Migration of Exchange 2007 on SBS 2008 to Exchange 2010 Activesync issue

I followed the instructions in the attached link: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_25005312.html to migrate Exchange 2007 running on Windows SBS 2008 to Exchange 2010 running on Windows Server 2008 R2 on a completely separate server.

Nearly everything is working correctly except for Activesync. When trying to connect a device via Activesync, the automatic configuration option fails. According to the log on the device, there appears to be an issue with the certificate:

"checking certificate...checking to see if server is self-signed:
https://remote.mydomain.com Server cert not trusted, setting accept all certs
Checking Activesync with SSL...
ActiveSync location returned HTTP code 404: Not Found
ActiveSync version check returned negative, but still trying for 12.1"

Also, each time a user opens Outlook, they are prompted with a security alert. The security alert indicates that the name on security certificate is invalid or does not match the name of the site.

As info, the certificate we are using is NOT a self-signed certificate. We were using a go-Daddy certificate on the SBS server. The external web address of the old SBS exchange server, remote.mydomain.com, was simply re-assigned to the new exchange server. As such, I rekeyed the certificate last night. I generated a request from the Exchange 2010 server and used that request to rekey the certificate. After installing the certificate, I configured the IIS service to use this newly rekeyed certificate.

I'm sure I've missed something but I'm at a loss at this point. Certificates are not my expertise!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
The issue is likely caused by Autodiscover being configured to use a different host name than your certificate contains. Follow the instructions here: http://www.thirdtier.net/2011/06/setting-up-autodiscover-for-sbs-2011/ and see if that helps.
dsurrett2Author Commented:
I added the SRV record to my public DNS server and that didn't seem to make a difference. We did not have any issues with this prior to migrating from Exchange 2007/SBS 2008 to Exchange 2010/Server 2008 R2. Prior to the migration, we were not using any autodiscover SRV record and the activesync clients connected just fine.

In addition, we are still getting a security alert in Outlook complaining about the name in the security certificate each time Outlook opens. This occurs even for Outlook clients that are connected directly to the Exchange 2010 server on the same LAN/Domain. I wouldn't think these clients are using Autodiscover, are they?
Adam BrownSr Solutions ArchitectCommented:
Outlook clients after 2003 utilize Autodiscover for a lot of different purposes. You may also need to set the autodiscover virtual directory to use the appropriate URL.

set-autodiscovervirtualdirectory -internalurl "https://remote.mydomain.com/autodiscover/autodiscover.html" -externalurl "https://remote.mydomain.com/autodiscover/autodiscover.xml"

Also note that changes to your Public DNS settings may actually take a good bit of time to take affect depending on TTLs.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

dsurrett2Author Commented:
Please forgive my exchange "newbie-ness"... the Exchange Mgmt shell command is prompting me for an Identity when I run the above command. What is the identity value supposed to be?
Adam BrownSr Solutions ArchitectCommented:
Put get-autodiscovervirtualdirectory | in front of that line and that should take care of it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dsurrett2Author Commented:
Ok, that helped. When I run get-autodiscovervirtualdirectory, I can see the url is populated for the old server (still) and now the new server is populated as well. They both point to the same external url.

How do I get rid of the url info for the old server?
Adam BrownSr Solutions ArchitectCommented:
Is the old server still online? If not, you might need to clear out the server information in ADSIEdit. Open ADSIEdit, connect to Configuration, go to Services\Microsoft Exchange\First Organization\Administrative Groups\Exchange Administrative Group (FYDIBOHF23SPDLT)\Servers
Then remove any servers there that no longer exist. If the server *is* still online, the Virtual directories for that server will exist until it's taken offline or Exchange 2007 is removed from the server (in the case of SBS 2008, Exchange *can't* be removed)
dsurrett2Author Commented:
The Exchange server is still online. I can't uninstall Exchange because it keeps telling me I have a public folder database in the second storage group. Try as I may to remove this database, EMC will not let me.

So, basically, what you are telling me is that I won't have a fully operational Exchange 2010 until I completely remove the SBS server from the domain?
Adam BrownSr Solutions ArchitectCommented:
Yeah, pretty much. SBS likes to control the world. But what you have should be *functional*, just not optimum and probably not supported by MS. That's why SBS is so cheap. If you have a full version of Exchange, you'll also need to deploy a full Windows 2008 DC to manage AD for it.
dsurrett2Author Commented:
I may not have been clear in my opening rambling but just to clarify, I have Exchange 2010 already installed on a separate server that is running Windows Server 2008R2. This new server is a domain controller already.

When I installed Exchange 2010, it automatically recognized Exchange 2007 on the SBS server and I was able to migrate all the mailboxes and users to Exchange 2010. However, I cannot uninstall Exchange 2007 and cannot remove the external url link (which happens to be the same as my new server).
dsurrett2Author Commented:
So, in the end, the problem I was having with Activesync turned out to be a NAT policy issue on the firewall. However, all the above suggestions were helpful as well and were all things I needed to check/validate anyway.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.