Solved

Migration of Exchange 2007 on SBS 2008 to Exchange 2010 Activesync issue

Posted on 2012-03-22
11
747 Views
Last Modified: 2012-04-05
I followed the instructions in the attached link: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_25005312.html to migrate Exchange 2007 running on Windows SBS 2008 to Exchange 2010 running on Windows Server 2008 R2 on a completely separate server.

Nearly everything is working correctly except for Activesync. When trying to connect a device via Activesync, the automatic configuration option fails. According to the log on the device, there appears to be an issue with the certificate:

"checking certificate...checking to see if server is self-signed:
https://remote.mydomain.com Server cert not trusted, setting accept all certs
Checking Activesync with SSL...
ActiveSync location returned HTTP code 404: Not Found
ActiveSync version check returned negative, but still trying for 12.1"

Also, each time a user opens Outlook, they are prompted with a security alert. The security alert indicates that the name on security certificate is invalid or does not match the name of the site.

As info, the certificate we are using is NOT a self-signed certificate. We were using a go-Daddy certificate on the SBS server. The external web address of the old SBS exchange server, remote.mydomain.com, was simply re-assigned to the new exchange server. As such, I rekeyed the certificate last night. I generated a request from the Exchange 2010 server and used that request to rekey the certificate. After installing the certificate, I configured the IIS service to use this newly rekeyed certificate.

I'm sure I've missed something but I'm at a loss at this point. Certificates are not my expertise!
0
Comment
Question by:dsurrett2
  • 6
  • 5
11 Comments
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 37753676
The issue is likely caused by Autodiscover being configured to use a different host name than your certificate contains. Follow the instructions here: http://www.thirdtier.net/2011/06/setting-up-autodiscover-for-sbs-2011/ and see if that helps.
0
 

Author Comment

by:dsurrett2
ID: 37753911
I added the SRV record to my public DNS server and that didn't seem to make a difference. We did not have any issues with this prior to migrating from Exchange 2007/SBS 2008 to Exchange 2010/Server 2008 R2. Prior to the migration, we were not using any autodiscover SRV record and the activesync clients connected just fine.

In addition, we are still getting a security alert in Outlook complaining about the name in the security certificate each time Outlook opens. This occurs even for Outlook clients that are connected directly to the Exchange 2010 server on the same LAN/Domain. I wouldn't think these clients are using Autodiscover, are they?
0
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 37753939
Outlook clients after 2003 utilize Autodiscover for a lot of different purposes. You may also need to set the autodiscover virtual directory to use the appropriate URL.

set-autodiscovervirtualdirectory -internalurl "https://remote.mydomain.com/autodiscover/autodiscover.html" -externalurl "https://remote.mydomain.com/autodiscover/autodiscover.xml"

Also note that changes to your Public DNS settings may actually take a good bit of time to take affect depending on TTLs.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:dsurrett2
ID: 37754146
Please forgive my exchange "newbie-ness"... the Exchange Mgmt shell command is prompting me for an Identity when I run the above command. What is the identity value supposed to be?
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 37754622
Put get-autodiscovervirtualdirectory | in front of that line and that should take care of it.
0
 

Author Comment

by:dsurrett2
ID: 37754830
Ok, that helped. When I run get-autodiscovervirtualdirectory, I can see the url is populated for the old server (still) and now the new server is populated as well. They both point to the same external url.

How do I get rid of the url info for the old server?
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 37754860
Is the old server still online? If not, you might need to clear out the server information in ADSIEdit. Open ADSIEdit, connect to Configuration, go to Services\Microsoft Exchange\First Organization\Administrative Groups\Exchange Administrative Group (FYDIBOHF23SPDLT)\Servers
Then remove any servers there that no longer exist. If the server *is* still online, the Virtual directories for that server will exist until it's taken offline or Exchange 2007 is removed from the server (in the case of SBS 2008, Exchange *can't* be removed)
0
 

Author Comment

by:dsurrett2
ID: 37754874
The Exchange server is still online. I can't uninstall Exchange because it keeps telling me I have a public folder database in the second storage group. Try as I may to remove this database, EMC will not let me.

So, basically, what you are telling me is that I won't have a fully operational Exchange 2010 until I completely remove the SBS server from the domain?
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 37754926
Yeah, pretty much. SBS likes to control the world. But what you have should be *functional*, just not optimum and probably not supported by MS. That's why SBS is so cheap. If you have a full version of Exchange, you'll also need to deploy a full Windows 2008 DC to manage AD for it.
0
 

Author Comment

by:dsurrett2
ID: 37755527
I may not have been clear in my opening rambling but just to clarify, I have Exchange 2010 already installed on a separate server that is running Windows Server 2008R2. This new server is a domain controller already.

When I installed Exchange 2010, it automatically recognized Exchange 2007 on the SBS server and I was able to migrate all the mailboxes and users to Exchange 2010. However, I cannot uninstall Exchange 2007 and cannot remove the external url link (which happens to be the same as my new server).
0
 

Author Comment

by:dsurrett2
ID: 37813968
So, in the end, the problem I was having with Activesync turned out to be a NAT policy issue on the firewall. However, all the above suggestions were helpful as well and were all things I needed to check/validate anyway.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Find out what you should include to make the best professional email signature for your organization.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question