Solved

SBS2003 > SBS2011 Migration - Exchange 2003/2010 not behaving correctly

Posted on 2013-05-17
12
469 Views
Last Modified: 2013-06-22
I just installed a new SBS2011 server into a network with ISA Server. (Taken it over, not our initial setup).

The old SBS was configured with ISA Server and two NIC's. The internal IP range is 172.16.0.0

I have configured the new SBS2011 with the name 'SERVER01' and an IP of 172.16.0.50 and the previous SBS/ISA/Exchange server is listening on 172.16.0.1.

The end-result is to rip out ISA completely and implement a hardware firewall - but for now - I want to avoid complete carnage and phase it out gently!

I created a new mailbox called 'Test' on the new SBS2011 Server on a fresh MailboxDB. I then attempted to send a test email from 'administrator@mydomain.local' to 'test@mydomain.local' and it's stuck in the outgoing queue...

I'm stumped! I can send from the SBS2011 mailbox fine, but receiving is a no-no. I haven't even bothered attempting to receive from the internet yet, as if internal doesn't work I doubt much else will.

I've allowed all traffic between 172.16.0.1 & 172.16.0.50 through ISA server, and I can telnet to port 25 from each exchange server.

Thanks in advance
0
Comment
Question by:UncleVirus
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 39176579
I have configured the new SBS2011 with the name 'SERVER01' and an IP of 172.16.0.50 and the previous SBS/ISA/Exchange server is listening on 172.16.0.1.

Did you do the migration using the migration tools?
Did you also run the wizards .. With SBS always, always run the wizards

Having 2 SB Servers  will have problems.. you can only have 1 per domain.
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39177089
Agreed that you have to follow the migration documents, either from MS or from www.sbsmigration.com, and adding that you should acquire a hardware firewall at the edge and remove ISA from the SBS 2003 server before you begin.  Otherwise, do a greenfield install, remove the isa connector from all the clients (you have to do this anyway) then secure the profiles, disjoin and rejoin the new domain.

BTW, there are several excellent "how toos" on migrations on this forum.  Here is one that is often referred to:  
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2881-Migrate-Small-Business-Server-2003-to-Exchange-2010-and-Windows-2008-R2.html
0
 
LVL 1

Author Comment

by:UncleVirus
ID: 39177593
Thank you both for your input - I must add, I'm doing this 100% by the book - I've done tons of migrations from 2003>2010 before but never with ISA... I wanted to avoid taking the network apart if at all possible but what you've just said reinforces the fact that I am going to have to rip ISA server out of the equation before I continue otherwise I'm going to keep running into these hiccups.

I will go ahead and drop ISA server and place the router onto the same subnet and modify DHCP. Thanks for your help chaps!
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39177892
Here is an excellent article on removing ISA.... except for one thing, do not worry about switching the NIC cables and IP addresses.  The author has admitted he would not do this now, but just hasent changed the blog:

http://msmvps.com/blogs/kwsupport/archive/2008/09/07/uninstalling-isa-2004.aspx
0
 
LVL 1

Author Comment

by:UncleVirus
ID: 39193912
Okay, so ISA removed from the equation.

I still CANNOT get email to be accepted!

Email is coming in to SERVER.mydomain.local & then it is travelling via a routing group connector to SERVER01.mydomain.local

I can now see it sat in the queue: (See attached screenshot):

routing queue
This will sit in the queue, then send an NDR (It won't actually send one.. I have no idea why).

AntiSpam is not an issue as I've set exceptions for my domain.. this is crazy!
0
 
LVL 1

Author Comment

by:UncleVirus
ID: 39200431
Any ideas please? Surely someone can help me troubleshoot basic mail flow between two SBS servers. :-(
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 39207784
Hi UncleVirus,

Before jumping in i'd like to confirm I've understood the details....

SBS 2003 with ISA server - assuming the SBS has 2 NICs (LAN & WAN) and the LAN was the default gateway for the entire network?

the migration has gone generally well and no errors have been identified

you have removed ISA server and added a hardware firewall. Is this now the default gateway for the entire network (including both servers) Have you removed the WAN NIC from the 2003 server?

you have mail users on the 2003 box and you have created one on the new 2011
the 2011 user CAN send (assuming to a user on  the 2003 box) but users from the 2003 box CANNOT send to the user on the 2011 box?

You haven't tested external mailflow.

OK< assuming that's all right, there's a few things to try to give us a clue which way to take this.

a) create/move another user to the 2011 box and confirm that mail flows from 2011 > 2011 OK.
b) list the connectors on the system (Get-RoutingGroupConnector | fl) and post them here
c) check you don't have any smarthosts set in your 2003 exchange send connectors or virtual SMTP server
d) enable smtp send logging on the 2003 box so you can see what actually happens when you try to send a message. this may reveal if an attempt to connect to the 2011 is ever actually made.
0
 
LVL 1

Author Comment

by:UncleVirus
ID: 39259744
The *sole* reason for this malfunctioning, was that the Exchange 2003 server had a smart host defined in SMTP Virtual Server. This completely broke the internal routing of everything between 2003 > 2010 - Always check this first in future! Appreciate all the help anywho :o)
0
 
LVL 1

Author Comment

by:UncleVirus
ID: 39265826
I've requested that this question be closed as follows:

Accepted answer: 0 points for UncleVirus's comment #a39259744

for the following reason:

The *sole* reason for this malfunctioning, was that the Exchange 2003 server had a smart host defined in SMTP Virtual Server. This completely broke the internal routing of everything between 2003 > 2010 - Always check this first in future! Appreciate all the help anywho :o)
0
 
LVL 27

Expert Comment

by:Steve
ID: 39265827
point 'c' of my response recommended checking the existence of a smarthost in the send connector and was a valid answer to your question.
0
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 39265864
fwiw, agreeing.  There were two answers that improved your migration experience.  SMTP connector was the final one, but the need to and instructions for removing ISA was also necessary.
0
 
LVL 1

Author Closing Comment

by:UncleVirus
ID: 39265898
Apologies chaps; I skimmed over this far too quickly as EE was pestering me to deal with it!

I'll award points where necessary. I hope you don't think any less of me :-P

The SMTP Smarthost was key to solving this issue. I hope this will help someone else (And no doubt it will!)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now