Solved

Exchange 2010 and 2003 ActiveSync and RPC over HTTP Coexistence

Posted on 2013-05-23
7
1,013 Views
Last Modified: 2013-07-08
Hello,
     I am almost done with my Exchange migration, but I have run into a snag. First, let me give a background on the current setup. We have an Exchange 2003 server and an Exchange 2010 server in coexistence, and email filtering from MXLogic. I can access both servers without issue from inside the network. However, since we only have one static IP, the mailboxes on the Exchange 2010 server cannot be accessed from the outside, that is, with ActveSync, OWA, or RPC over HTTP. I guess this is likely because the router/firewall is configured to pass exchange traffic to the 2003 server. What I'd like to be able to do is use both servers from the outside if possible. Is there a way to make the traffic flow to the exchange 2010 server from MXLogic, and then make the Exchange 2003 server a kind of backend server? Although, the mailboxes on 2003 should still be accessible via ActiveSync and RPC over HTTP. Thanks!
0
Comment
Question by:indigo6
  • 4
  • 3
7 Comments
 
LVL 12

Accepted Solution

by:
Julian123 earned 500 total points
ID: 39192841
Yes, you can do this. When I set up Exchange with 2003, I configure the firewall to direct all incoming SMTP (port 25) and ActiveSync/RPCHTTP (443) to Exchange 2010. Exchange 2010 will pass any incoming SMTP email to Exchange 2003 as needed. For ActiveSync and RPC/HTTP, it will also proxy those connections to Exchange 2003.

Please note that this will not work for Outlook Web App, as making network requires having a separate, publicly accessible, URL and IP for Exchnage 2003.
0
 
LVL 12

Expert Comment

by:Julian123
ID: 39192846
As some additional background, here is an article describing how proxying works: http://www.exchangebytes.com/?p=598

And one other from Microsoft: http://blogs.technet.com/b/exchange/archive/2009/12/08/3408985.aspx
0
 

Author Comment

by:indigo6
ID: 39192980
Ok, nobody uses OWA on 2003 anyway, so that's good. So no configuration necessary on the exchange servers? All I need to do is configure the firewall?

I noticed that when I created a test account on the 2003 server and tried to connect to it via the 2010 server it failed to verify. (Testing from iOS)
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 12

Expert Comment

by:Julian123
ID: 39193024
There is a step you need to take on Exchange 2010, specifically setting the appropriate authentication mechanism on Exchange 2003.

Please take a look at this page: http://technet.microsoft.com/en-us/library/ee332348(v=exchg.141).aspx. Under the heading "installing exchange 2010, take a look at step seven.

In general, though, I do recommend looking through the whole page just to see if you've done all the steps it recommends.
0
 

Author Comment

by:indigo6
ID: 39197200
Ok, I did all the steps. Thanks! Is there a way I can test the proxying before going live on the router?
0
 

Author Comment

by:indigo6
ID: 39297936
I had to do one more step, specifically disabling the SSL requirement on the Microsoft-Server-ActiveSync vdir on the Exchange 2003 server, and it worked.

I'm setting the router to use the Exchange 2010 server this weekend. Is there any way to test first? Thanks!
0
 

Author Closing Comment

by:indigo6
ID: 39307931
In this case, since we had a single server combination front end / back end Exchange 2003 server, it took several things to get Exchange 2010 to proxy Exchange 2003:

1. Enable Windows Integrated Authentication on the Exchange Active Sync Virtual directory on the Exchange 2003 server using the Exchange System Manager. (Install this hotfix if necessary: http://support.microsoft.com/?kbid=937031)
2. Disable Forms based authentication on the Default Web Site on the Exchange 2003 server. I did not have to reset the Directories though. A simple restart, or restart of the IIS services did it.
3. Disable the SSL requirement on the Exchange, and Exchange Active Sync virtual directories. (Since the Exchange 2003 server no longer faces the Internet) Again, restart the services, or reboot the server.

This was mainly for ActiveSync, but RPC over HTTP (Outlook anywhere) worked fine as well.

Thanks!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 Plans with Exchange Online 2 37
Active Directory UPN Suffix Question 5 43
Lync to Skype for Business 2 20
exchange, owa, script 20 13
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question