Exchange 2007, Exchange 2013 coexistence activesync Issue

I am in the process of migrating from exchange 2007 to exchange 2013.
I have created an external and INternal legacy name space .  I have configured the 2013 Cas servers with the internal/external URLs : https://webmail.domain.com and the 2007 CAS servers with the internal/external URLs: https:legacy.domain.com  for all virtual directories.

OWA redirect, from 2013 to 2007 works without any issues.  Autodiscover works great and autoupdated all outlook profiles with in the domain.

the only issue i am having is with activesync.  If i configure a mailbox on the 2013 server with activesync it works no issue.  If i try to use active sync with a 2007 mailbox it fails.

the account is created on the iphone and android without issue.  

the problem is when you try to sync i get the error message on all 2007 accounts on phones

" can not get mail, rejected by server"
mndthegap1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Have you tried to proxy ActiveSync? It doesn't redirect well.
Remove the external URL from the ActiveSync configuration in Exchange 2007 and point all clients at Exchange 2013.

Simon.
0
mndthegap1Author Commented:
Thank you for the comment. I will try that. I still have to put the legacy for all other external directories and internal ?
0
Simon Butler (Sembee)ConsultantCommented:
Exchange 2013 doesn't proxy for the other services, just ActiveSync and Outlook Anywhere. Therefore you will need the legacy host name for everything else.

Simon.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

mndthegap1Author Commented:
Simon thank you very much. I am going to try this tonight.
one final question for the activesync internal url should I set to legacy or use the FQDN ?
0
Simon Butler (Sembee)ConsultantCommented:
As long as it resolves internally to the correct IP address and is on the SSL certificate, it doesn't matter. Usually I would use legacy for both internal and external traffic, with a split DNS in place to ensure that internally legacy resolves to the correct internal IP address.

Simon.
0
mndthegap1Author Commented:
I configured everything but still am having issues only with autodiscover, everything else works without a problem.
now if I configure a 2007 or 2013 mailbox on a phone/device and run the connectivity test I get the following error:  

( I have verified that inheritable permissions is checked on the accounts so that's not it.  I have also checked that Basic and ignore client cert is checked on activesync directories for both 07 and 13 exchange servers,  I have deleted all devices for the user in exchange)


Testing HTTP Authentication Methods for URL https://webmail.domain.com/Microsoft-Server-ActiveSync.
  The HTTP authentication test failed.
 
 Additional Details
 
An HTTP 500 response was returned from Unknown.
Headers received:
Content-Length: 75
Content-Type: text/html
Date: Tue, 22 Oct 2013 00:37:36 GMT
Server: Microsoft-IIS/8.0


Elapsed Time: 102 ms.
0
Simon Butler (Sembee)ConsultantCommented:
I would remove and recreate the ActiveSync virtual directory so that you know it is back to the default configuration. The only change you have to make to it is setting the correct URLs.

Simon.
0
mndthegap1Author Commented:
thank you everyone for the comments.  ultimately I was able to resolve the issue with redirect by running the following command and giving the exchange 2013 mailbox servers rights to the 2007 cas server

Get-ClientAccessServer -Identity 2007-CAS01 | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "domain\2013-MBX1$"

as for the 500 error that was resolved by editing the Webconfig and removing the following:

 <httpErrors>
            <remove statusCode="500" subStatusCode="-1" />
            <remove statusCode="403" subStatusCode="-1" />
            <error statusCode="403" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="403.htm" responseMode="File" />
            <error statusCode="500" prefixLanguageFilePath="%SystemDrive%\inetpub\custerr" path="500.htm" responseMode="File" />
        </httpErrors>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mndthegap1Author Commented:
the state solution was what worked and resolved the issues.
I appreciate everyones time and help trying to assist in resolving the issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.