Solved

Exchange 2007 to 2010 Migration-Activesync

Posted on 2014-02-21
3
734 Views
Last Modified: 2014-02-24
Hello:

I am in the process of migrating from SBS 2008 to Windows Server 2008 R2 and Exchange 2010. So far, the migration has gone well, but I am running into a bit of a snag as far as Outlook Anywhere, Outlook Autodiscover, Exchange ActiveSync and Exchange ActiveSync Autodiscover are concerned. We have installed a UCC SAN certificate from Go Daddy on both servers (EXCHANGE2007 and EXCHANGE2010) with the following names: autodiscover.domain.com, legacy.domain.com, mail.domain.com, EXCHANGE2007.domain.com, EXCHANGE2010.domain.com, domain.com. The certificate is working just fine from outside the network (i.e., no errors). I have added the "autodiscover" name to the DNS that is hosted by our ISP and have added A records to our internal DNS for both "legacy" (points to EXCHANGE2007) and "autodiscover" (points to EXCHANGE2010) and changed the internal DNS record for  "mail" to point to EXCHANGE2010. From inside the network, everything seems to work as expected. To test, I created two test users (TEST1 and TEST2) and moved the mailbox of TEST2 to the EXCHANGE2010 server (after populating both mailboxes with test emails). Internally, the user (TEST1) whose mailbox resides on EXCHANGE2007 is being redirected to that server when they log in using OWA 2007 and the user whose mailbox is on EXCHANGE2010 (TEST2) is going to OWA 2010.

To test externally, I have opened ports 443 and 80 on our Sonicwall firewall and pointed it to the internal IP of the EXCHANGE2010 server. Everything seems to work well as far as OWA is concerned. By that I mean it mirrors what I see internally. However, all users who use an IPhone to connect remotely lose their connection to the server. When I use Microsoft's Remote Connectivity Analyzer to check Exchange ActiveSync, it results in an error of "Testing of OPTIONS command failed with a 403 forbidden response, Forbidden: Access is denied, You do not have permission to view this directory or page using the credentials that you supplied".

Since we have several users who connect with their IPhone from outside, I panicked and disabled the firewall rule that opened ports 443 and 80 to the EXCHANGE2010 server. I don't know if this matters or not, but the original firewall rules pointing ports 443 and 80 to EXCHANGE2007 were still active when I created the firewall rules to EXCHANGE2010 and I am not sure if I should have disabled these first.

I am sorry for such a longwinded post, but I feel I am very close to getting this to work and I need help!

Thank you very much and please let me know if additional information is needed.
0
Comment
Question by:ctsuhako
  • 2
3 Comments
 
LVL 8

Accepted Solution

by:
Jeff Perry earned 500 total points
Comment Utility
0
 

Author Comment

by:ctsuhako
Comment Utility
Thank you. The solution seemed to be to leave the External URL on the Exchange 2007 CAS empy.
0
 
LVL 8

Expert Comment

by:Jeff Perry
Comment Utility
You are welcome, glad you got it working.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Easy CSR creation in Exchange 2007,2010 and 2013
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now