Solved

Problem on Exchange 2013 Transitioning

Posted on 2014-02-19
7
263 Views
Last Modified: 2014-02-20
Hi Experts,

We are on transitioning from Exchange 2010 to Exchange 2013, on Exchange 2010  we have two HT/CAS Servers (combine role) and two MB Servers while on Exchange 2013 we also have two CAS and two MB Server. The rpc client access is mail.domain.local of Exchange 2010 while I created NLB on two Exchange 2013 CAS with name mail01.domain.local.  When we migrated the users from Exchange 2010 Mailbox Database to Exchange 2013 Database users can access easily on OWA and all mail flow are OK,but on the outlook configuration we can configure the user if we use mail01.domain.local, name will be resolve if we use the old FQDN of client access array mail.domain.local but when we open the Outlook an error is always occurred (See attachement).

Exchange 2013 Outlook 2010 Problem
Hope can you help me on this.

Thanks,
0
Comment
Question by:junyap
  • 4
  • 3
7 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39869989
First - did you test Outlook before implementing WNLB?
If not, then undo WNLB and test it again. Furthermore the Microsoft Exchange team do not recommend the use of WNLB.

Next - Outlook should not be configured manually, you MUST allow Autodiscover to do it. That is because on Exchange 2013 the server name in Outlook is unique for every user. This is due to the change in the architecture of Exchange 2013.

Therefore the first thing I would be looking at is whether Autodiscover is working correctly.

Simon.
0
 
LVL 1

Author Comment

by:junyap
ID: 39870074
Hi Simon,

I have not tested the outlook before I implement the WNLB. I just used it since I do not have hardware load balancer.  For the autodiscover should I point it on my two CAS Server?  Also I found something on the databases of Exchange 2013 that they inherited the fqdn of client access array of my exchange 2010, Can this be related to the problem? Hope that can you also provide link on better transition to Exchange 2013.

Thanks,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39870480
"I have not tested the outlook before I implement the WNLB."

That was a mistake, because you the problem of WNLB (which is a very poor tool) getting in way. I would undo WNLB completely.

Personally I wouldn't have deployed the separate CAS role servers. Instead of the additional licences those involve, I would have used the money for hardware load balancers. Much better solution all round.

Exchange 2013 doesn't use the CAS Array setting at all, so while they may have inherited, they shouldn't be using it. Exchange 2013 only connects via Outlook Anywhere, so you have to test there, along with Autodiscover.

Have you tested Autodiscover to see if it works?
Do you have a trusted SSL certificate in place?

Simon.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 1

Author Comment

by:junyap
ID: 39870868
Hi Simon,

Yes I have SSL for autodiscover but it is still pointed on the legacy server. Do you recommend that I should combine the roles instead of having two CAS and MB server
0
 
LVL 1

Author Comment

by:junyap
ID: 39872489
Hi Simon,

I already removed the two CAS Servers and install the role to MB. For now I still cannot connect to Outlook, it appearing the certificate but the name resolve was the local name of the MB server (MBX02.domain.local)  which is far different from our SSL name (mail.domain.com). Should I request that the server has certificate?

Thanks,
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39873022
No, you just need to change all of the URLs within Exchange to use the name on your trusted SSL certificate and then configure a SPLIT DNS system so that the external name resolves internally.

http://semb.ee/splitdns

Simon.
0
 
LVL 1

Author Comment

by:junyap
ID: 39873279
Hi Simon,

You are correct before your comment I read this article
http://exchangeserverpro.com/avoiding-exchange-2013-server-names-ssl-certificates/

Which solve my problem on configuring outlook. I created my external domain (domain.com) inside my internal DNS to resolve the name inside the SSL.

Thanks,
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Learn how to make your own table of contents in Microsoft Word using paragraph styles and the automatic table of contents tool. We'll be using the paragraph styles in Word’s Home toolbar to help you create a table of contents. Type out your initial …
how to add IIS SMTP to handle application/Scanner relays into office 365.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now