Solved

Migration of Exchange 2007 on SBS 2008 to Exchange 2010 Activesync issue

Posted on 2012-03-22
11
754 Views
Last Modified: 2012-04-05
I followed the instructions in the attached link: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_25005312.html to migrate Exchange 2007 running on Windows SBS 2008 to Exchange 2010 running on Windows Server 2008 R2 on a completely separate server.

Nearly everything is working correctly except for Activesync. When trying to connect a device via Activesync, the automatic configuration option fails. According to the log on the device, there appears to be an issue with the certificate:

"checking certificate...checking to see if server is self-signed:
https://remote.mydomain.com Server cert not trusted, setting accept all certs
Checking Activesync with SSL...
ActiveSync location returned HTTP code 404: Not Found
ActiveSync version check returned negative, but still trying for 12.1"

Also, each time a user opens Outlook, they are prompted with a security alert. The security alert indicates that the name on security certificate is invalid or does not match the name of the site.

As info, the certificate we are using is NOT a self-signed certificate. We were using a go-Daddy certificate on the SBS server. The external web address of the old SBS exchange server, remote.mydomain.com, was simply re-assigned to the new exchange server. As such, I rekeyed the certificate last night. I generated a request from the Exchange 2010 server and used that request to rekey the certificate. After installing the certificate, I configured the IIS service to use this newly rekeyed certificate.

I'm sure I've missed something but I'm at a loss at this point. Certificates are not my expertise!
0
Comment
Question by:dsurrett2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 37753676
The issue is likely caused by Autodiscover being configured to use a different host name than your certificate contains. Follow the instructions here: http://www.thirdtier.net/2011/06/setting-up-autodiscover-for-sbs-2011/ and see if that helps.
0
 

Author Comment

by:dsurrett2
ID: 37753911
I added the SRV record to my public DNS server and that didn't seem to make a difference. We did not have any issues with this prior to migrating from Exchange 2007/SBS 2008 to Exchange 2010/Server 2008 R2. Prior to the migration, we were not using any autodiscover SRV record and the activesync clients connected just fine.

In addition, we are still getting a security alert in Outlook complaining about the name in the security certificate each time Outlook opens. This occurs even for Outlook clients that are connected directly to the Exchange 2010 server on the same LAN/Domain. I wouldn't think these clients are using Autodiscover, are they?
0
 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 37753939
Outlook clients after 2003 utilize Autodiscover for a lot of different purposes. You may also need to set the autodiscover virtual directory to use the appropriate URL.

set-autodiscovervirtualdirectory -internalurl "https://remote.mydomain.com/autodiscover/autodiscover.html" -externalurl "https://remote.mydomain.com/autodiscover/autodiscover.xml"

Also note that changes to your Public DNS settings may actually take a good bit of time to take affect depending on TTLs.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:dsurrett2
ID: 37754146
Please forgive my exchange "newbie-ness"... the Exchange Mgmt shell command is prompting me for an Identity when I run the above command. What is the identity value supposed to be?
0
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 37754622
Put get-autodiscovervirtualdirectory | in front of that line and that should take care of it.
0
 

Author Comment

by:dsurrett2
ID: 37754830
Ok, that helped. When I run get-autodiscovervirtualdirectory, I can see the url is populated for the old server (still) and now the new server is populated as well. They both point to the same external url.

How do I get rid of the url info for the old server?
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 37754860
Is the old server still online? If not, you might need to clear out the server information in ADSIEdit. Open ADSIEdit, connect to Configuration, go to Services\Microsoft Exchange\First Organization\Administrative Groups\Exchange Administrative Group (FYDIBOHF23SPDLT)\Servers
Then remove any servers there that no longer exist. If the server *is* still online, the Virtual directories for that server will exist until it's taken offline or Exchange 2007 is removed from the server (in the case of SBS 2008, Exchange *can't* be removed)
0
 

Author Comment

by:dsurrett2
ID: 37754874
The Exchange server is still online. I can't uninstall Exchange because it keeps telling me I have a public folder database in the second storage group. Try as I may to remove this database, EMC will not let me.

So, basically, what you are telling me is that I won't have a fully operational Exchange 2010 until I completely remove the SBS server from the domain?
0
 
LVL 41

Expert Comment

by:Adam Brown
ID: 37754926
Yeah, pretty much. SBS likes to control the world. But what you have should be *functional*, just not optimum and probably not supported by MS. That's why SBS is so cheap. If you have a full version of Exchange, you'll also need to deploy a full Windows 2008 DC to manage AD for it.
0
 

Author Comment

by:dsurrett2
ID: 37755527
I may not have been clear in my opening rambling but just to clarify, I have Exchange 2010 already installed on a separate server that is running Windows Server 2008R2. This new server is a domain controller already.

When I installed Exchange 2010, it automatically recognized Exchange 2007 on the SBS server and I was able to migrate all the mailboxes and users to Exchange 2010. However, I cannot uninstall Exchange 2007 and cannot remove the external url link (which happens to be the same as my new server).
0
 

Author Comment

by:dsurrett2
ID: 37813968
So, in the end, the problem I was having with Activesync turned out to be a NAT policy issue on the firewall. However, all the above suggestions were helpful as well and were all things I needed to check/validate anyway.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question