchange "newbie-ness"... the Exchange Mgmt shell command is prompting me for an Identity when I run the above command. What is the identity value supposed to be?
0
 
LVL 43

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 37754622
Put get-autodiscovervirtualdirectory | in front of that line and that should take care of it.
0
 

Author Comment

by:dsurrett2
ID: 37754830
Ok, that helped. When I run get-autodiscovervirtualdirectory, I can see the url is populated for the old server (still) and now the new server is populated as well. They both point to the same external url.

How do I get rid of the url info for the old server?
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 37754860
Is the old server still online? If not, you might need to clear out the server information in ADSIEdit. Open ADSIEdit, connect to Configuration, go to Services\Microsoft Exchange\First Organization\Administrative Groups\Exchange Administrative Group (FYDIBOHF23SPDLT)\Servers
Then remove any servers there that no longer exist. If the server *is* still online, the Virtual directories for that server will exist until it's taken offline or Exchange 2007 is removed from the server (in the case of SBS 2008, Exchange *can't* be removed)
0
 

Author Comment

by:dsurrett2
ID: 37754874
The Exchange server is still online. I can't uninstall Exchange because it keeps telling me I have a public folder database in the second storage group. Try as I may to remove this database, EMC will not let me.

So, basically, what you are telling me is that I won't have a fully operational Exchange 2010 until I completely remove the SBS server from the domain?
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 37754926
Yeah, pretty much. SBS likes to control the world. But what you have should be *functional*, just not optimum and probably not supported by MS. That's why SBS is so cheap. If you have a full version of Exchange, you'll also need to deploy a full Windows 2008 DC to manage AD for it.
0
 

Author Comment

by:dsurrett2
ID: 37755527
I may not have been clear in my opening rambling but just to clarify, I have Exchange 2010 already installed on a separate server that is running Windows Server 2008R2. This new server is a domain controller already.

When I installed Exchange 2010, it automatically recognized Exchange 2007 on the SBS server and I was able to migrate all the mailboxes and users to Exchange 2010. However, I cannot uninstall Exchange 2007 and cannot remove the external url link (which happens to be the same as my new server).
0
 

Author Comment

by:dsurrett2
ID: 37813968
So, in the end, the problem I was having with Activesync turned out to be a NAT policy issue on the firewall. However, all the above suggestions were helpful as well and were all things I needed to check/validate anyway.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question